Norton Antivirus has given me a Virus Alert of High Risk that the Trojan.Vundo virus has been found on my computer. Under the "action taken" it says its "unable to repair this file". I've run the symantec removal tool and it does not find it on my computer. Norton keeps saying that I have this virus but is unable to fix the problem. My computer is operating very slow. I ran a Hijack This program. I know that Norton recognized my virus as stated under C:\DOCUME~1\......\ipatksat.dat

I do have a Hijack This report. Any other suggestions are greatly appreciated. thank you.

If the removal tool doesn't work, try backing up the file to floppy disk, just in case & then delete it from your system completely - as it's in Local Settings it won't be an important system file. You may have to delete it in Safe Mode if it's already running.

"I know that I'm mad - I've always been mad..."

try adaware-se scan as well,
empty temp folder,
empty temporary internet folder,
empty recycle bin,
try moving file to trash and reboot,
in safe mode (F8),
run scans again,
empty temp folders,
may need to turn of system restore first,
:)

Norton should be set up to Quarantine the file as a 2nd action if it can't repair it. Check your NAV configuration.

You may have to boot into Safe Mode to remove it.

What is strange is that Norton gives me the location of the virus but when I go to that location my computer does not show it. Trying to delete the file with Temporary File removal program doesn't work. I've tried Safe Mode and running the Symantec removal tool but that still doesnt work because it says I do not have a virus. I also have system restore turned off. I'm running out of hope.

Run MSCONFIG and disable every startup item and reboot. Run NAV and see if you get the same virus warning. Then add startup items, one at a time, until you get the error message again.

Possibly the file is hidden so you can't simply pull it up even in Safe Mode. While in Safe Mode change the folder properties to "show hidden and system files", check for that file, and then change its file attributes from "system" and "hidden" so you can delete it.

If you still can't find it my guess would be that ipatksat.dat is a temporary file created by some startup program on your system that doesn't run in Safe Mode and it has traces of some virus that NAV is set to detect. It's a false positive, in other words. You can check this by running MSCONFIG and use Selective Startup to uncheck all startup files then add them back in one at a time until NAV detects the virus file again. Then disable that file and report it to Symantec, see what they have to say about it.

The infected file might be hidden and locked by another process. So you need to restart your system in SAFE mode and run the scanner again. Few antivirus programs like Solo (http://srnmicro.com ) can effectively remove viruses in locked files. So you can try this too.

here are your vundo removal instructions http://www.spywaredb.com/remove-win32-vundo-522752trojan/

I am having the same problem, but there is an added hitch:

The file that Norton's has found to be infected is C:/Windows/System32/awvts.dll.

Although Norton flags it, it is unable to delete it. Also, their Vundo-specific tool to remove it is not finding it, saying that it is not on my computer. And I have run both in safe mode.
When I go in to manually delete the file, The OS yells at me, saying that it is unable to delete because another program is using this file. Again, this still happens in safe mode. I am running out of ideas.

When it was first flagged, Nortons gave me a message that "Access to the file was blocked." Could this have something to do with the problem?

I've got a similar problem. The tool from Symantec is not finding Trojan.vundo on my computer yet Symantec Antivirus is finding it and is unable to delete it. Sometimes symantec quarines a file and says reboot is needed but when I reboot the problem is still there. I have run Microsoft Anti-spyware, Symantec Antivirus, Spy Sweeper and the tools for removal in both safe and regular mode with no sucess. I need help!

same problem as last 2 comments.
norton detects infected file "awvts.dll"
removal tool cannot see it
i cannot delete it
weak sauce!!!

apparently im not alone!

NAV gives me the message that it has detected a virus on my computer at high risk and that action taken is "access to the file was denied" and "unable to repair this file." the object name is C:\WINDOWS\system32\sstts.dll

ive run the tool from symantec with it saying i dont have trojan.vundo virus. but norton says i do and the box message remains there.. ive only noticed my computer working slower than usual....please help !!!!!!!!

