Searching for information on how to remove the series of "Vundo",
"Virtumonde" and "Smithfraud-c" trojan viruses from my computer. I tried
Microsoft Onecare.live site and downloaded the software. It located some of
the viruses but did NOT remove them... much to my disappointment! One of the
viruses prevented Automatic Windows Update from operating and it would not
allow the Automatic Updates to be set from the Microsoft Windows XP Security
Center.
I searched the Microsoft.com Communities Newsgroups and found that there
have been several hundred people who experienced the same problems cause by
this "Vundo" virus family. I tried many of the solutions proposed by various
contributors... some by Microsoft employees, but none of them worked. I tried
Spybot, Norton 360 and AdWare SE... they did not work either.
The saving grace was that I found buried a post provided by a person named
"ronrieger" on 12/30/2008. He described how he downloaded free software from
www.SUPERAntispyware.com, ran it and found the trojans that other programs
failed to find AND better yet, it removed them! Then he went back to WUAUSERV
and was able to set the Automatic Updates entry to "Start" and the problem
was resolved!
I give all the credit to "ronrieger". I repeated his suggestion and it
worked! I would suggest that Microsoft inform ALL it's Windows users that
this is a quick and easy solution to the Automatic Windows Update problem and
that it is an excellent software which Microsoft should recommend to the
hundreds or thousands of users experiencing the same problem. It would save
thousands of manhours of work and frustration to your users. Thanks again to
ronrieger and the creators of SuperAntispyware.com. I will indeed make a
voluntary donation to these people. Obviously they have a superior product!
--
DrJoeJr
Hurrah for you, Iris. It was very, very simple to do. No thinking required.
That's the part I liked! Hope everone else sees this solution to a very, very
messy and frustrating experience.
--
DrJoeJr
You did run an HJT scan after cleaning the systems with SAS, right ?
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
Sorry, I'm retired and work for nobody! I did not find this software...
someone else did. The Onecare scanner took literally several hours to scan my
system. It identified the viruses, but did NOT remove it or fix the Windows
Update problem! The product I reffered to ran in about 10 minutes. It seems
to be a real clunker. I looked at ComboFix and it was too complex for me.
Glad they worked you. I'm sure there are other products that work...I took
the advice of someone else and it worked very quickly for me. Let others make
their own decision.
I used Microsoft Onecare, SpyBot, Adware-SE after the fix and they all
proclamed my system free of viruses. Why don't you try the product and then
run SAS to find out if it highjacked your system and report back to this
site. I don't have time to waste fooling around with viruses...I just want
something that works!
--
DrJoeJr
Since the latest variant of Vundo, Vundo.h, includes a rootkit, I
wouldn't put all my eggs in the SAS basket, so to speak.
Personally speaking, if Vundo.h was the detected variant then the system
can not be Trusted. If it wasn't that specific variant and the infection
was cleaned up quickly rather than allowing it to fester and download
other malwares to the system, I'd *still* run a HijackThis scan to see
if anything was 'left over'.
But, it's your system and if you think it's clean by scanning with the
programs you posted, more power to you.
I have a school computer and the automatic updates wasn't working. I tried
everything, and then I found this. I'm so glad it works again. Thanks so
much!!!
Due to the nature of the malware causing AU to fail, it *behooves* you
to have someone else check to see if there's a hidden component still
resident on the 'school computer' so that it can be Trusted.
If you need some pointers as to how to do that, just ask.
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
I’m sorry, but it my excitement to share the www.SUPERAntiSpyware.com
solution with others, I forgot to explain a very important series of steps
that I did BEFORE I ran their software! I believe you must turn OFF the
System Restore function on the disc drives. Then run their software and later
turn the System Restore function in Windows back ON.
Here’s why. If a virus, worm or Trojan infects a computer, System Restore
may back up the virus, worm or Trojan on the hard drives. I believe that some
of the Vundo virus files are saved and stored in the System Restore files and
called upon later.
Windows prevents outside programs, including antivirus programs, from
modifying System Restore. As a result, System Restore has the potential of
restoring an infected file on your computer even after you have cleaned the
infected files from all other locations!
