I have the Trojan.Vundo and the Trojan.Heur.TDss viruses on my work computer.... I ran BitDefender 2008 and it located them, but said it cannot delete them (file was in an archive). What does this mean? How do I remove these? Please help!
Thanks.
Hello davewiz08,
Please post the latest scan log.
Hello davewiz08,Please post the latest scan log.
Hi Cristi,
here is my latest scan log:
BitDefender Log File !!!!!
Product : BitDefender Antivirus 2008
Version : BitDefender UIScanner v.11
Log date : 08:03:16 01/03/2010
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1267448596_1_02.xml
Scan Paths:Path0000: C:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 5334880
Archive plugins : 44
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 8
Overall scan summaryScanned items : 73478
Infected items : 33
Suspicious items : 0
Resolved items : 0
Individual viruses found : 4
Scanned directories : 8015
Scanned boot sectors : 2
Scanned archives : 37
Input-output errors : 102
Scan time : 00:00:36:33
Files per second : 33
Scanned processes summaryScanned : 29
Infected : 0
Scanned registry keys summaryScanned : 1030
Infected : 1
Scanned cookies summaryScanned : 25
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\dwisner\Local Settings\Temp\plugtmp-74\plugin-muddleuppussycat.pdf=](JAVASCRIPT) Exploit.PDF-JS.Gen Disinfect Failed
C:\Documents and Settings\dwisner\Local Settings\Temp\plugtmp-75\plugin-bureaucratsbitch.pdf=](JAVASCRIPT) Exploit.PDF-JS.Gen Disinfect Failed
C:\Documents and Settings\dwisner\Local Settings\Temp\plugtmp-78\plugin-guff.pdf=](JAVASCRIPT) Exploit.PDF-JS.Gen Disinfect Failed
[system]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\todowebus=]C:\WINDOWS\SYSTEM32\ZUSUDUPE.DLL Gen:Heur.Krypt.8 Infected (no action was possible, file was in an archive)
[system]=]C:\windows\system32\vozusoto.dll [672] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]c:\windows\system32\zusudupe.dll [672] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]c:\windows\system32\zusudupe.dll [720] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]C:\windows\system32\sajaviro.dll [732] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]c:\windows\system32\zusudupe.dll [896] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]C:\windows\System32\vozusoto.dll [1184] (disk) Gen:Heur.Krypt.8 Disinfect Failed (file was in an archive)
[system]=]c:\windows\system32\zusudupe.dll [1800] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [1832] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [1268] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [1356] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [1356] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [1328] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [2808] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [3460] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [3556] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [3664] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [460] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [460] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [1156] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [1156] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [2704] (disk) Gen:Heur.Krypt.8 Disinfect Failed
[system]=]c:\windows\system32\zusudupe.dll [2704] (disk) Gen:Heur.Krypt.8 Disinfect Failed
C:\WINDOWS\system32\sajaviro.dll Gen:Heur.Krypt.8 Disinfect Failed
C:\WINDOWS\system32\vozusoto.dll Gen:Heur.Krypt.8 Disinfect Failed
C:\WINDOWS\system32\zusudupe.dll Gen:Heur.Krypt.8 Disinfect Failed
[system]=]C:\windows\system32\vozusoto.dll [672] (memory dump) Trojan.Vundo.GSH Delete Failed (file was in an archive)
[system]=]C:\windows\system32\vozusoto.dll [672] (full dump) Trojan.Vundo.GSH Delete Failed (file was in an archive)
[system]=]C:\windows\System32\vozusoto.dll [1184] (memory dump) Trojan.Vundo.GSH Delete Failed (file was in an archive)
[system]=]C:\windows\System32\vozusoto.dll [1184] (full dump) Trojan.Vundo.GSH Delete Failed (file was in an archive)
Here's what you'll need to do in 3 steps:
1.
Download and run the following program:
http://www.gmer.net/#files (press Download EXE)
Press the >>> tab and go under the Files tab.
Under the files tab locate the following files:
C:\windows\system32\vozusoto.dll
C:\windows\system32\sajaviro.dll
C:\windows\system32\zusudupe.dll
For the above files select the Kill option first,followed by Delete.
2.
After you finished the deletion process,run the following program:
http://www.geekstogo.com/forum/TFC-Temp-Fi...er-file187.html
Press the START button and wait for the process to finish.
During this process the desktop will disappear and you will be prompted at the end to reboot.
3.
Send me by PM,a BDSI and GMER log as described in this article to see if there are any other infected items:
http://www.bitdefender.com/KB490-en--The-s...s-infected.html
Cristi