I am having the same problem. My computer is super slow and I can't get it off......
anyone have any ideas please let me know

Same thing as above except file is C:\WINDOWS\system32\jkkjh.dll The Norton alert window pops up and will not go away regardless of how many times I OK it.

Hi Folks,

I have the Vundo too!

My file is C:\WINDOWS\system32\geebx.dll

I think it is some sort of ie helper.

According to Norton, it has also hit 21 registry keys?

Any ideas for removal - I have used the tool.

I'm gonna try all night and I'll up date you with my findings.

ooh gosh..! i have it too.. ive been trying to fix it using all the tips and info from here but nothing seems to be working.. 'rockygabriel' i hope you find the answer soon!
and is this a coicidence? because i'm already the 7th person to come here and reply today..

i have it too!! very fustrating, since i've been trying for 4 hours to get rid of it!!!! my file is: C:\WINDOWS\system32\vturq.dll

someone figure out something!

I am having the same Trojan.Vundo problem as people have been describing above. I also cannot delete it because of the warning message that it is being used by something else.

Norton says mine is located in C:\WINDOWS\system32\ddabc.dll

I used the Symantec removal tool, but I think the reason it doesn't work is because it was made back in Nov. 25, 2004. This version of Trojan.Vundo seems to have been created recently.

If anyone has any solutions or suggestions, please keep us informed.

I am having the same problem,all day long I have tried...help my file is c:\window\system32\ssqpp.dll

Add another one to the list. In my case the filename is c:\windows\system32 and it's pmnlm.dll so it's obvious that the filename is random.

Symantec's wonderful removal tool says the virus cannot be found. (I also tried their "B" removal tool, same results).

Ask me if I'm happy about having Norton's Antivirus software running and scanning constantly, yet it still allowed this one to park itself on my hard drive. Thanks Symantec. Must be because I just renewed my subscription. (Something I'll never do again. Are you listening Symantec?)

Can't delete the file in safe mode. Can't do anything to get rid of this pest. HELP

Roger

After about a half an hour of searching I finally found the page for Symantec e-mail support and reported the problem in great detail, so at least they are aware of it. Hopefully they'll come up with a fix soon. I hope whoever is responsible for this burns in hell for about a zillion years.

I too am having the same problem. I've tried various ways of running the removal tool with no luck. The file is c:\windows\system32\jkhfd.dll. It looks to me as if it has a different name on each computer. Earlier today I ran Xisoft antispyware program and it found a couple of registry links but didn't remove this file. Another thing I found was that my email program, Pegasus could not find the POP3 server so I wonder if this dll affects tcp/ip.
Thanks for any help here...
BC

I'm also having the POP3 server problem for the last couple of hours.I got a message from my sysad earlier that they would be working on the sytem and I would have to manually logn to the server using my password (which I've thus far been unable to do). I won't know until I can call them in the morning if it was genuine or fake. It looked real but I'm so paranoid now I think it could be BS.
Also, is anyone else getting a really annoying popup for Winfixer? This thing has been busting my nuts for several days now.

Affirmative to the WinFixer thing. That's been happening here for the past 3-4 days, but I didn't get the trojan.vundo alert until today. The creation date/time on the file that trojan.vundo is pointing at is exactly 7 days prior to the first occurance of NAV notifying me of it's existence. To the hour! Coincidence? Or perhaps a clue for someone?

Glad you were able to locate Symantec's e-mail address, I couldn't. Think you'll hear anything back?

Roger

Other people have the same problem as us and got help at "Tech Support Guy Forums." Here's the link, search for "trojan.vundo".

http://forums.techguy.org/history/f-54.html

The links in there are text-only posts, so click the link in the page to get the full version post.

It seems that they have had success in fixing the problem. They were told to download other programs and do certain things. I would like to get help from "Tech Guy" but I am on a dial-up modem and am still in the process of downloading all the proper tools (ActiveScan, HJT, etc.)

Take a look at the forums, maybe ask for help then report back here with your progress. Hope this helps.

RMelin13: Try this for the e-mail support page:

https://symantec.iseva.net/support.aspx

As far as hearing from Symantec, I'm not holding my breath but maybe if enough people hit them with this they'll do something.

