You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
Vundo and more...won't go away!
hi,
i have a number of problems which are being picked up when i do
a deep system scan and also being picked up by bitdef antivirus.
I have tried a few vundo fixes to no avail. any help much appreciated!
thanks,
tom
below is the results of deep system scan..
//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 30/05/2007 17:13:32
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
F:\
Folders : 7882
Files : 324752
Memory processes scanned : 18
Archives : 2293
Runtime packers : 25036
Identified viruses : 8
Infected files : 16
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 10
I/O errors : 29
Scan time : 00:56:21
Scan speed (files/sec) : 96
Spyware Statistics
Registry keys scanned : 1766
Registry keys infected : 0
Cookies scanned : 54
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 557133
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1180541611.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
C:\Documents and Settings\Owner\3.tmp Infected: Trojan.Clicker.Costrat.AS
C:\Documents and Settings\Owner\3.tmp Disinfection failed
C:\Documents and Settings\Owner\3.tmp Moved
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>BlackBox.class Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Dummy.class Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4be363d5 Moved
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>BlackBox.class Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Dummy.class Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-5f08d76f Moved
C:\puqnymc.exe Infected: DeepScan:Generic.Malware.Fdld!!.6D73E5E5
C:\puqnymc.exe Disinfection failed
C:\puqnymc.exe Moved
C:\VundoFix Backups\qomnmno.dll.bad Detected: Adware.Virtumonde.GES
C:\VundoFix Backups\qomnmno.dll.bad Disinfection failed
C:\VundoFix Backups\qomnmno.dll.bad Moved
C:\WINDOWS\system32\qomjkii.dll.vir Infected: Trojan.Vundo.BA
C:\WINDOWS\system32\qomjkii.dll.vir Disinfection failed
C:\WINDOWS\system32\qomjkii.dll.vir Moved
C:\WINDOWS\system32\winsys64.exe Infected: Dropped:Trojan.Downloader.Agent.YCY
C:\WINDOWS\system32\winsys64.exe Disinfection failed
C:\WINDOWS\system32\winsys64.exe Moved
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Infected: Trojan.Vundo.BA
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Disinfection failed
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131409-450.dll Moved
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Infected: Trojan.Vundo.BA
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Disinfection failed
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-131659-905.dll Moved
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Infected: Trojan.Vundo.BA
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Disinfection failed
F:\Doc Downloads\HiJackThis_v2\backups\backup-20070528-132419-833.dll Moved
Comments
-
Hi Tom
I recommend that you download :
superantispyware : http://downloads2.superantispyware.com/dow...AntiSpyware.exe Update it. After that reboot into safe mode by pressing several times on the f8 button before the windows loadingscreen. Choose safe mode.
rogueremover: http://www.majorgeeks.com/RogueRemover_d5360.html Check for updates and let it run.
Regards
Niels0 -
Hi,Neils
My PC was infected a month ago.Bitdenfender scaned and found out a virus named DeepScan:Generic.Virtumonde.1.9EF8A3E8.But it cant either disinfect or move to that file to Quarantine.That file is vtsqn.dll in system32.I've done what you told above but I still cant remove it.Please help me.
Virus Statistics
Scan path : C:\WINDOWS\system32\vtsqn.dll
Folders : 0
Files : 4
Memory processes scanned : 0
Archives : 0
Runtime packers : 2
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 0
Scan time : 00:00:05
Scan speed (files/sec) : 0
Virus definitions : 1358925
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Summary:
C:\WINDOWS\system32\vtsqn.dll Infected: DeepScan:Generic.Virtumonde.1.9EF8A3E3
C:\WINDOWS\system32\vtsqn.dll Disinfection failed
C:\WINDOWS\system32\vtsqn.dll Move failed0 -
There are very big chances that the trojan injects it's code into other processes, like explorer or winlogon. Though, you should try to make a deep system scan in safe mode, and see if that solves the problem. See this topic on how to scan your PC in safe mode with BitDefender. If this won't solve the problem either, you may try an unlocker. Donwload the unlocker here, install it, right-click on the trojan's dll, click "Unlocker" and try to delete it. If that won't work either, you should follow Cd-Man's topic here on how to remove this kind of malware files.
Andrei0 -
I have had experience with a few Vundo issues on 2 computers. They like to run one file under explorer and winlogin. If you attempt to disable one or the other, they will simply come back.
I find unlocker is the only way to go when manually deleting Vundo files.
There is also a program out there called Pocket Killbox. This helps to delete stuborn files as well. Try both out but you should be set with Unlocker.
I would Reccomend running CCleaner first. This cleans up your system VERY well.0
