Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
One Care Failed to Get Rid of Trojan:Win32/Vundo.gen!H RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I bought a new XP laptop and paid for OneCare subscription until June 2009 to protect my system. Unfortunately, I discovered a Trojan:Win32/Vundo.gen!H that OneCare could not remove.

    I was able to run a support log. It reported the actual source but when I reached the destination, the files were not there. Here's my partial report

    7/28/2008 5:59 AM
    Virus and spyware scan was completed
    Scanned Items: -
    Scan Type: Custom Scan
    Scan StartTime: 7/28/2008 5:58 AM
    Scan EndTime: 7/28/2008 5:59 AM
    Total Number of Files Scanned: 225
    Total Number of Files Not Scanned: 0
    Total Number of Threats Found: 1
    Total Number of Threats Cleaned: 0
    Total Number of Threats Removed: 0
    Total Number of Threats Quarantined: 0
    Total Number of Threats Still Present But Suspended: 1
    7/28/2008 5:59 AM
    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:Win32/Vundo.gen!H
    Detection Date and Time: 7/28/2008 5:58 AM
    File Name: C:\RECYCLER\S-1-5-21-107935127-2508217097-2308573282-1006\Dc648.rar
    Threat Severity: Severe
    Threat Category: Trojan
    Contained Object: CW-Avanquest My Logo Maker Professional v2.0-STEVE357\Avanquest.MyLogo.Maker.Professional.v2.0-DVT\MLM.exe->(SfxCab)->file.exe
    Threat found by On Demand Scan: (ANTIVIRUS_ONDEMAND)
    Threat Status: Remove failed
    7/28/2008 5:59 AM
    Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Trojan:Win32/Vundo.gen!H
    Detection Date and Time: 7/28/2008 5:58 AM
    File Name: C:\RECYCLER\S-1-5-21-107935127-2508217097-2308573282-1006\Dc648.rar->CW-Avanquest My Logo Maker Professional v2.0-STEVE357\Avanquest.MyLogo.Maker.Professional.v2.0-DVT\MLM.exe->(SfxCab)->file.exe
    Threat Severity: Severe
    Threat Category: Trojan
    Contained Object: CW-Avanquest My Logo Maker Professional v2.0-STEVE357\Avanquest.MyLogo.Maker.Professional.v2.0-DVT\MLM.exe->(SfxCab)->file.exe
    Threat found by On Demand Scan: (ANTIVIRUS_ONDEMAND)
    Threat Status: Remove failed

    Please assist me with this.























    Monday, July 28, 2008 1:55 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    See this post for information about Quarantine Failed - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=1548384&SiteID=2

     

    It appears that the infected file is in the Recycle Bin.

    You can contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    -steve

    Monday, July 28, 2008 3:55 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

     

    Hey interwebgirl

     

    Can you provide me whats the size of the file C:\RECYCLER\S-1-5-21-107935127-2508217097-2308573282-1006\Dc648.rar

     

    Also can you provide me the details logs to know more about the remove failure.

     

    To do that follow the following instructions

     

     

    Can you send me the following file at my email id montyj@microsoft.com

    If you are using Vista

    c:\ProgramData\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have vista)

     

    If you are using Win XP

    c:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLOG*(some file which starts with MPLOG) (This is if you have win xp)

     

    Note : These are hidden so you have to make sure that you enable show hidden files and folders

     

    Let me know if you face any problem in the above steps

     

    Thanks

    Monty[MSFT]

    montyj@microsoft.com

    Tuesday, July 29, 2008 4:54 PM