I'll get back in a sec with the page opener for that url in case it won't work.

i started getting the winfix pop ups 3days ago and now have the same norton alert.i've spent the last 5 hours looking for a fix

Here's the link that opens the aspx page:

http://www.symantec.com/techsupp/nav/nav_2005_contact_tscs_solve_error.html

Good luck!

hey guys... just add me to the list with this same problem... BUT one other catch that im not sure if any of you guys are getting, I can not get rid of the pop-up window that Norton AntiVirus tells me about the virus with. The 'X' is shaded out and whenever I hit 'ok' the window will reposition itself in the middle of the screen and just not go anywhere. I too have been going at this one for about 5, 6 hours. Frustrating cant even begin to describe this thing. hope to find some answers quick.

I GOT RID OF IT!!! After about 6 hours of trying today this site works! Thank you asdf26asdf26 for referring the site!

http://forums.techguy.org/history/f-54.html

Follow the instructions but you might have to alter it to fit the file on your computer...towards the end I got the 'blue screen of death' and was nervous so i shut down the computer and when i restarted it nav's alert wasn't showing up anymore and i can't find the file anymore, where before it was showing and i couldn't get rid of it! i'm scanning to make sure it's completely gone...but using this site is worth a shot since it worked for me!

Same problem here also, just wasted the last 5 hours trying to rid this problem. Why is the symantec download not working????????????????????HELP - this is getting frustrating. The stupid norton popup saying i have a virus constantly comes up and just like someone else i am getting the stupid box in the lower right hand corner about something 32 . Such a pain..........##!@$#$

Trace, can you be a bit more specific as to which post on the page pointed you toward the fix?

JCson, you might as well drag and drop the alert over out of sight until you get a fix. It's not going away.

bartedous...

i think its this one... yeah it took me a little bit to find it too...

http://forums.techguy.org/t404827&highlight=trojan.vundo.html

Same Peoblem here too
file name is c:\windows\system32\jkkjj.dll
cant do anything with it.

is this thing significantly slowing up anyone elses computer?

Same problem here. I checked the
http://forums.techguy.org/history/f-54.html
but cannot find the comment that would give a solution. Anyone?
Zillion zanks.

The explanation by Trojanator refers to
ewido security suite
http://www.ewido.net/en/download/
Anyone tried it already?

How did all of you get it?

LOOK HERE for a removal tip.

I went to the the techguy messageboard noted above, and found the following thread:

http://forums.techguy.org/showthread.php?t=405031&page=1&pp=15

I followed the instructions as they were laid out, using Hijack This and the KillVundo download provided in the thread. I made sure to change the filename provided in the thread to apply to my virus's filename (ex: mine was vtuts.dll, instead of the poster's jkkjg.dll).

I followed all the thread's instructions, up to the point where it said you would get the blue screen of death after forcing your computer to re-boot.

My computer re-started, no problem, and it is currently in the process of a full system scan by Norton... but so far, no annoying Norton pop-up that won't go away, and no Winfixer (or any other) Internet pop-ups. *knock on wood*

So... the instructions on that messageboard seem to be valid, as far as I can tell.

Are we thinking it's more than just a coincidence that so many of us got the same virus on the same day?

Hello, first, sorry for my poor language. I'm form Argentina. I have the same problem with my PC. The file is c:\WINDOWS\System32\jkkjh.dll. Well, is imposible remove this virus with the antivirus, with safe mode, with, symantec, manually ways... Absolutly imposible. The antivirus detect it, buy you can´t delete the virus.
Thanks for any help here. I hope somebody to be able speak in spanish, please.

I figured it out! I had all of the same issues as above, AND my network was disabled by trojan.vundo. Here's how to fix it:
Go to: http://forums.techguy.org/t404827&highlight=trojan.vundo.html
Scroll down to the October 5th @3:04pm post by D Trojanator and follow the directions regarding Ewido and Cleanup! exactly as he describes it.

I did the Ewido scan in Safe Mode and it found 109 infected objects and cleaned them all. (Norton didn't find any of these.)

D Trojanator rocks!

