Re: Trojon.vundo
Nick Skrepetos (SuperAdBlocker.com)
Super Ad Blocker's SUPERAntiSpyware scanner should detect and remove that
for you:
http://www.superadblocker.com
Super Ad Blocker has a kernel driver that will delete that file for you. The
trial is fully functional and you can uninstall after you scan.
Nick Skrepetos
SuperAdBlocker.com
http://www.superadblocker.com
"GaoYuQing" <GaoY...@discussions.microsoft.com> wrote in message
news:77C16A6C-1529-4D00...@microsoft.com...
> Ok, here's the scoop. have this virus in windows\system32\geebx.dll
> because it's in windows, i can't delete it because its part of the program
> being used, namely windows. NAV keeps it up in a window that i can't even
> get rid of on my computer. i followed the link from this window and
> downloaded fixvundo and ran that and it couldn't even find it. NAV finds
it
> but can't quarantine or delete it, and i can't delete it manually either,
> again, presumably because it's part of windows and running. i tried it in
> regular and in safe mode. nothing seems to work. please help, it's
bogging
> up my computer and i cant get rid of the pop-up. :(
David H. Lipman
| Ok, here's the scoop. have this virus in windows\system32\geebx.dll
| because it's in windows, i can't delete it because its part of the program
| being used, namely windows. NAV keeps it up in a window that i can't even
| get rid of on my computer. i followed the link from this window and
| downloaded fixvundo and ran that and it couldn't even find it. NAV finds it
| but can't quarantine or delete it, and i can't delete it manually either,
| again, presumably because it's part of windows and running. i tried it in
| regular and in safe mode. nothing seems to work. please help, it's bogging
| up my computer and i cant get rid of the pop-up. :(
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kasperski and McAfee Anti Virus Command Line
Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site. The choices are;
Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
MAP
> Ok, here's the scoop. have this virus in windows\system32\geebx.dll
> because it's in windows, i can't delete it because its part of the
> program being used, namely windows. NAV keeps it up in a window that
> i can't even get rid of on my computer. i followed the link from
> this window and downloaded fixvundo and ran that and it couldn't even
> find it. NAV finds it but can't quarantine or delete it, and i can't
> delete it manually either, again, presumably because it's part of
> windows and running. i tried it in regular and in safe mode.
> nothing seems to work. please help, it's bogging up my computer and
> i cant get rid of the pop-up. :(
If you follow David's advice geebx.dll should be removed this is just
something I found out awhile back that worked for me.
If you can't manually delete a .dll in system32 even in safe mode try
dragging and dropping it to the desktop since it is no longer in system32
whatever crapware that is using it will stop and you might be able to delete
it from there.
Just something you might keep in mind for future use.
--
Mike Pawlak
GaoYuQing
that the dll file wasn't a virus itself, but rather an infected file that my
windows needed to run, but its quarantined now and i haven't noticed any
problems yet.
incidentally, what happens to all these quarantined files (i found 101
files) when i get rid of the super ad blocker? will they stay quarantined?
or should i delete them if no ill effects appear?
Jean
delete through mcafee as the file showed as "write protected". After
checking message boards I got the symantec "fix", ran it in regular mode,
then safe mode, showed my computer wasn't infected, yet was still on there as
shown by the mcafee alerts, so the symantec fix does not delete it. After
reading through these messages, I got the trial of superadblocker, ran it,
and it deleted the vundo trojan first try. Thank you so much for this
excellent fix that really does work, unlike the symantec and mcafee
solutions. Your software program was a lifesaver! : )