locked
Off Topic:Windows Defender will not remove Trojan Win32/Vundo.gen!R RRS feed

  • General discussion

  • Every time I use Defender to scan it shows Trojan Win32/Vundo.gen!R and yet it will not quarantine or remove the trojan even though I have tried to do this numerous times.

     

    Category:

    Trojan

    Description:

    This program displays advertisements and may be difficult to remove.

    Advice:

    Remove this software immediately.

    Resources:

    clsid:

    HKLM\SOFTWARE\CLASSES\CLSID\{c94ed871-ab2b-46c1-a6dc-24329423e51b}

    regkey:

    HKLM\SOFTWARE\CLASSES\CLSID\{c94ed871-ab2b-46c1-a6dc-24329423e51b}

    file:

    C:\windows\system32\vwesnkrr.dll

    file:

    C:\windows\system32\sihicx.dll

    file:

    C:\windows\system32\rdprnilo.dll

    file:

    C:\windows\system32\pylydwda.dll

    file:

    C:\windows\system32\gvwsenmg.dll

    file:

    C:\windows\system32\fusjjwrw.dll

    file:

    C:\windows\system32\fgwwox.dll

    file:

    C:\windows\system32\ejdyykup.dll

    file:

    C:\windows\system32\eiiwvgoa.dll

    file:

    C:\windows\system32\dhxlgp.dll

    file:

    C:\windows\system32\bqlecnqe.dll

    file:

    C:\windows\system32\akrtiy.dll

    file:

    C:\windows\system32\adnyogew.dll

    Sunday, July 6, 2008 4:20 AM

All replies

  • This forum is for the discussion of Windows Live One Care. You can get help with Windows Defender here- http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.private.security.spyware.general

    Sunday, July 6, 2008 6:33 AM
    Moderator
  • I have the exact same problem, although my dll's have different names (the names are randomly generated).

     

    From what I can find out you need to use other tools to get rid of this thing.

     

    see http://www.bleepingcomputer.com/forums/lofiversion/index.php/f22.html

     

    or wait for someone else here.

     

     

    Tuesday, July 8, 2008 10:19 AM
  • If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

     

    Tuesday, July 8, 2008 7:19 PM
    Moderator
  • i have the same problem... thx for the tips
    Wednesday, July 9, 2008 7:14 PM
  • Got hit with Vundo also. Tried everything and then subscribed to Microsofts Live OneCare for a year and tried everything they said....useless. After all else failed I tried the free trial of Grisoft's AVG antivirus and it took care of it first try. I am impressed. This is the last money I will waste on MS.

    Wednesday, July 16, 2008 2:47 AM
  • Note from personal experience with Vundo.  Run msconfig.msc and under the tab Startup, uncheck everything, close msconfig and reboot.  You may now use Windows Defender or your preffered method to scan your system and remove Vundo.  Vundo "cannot" be removed without disabling it from running on startup.
    Monday, August 25, 2008 8:13 PM