I'm pretty freaked about this Vundo thing and I'm not that experienced with computers.

I was doing research for a college paper last week so that must be what happened. I was visiting sites like Encyclopedia Britannica and dictionary sites. The only thing I registered for was from the Chicago Manual of Style sponsored by the University of Chicago Press.

I've read through the thread so I understand it's an adware deal, but does that mean just logging on to a site without registering that this can happen?

My problem began like others.

1. Internet Explorer giving error messages and telling me to download to fix the problem.

2. I didn't do it because I was afraid.

3. Instead I downloaded firefox to use, but I didn't delete Explorer because I don't know how.

4. Today I got the High Risk error message labled as C:\WINNT/system32/awtst.dll.

5. Then I downloaded the fix and my Norton report says that it doesn't detect it on my system. (I was thinking that was because the download fixed it.)

6. My Norton status report says my system is okay, but I can't get rid of the alert.

7. I hesitate to download the ewido thing etc. as recommended on the tech site because everything is just too scary.

I am Windows2000 professional. I hope you tech smart people can help.

Thanks,
Patty

Hi Everybody.

I've got it too.

Mine is - Windows\System32\ddcyx.dll

Norton's FixVundo.exe can't fix it.

I tried all the adaware, spyware programs that I have and they couldn't fix it either.

Norton AntiVirus virus alert window won't close.

I wasn't even surfing the net at the time.

I turned on my computer which has DSL and then decided to go write out bills which took me about 30 min.

I came back to the computer and found the Norton virus alert window.

Like others have said, my infected file name is different - ddcyx.dll.

Take care,

Linda

As pointed out in post 37.

Easy to follow instructions.

Same here!! EXACT same - except my file is vturp.dll

I'm about to try some of the recommendations posted here... wish I had found this site before I went through the whole Norton/Symantec process.

I'll let you know if I manage to kick this thing... good luck to everyone else!

Hi guys
Yes, I had it fixed using the instructions by Trojanator. I did it outside Safe Mode and it worked also.
Thanks a zillion, Trojanator!

I tried the method described by Trojanator twice, but Norton still finds it.

C:\WINDOWS\system32\ddabc.dll

It was a simple procedure to follow, so I don't think I did anything wrong.
Oh well, it's getting late. I'll try something else in the morning.
Anyone else have any success?

Good News!

I downloaded the free trial of SPYSWEEPER and it deleted the infected DLL file!

I also tried the Trojanator technique but that didnt work for me either.... I'm glad the spysweeper DID. I'm very relieved.

I fixed it on 2 computers last night.
1. Write down the name of the file. On one system it was mljjg.dll; the other was pmkjj.dll. My files were in the c:\windows\system32 folder; both XP systems
2. Download and save to the desktop the VundoFix.exe program. Get it from http://www.atribune.org/downloads/VundoFix.exe. Double-click VundoFix.exe to extract the files. This will create a VundoFix folder on your desktop.
3. Reboot your computer into Safe Mode. Do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
4. Show all hidden files. Do this by: Right-click on start button, left-click Explore. Click Tools, then Folder Options. Click the tab labeled View. Scroll down to Hidden Files and Folder. Click the radio button that says Show Hidden Files and Folders; also, click to uncheck Hide Extensions for known file types.
5. UNREGISTER THE MALIGNANT FILE SO IT CAN BE DELETED. To do this click Start, Run. Type "command" or "cmd" in the box and click OK to open a DOS window. Change directories to c:\windows\system32. Do this by typing "cd c:\windows\system32" without the quotes. Then unregister the file. Do this by typing "regsvr32 {name of malignant file} /u". My entry was "regsvr32 mljjg.dll /u". Note: there is a space betw the end of the filename and the /u. You should see a window confirming it was successfully unregistered. If it says it can't find the file, make sure you have unhidden files.
6. Delete the malignant file using VundoFix. Double click to open the VundoFix folder and doubleclick on KillVundo.bat.
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net

At this point press enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!): "C:\WINDOWS\System32\{malignant file.dll}" Mine was C:\WINDOWS\System32\mljjg.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\System32\{reversename of the malignant file.*} Mine was C:\WINDOWS\System32\gjjlm.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\System32\mljjg.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\System32\mljjg.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

7. Turn system restore off and back on. To this by clicking Start, Control Panel. Double click System. Click System Restore tab. Click to turn off System Restore on all drives. Restart your system. Re-enter Control Panel and click to uncheck the box to restart System Restore.