One of the key features of Windows is that the System Restore option can be
turned OFF and ON. So to make sure you don’t store the virus, turn System
Restore to OFF. Clearing the restore points is good idea as part of the
removal process.
To reset your restore points, you will need to log into your computer with
an account that has full administrative access. If you can see the System
Restore tab you will know if the account has administrator access. If the tab
is missing, you are logged in under a limited access account.
Here are the detailed steps to follow:
1. Select START
2. Right Click on MY COMPUTER
3. Left click on PROPERTIES
4. Left click on the System Restore tab at the top.
5. CHECK the box, “Turn Off System Restore on all drives.” (This deletes old
possibly infected restore points.)
6. Click on the APPLY button at the bottom.
7. Click on the OK button at the bottom.
8. Run the SUPERAntispyware.com software. (Described in my first post above.)
9. Reboot your computer.
10. Repeat steps 1- 4 shown above.
11. UNCHECK the box, “Turn Off System Restore on all drives.” (new restore
points are set on a clean system.)
12. Click on the APPLY button at the bottom.
13. Click on the OK button at the bottom.
14. Reboot your computer.
15. Check to see if your system will run.
If you carefully perform each of these steps I believe you will be able to
get rid of this awful Vundo virus! Please let us know how you do the second
time.
--
DrJoeJr
I had problems with Microsoft Windows Automatic Update as well as lots of
others involving pop-ups. I found that I had several viruses on my machine.
Searching for information on how to remove the series of "Vundo",
"Virtumonde" and "Smitfraud-c" trojan viruses from my computer. I tried
Microsoft Onecare.live site and downloaded the software. It located some of
the viruses but did NOT remove them... much to my disappointment! One of the
viruses prevented Automatic Windows Update from operating and it would not
allow the Automatic Updates to be set from the Microsoft Windows XP Security
Center. I searched the Microsoft.com Communities Newsgroups and found that
there have been several hundred people who experienced the same problems
cause by this "Vundo" virus family. I tried many of the solutions proposed by
various contributors... some by Microsoft employees, but none of them worked.
I tried Spybot, Norton 360 and AdWare SE... they did not work either. The
saving grace was that I found buried a post provided by a person named
"ronrieger" on 12/30/2008. He described how he downloaded free software from
www.SUPERAntispware.com, ran it and found the trojans that other programs
failed to find AND better yet, it removed them! Then he went back to WUAUSERV
and was able to set the Automatic Updates entry to "Start" and the problem
was resolved! I give all the credit to "ronrieger". I repeated his suggestion
and it worked! I would suggest that Microsoft inform ALL it's Windows users
that this is a quick and easy solution to the Automatic Windows Update
problem and that it is an excellent software which Microsoft should recommend
to the hundreds or thousands of users experiencing the same problem. It would
save thousands of manhours of work and frustration to your users. Thanks
again to ronrieger and the creators of SuperAntispyware.com. I will indeed
make a voluntary donation to these people. Obviously they have a superior
product!
I’m sorry, but it my excitement to share the www.SUPERAntiSpyware.com
6. Click on the APPLY button at the bottom.
7. Click on the OK button at the bottom.
8. Run the SUPERAntispyware.com software.
9. Reboot your computer.
10. Repeat steps 1- 4 shown above.
11. UNCHECK the box, “Turn Off System Restore on all drives.”
12. Click on the APPLY button at the bottom.
13. Click on the OK button at the bottom.
14. Reboot your computer.
15. Check to see if your system will run.
If you carefully perform each of these steps I believe you will be able to
get rid of this awful Vundo virus! Please let us know how you do the second
time.
--
DrJoeJr
Put it this way ... would you rather be in a leaking life boat or adrift
at sea with NO leaking life boat ? <w>
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
The infection on your machine will eventually lead to severe
instability. This is being discussed in a private forum so the criminals
who authored this specific malware can not find out how it's being
removed. I can put you in touch with one of the folks who are dealing
with this virulent Vundo infection, dev328.
MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
Pass your response along to Microsoft. My detailed procedure is taken
directly from Microsoft instructions. It is not my idea, it belongs to Bill
Gates and friends! It worked for me.
--
DrJoeJr