8. Once your machine reboots run a virus scan to remove any detected remnants.

NOTE: one of the two systems wasn't able to find HijackThis. I had used the program on that system before so I manually ran it and deleted out the two entries recommended above. If you need it, it can be downloaded from here: http://www.download.com/3000-8022-10227353.html

i ran the ewido scan and clean up recommended by Trojanator and when i restarted my cpu, my windows xp taskbar became weird and had no start button!!!

something is seriously wrong....i need help pls!!!

My update: I followed all instructions EXACTLY as described in the computing.net link, ran ewido and cleanup as described, and I STILL HAVE THE NORTON VIRUS ALERT !

Bah! Guess I'll try NancyJo's advice next. Gee, this is fun.

Just be warned that apparently the ewido and cleanup routine doesn't work all the time. My run of ewido found 804 threats! These were overlooked by Norton's AV, but neither was able to get the job done.

I'll be back....

Roger

I used the free trial of Spy Sweeper and it removed the virus. Simple and easy - none of these 22 step proceedures. Spy Sweeper is recommended by Consumer Reports, so I know it is safe to use.

THANK YOU NANCYJO !

VundoFix was the only one that worked for me. Neither Norton, FixVundo, ewido nor SpySweeper could do the job.

Each system is different, and apparently each episode of this wonderful malware piece of garbage is a bit different too.

Thanks so much, NancyJo!!

Roger

Ditto - Nancyjo's fix is the only one that worked. Ewido, cleanup and Norton's FixVundo didn't do it. Thanks much, Nancyjo.

Is it possible that this trojan, which has been around for a while, is morphing itself as it moves from computer to computer? Is it possible it's "smart" enough to alter itself sufficiently against the currently effective fix? Reading various threads it seems that a fix which worked a few days prior won't cut it with newer cases of infection.
I use Norton 2003 with live update and am amazed that this creature dropped onto my PC without warning. I am religious about updating Norton and use 2 firewalls. I'm extrememly careful and reasonably knowledgeable about internet security.

I believe that this trojan is far more malicious than is presently thought. My only hope is thta it has not sent all of my personal information to the remote computer with which it communicates...

We all need to inform our antivirus vendors (Symantec, McAfee...) about the way this thing is behaving...

I agree, mooline. I guess the folks that know about these things are best to determine how this thing works, and how it manifests itself. I am also very careful about sites I visit, I always have NAV running, check daily for updates to Norton's AV signature files, use a firewall, and I take as many reasonable precautions as I can, but I don't have a pop-up blocker. I guess that's next.

It is still frustrating that ewido found 804 threats, but Norton found only the one. And neither could do anything about it. I'm going to keep my eye on this thread, and other threads that discuss this malware to see what really happened to us. I don't want to just let it go now that I'm "repaired". The truth is that this is the first "virus" (IF this was a virus) that I've been hit with, and I've been using PCs since their inception.

THANKS AGAIN NancyJo !!!

Roger

My story is the same as everyone else - wish I didn't have to take time out of my busy day to deal with this, but I will.

One question for Nancyjo - your instructions seem very complete...I'm just wondering in step 5 when you change directories if there is a space after you type in "cd"? There is a line break in your instructions, so I can't tell, and we all know how one little thing can change (or not chenge) the outcome.

Thanks!

Thought I'd take the easy way out and try SpySweeper. It picked up the bug as virtumonde, not the newer name, vondu. I removed it, though SS wanted to reboot. After the reboot, NAV still detects the bad file and virus. Now it's time for the NancyJo fix...

'nother one in the same boat. I am going to try NancyJo fix and let you know if it works. Wish I had found this sooner after a very loooooong night with no luck. The file infected is ddayx.dll. I searched all over norton to find a way to submit this and couldn't find the info. Driving me nuts!

Spy sweeper was effective for me and, as far as I know, I'm clean. Thanks to everyone for their suggestions and good luck to those of you who haven't kicked this thing yet!

This stupid virus has cost us all hours. I finally got rid of it using a combination of a few of the suggestions. It's been a long process, so be preapared to walk away from the computer while some of these sweeps work it out.
1. Follow the link that Big Daddy provided in his post on Oct. 7
This is it:
http://forums.techguy.org/t404827&highlight=trojan.vundo.html
Scroll down to the October 5th @3:04pm post by D Trojanator and follow the directions regarding Ewido and Cleanup! exactly as he describes it.

It cleaned many files that were present only 4 weeks after a complete HD reformat and faithful use of NAV and Internet Secuity.

After doing this I still got the NAV message about Trojan.Vundo.
2. Then I tried the trial of SpySweeper. It found a few more traces of adware and actually listed another name for the Trojan. But and a big but it is...it's now gone!!!

Seems like there a few ways to get rid of the pest, but they all seem to take time.

I was one of the lucky ones for whom the spysweeper program worked.

I turned off system restore before I let the program remove the vundo. I don't know if this was necessary but it worked so if you haven't had any luck with spysweeper you might try it. Just be sure to turn it back on afterward and run the program again.

With the download came a $10.00 off coupon for a one year sub. I did this and now I feel a bit safer.

So here I sit red-eyed and tired from my ordeal, and $19.95 poorer. Lesson learned; Spybot S&D and Adaware, Norton all proved inadequate against this. You can go through the complicated processes described above or pay the money for peace of mind.

I'd still love to get my hands on the creep who started vundo. I'd imagine he's getting a lot of satisfaction (and no doubt quite a bit of $$$) from our collective misery, the b---tard.

I tried the ewido and clean up, but when i restarted i got the same thing as sean in response 49, weird taskbar and no start button, and when I start a program I get error messages, saying i may have to reinstall the program. does anyone know how to fix it please?

Posted earlier that SpySweeper did not work. Re-ran it again, and the bug is gone. Why and how, I can't tell you. IE and other functions are running normal again. I'd recommend DL'ing the trial version, running it. Reboot. Run again, and reboot (Kind of like shampoo instructions, no?) If this doesn't work, the NancyJo 12 step program would be next. Oh, and if the SpySweeper works, uninstall it from the add/remove programs on the control panel. FREE at last!

Used the Spysweeper free trial and it worked. Whew,,,, this has been a long arduous task thanks for the help. And may all malware, adware, virus miscreants be burned at the stake with their code as kindling.

Hi everyone. D*mn, what a mess.
I am going to try the Spy Sweeper
and will post results. I tried the
detailed instructions by nancyjo but
was unable to get past the dos window
(and I dont know what the hell I'm doing).

my question: Is this the sort of thing
that, given time (hopefully a few days)
Norton or Symantec could send out an update
for which would remove the virus? Thanks!

I usually don't get annoyed with those NAV high risk warnings that just don't go away by just pushing it to some far-off corner of my screen. But this time, it was bad because the virus totally screwed up me and my favourite computer activities like watching DVDs and drawing using photoshop because the virus causes the programs to jerk and stop for a split second.

I tried the easy way first, using Spysweeper. It didn't work at first as the scan just disappeared halfway through the scan. It was only after restarting my comp and turning off the system restore did it do the magic. I think the virus is gone now. *crosses my fingers and hopes*

Thanks for all the help from everyone here!

I'm back already. I owe it to you
guys who posted this information.
Spy Sweeper's free trial worked - as
some of you mentioned, it may find the virus under another name ("virtumonde",
in my case). I had to reboot and even do
a cold-boot when my computer froze while
still in the Sweeper's operating mode.

I still feel paranoid. I typically stay
away from ANYTHING with "SPY" in the title.
Why and how can one company be so much momre
effective than another? How do I know the
"good" guys and the "bad" guys aren't the
same group? I don't think we do or can know and thats scary s*%t. One poster above said
he just paid the $20 for a subscription for
"peace of mind" - yeah, I'm sure thats what
they want all of us to do. So on the one hand I'm really glad - and the psychological
high of being freed from 4 hours of frustration is considerable -and on the other hand I'm, as I said, paranoid.

Thanks to you all again for the suggestions.

Thank you nancyjo! Although I was dripping with sweating during this process, (especially when hyjack this failed to start and I though my system crashed), it works!

However, I must caution everyone using the spy sweeper method. I thought Spy sweeper removed this thing from my system on Wed. night. But, it remanifested its ugly self on Thursday and I think I was only able to delete it this moring with nancyjo's instuctions.

Best of luck to everyone. Thanks again nancyjo!

Same problem as everyone!
I am now going to try the solution from the Tech Support Guy.......

Thanks so much to all of you! I don't know crap about any of this stuff! my first virus

I aswell have the same virus problem, trojan.vundo, object name : C:\WINDOWS\system32\ddayv.dll if anyone on here finds out the solution to deleting this virus please email me at dp5_hockey @ hotmail.com or post back here,
ps ive tried many ways from other sites and none seem to work :(
Ppppeeeeeeeeeeeeeaaaaaaaaaaaccccccccceeeeeeeeeeee

I tried everything in the post to this point to no avail. The option that worked for me is from:

http://www.geekstogo.com/forum/index.php?act=ST&f=37&t=67176

This .dll looks like it's deployed by virtumonde adware. My .dll was named pmkjh.dll but they're all the same virus so just enter the path of the suspect file in the .exe provided at the site. The .exe also asks for two paths, I entered them both even though I knew I didn't have the file for the second path requested - it might still be on my system, but the first .dll entered in the exe provided at the site was the one causing all my headaches.

You also might want to turn off System Restore, which I did....

I have no connection to the site above and it worked perfectly. No more trojan.vundo!

Thanks to everyone for posting solutions!

Cheers,

Tech Support Guy can really help. They can pinpoint the problem and give you exact details on how to remove this virus. The forum is at: http://forums.techguy.org/forumdisplay.php?f=54

They helped me get rid of this nasty thing. Consider a donation as they are working their butts off today. I donated - man they deserved it!

I've tried everything above except Nancy Jo. That is my next try.
I've been at it a total of 12 hours (after a nap in between)...
My file is:
C:\WINDOWS\System32\pmkig.dll

Wish me luck...Nancy your my last hope.

Mine showed up after I deleted the Yahoo Tool Bar from my Internet Explorer page.

Coincidental?

Anyone else?

I've got the same virus, Trojan.Vundo. I've disable my internet connection,turned off system restore, booted into safe mode and
still no luck. Norton 2K2 is telling me that
the virus's location is C:\Windows\System32\iigff.dll. In need some help please!

a HUGE! thank you to nancyjo!! located response number 48. as well as to everyone else helping in this matter.

the affected file, sstts.dll, is gone, my computer is running normal, and im doing a NAV full system scan now. though when i was using the instructions nancyjo gave, i had gotten to the part:

"The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\System32\mljjg.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\System32\mljjg.dll "

norton popped up sayin hijackthis was a corrupted file or something or other..but i authorized it and i never got that window to check the former with hijack. anyhow the vundofix.exe prompt said all was deleted so i continued with restart and followed the directions from there.

im staying tuned though to find out what exactly went on with this virus!! grR..

Hi again.

After trying everything; all the Adaware, Anti-Virus and Spyware programs, including the paid for version of Spy Sweeper, the only thing that worked was -

Nancyjo's instructions.

It looks harder than it is; that is why I kept looking for a software fix where I wouldn't have to type anything throughout the process. I wasted a lot of hours.

If I had read the instructions Nancyjo wrote out when I first saw them, I would have tried that before all the messing around with other methods.

After I used Nancyjo's method, I then ran all my Adaware and Spyware and Anti-Virus programs again to make sure.

Everything is clean.

Thank you Nancyjo.

Take care,

Linda

I FIXED IT. I turned off the XP