Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
grayles

[*] posted on 1-1-2008 at 14:31
VundoFix.exe is a removal tool developed to remove Virtumonde infections, or so the description said. Try searching for just VundoFix the numbers were just the version, I guess I should have put a space between them.

It didn't work fully anyway, I guess next time I will just wait for the expert advise from here, but at the time I wanted to get it fixed fast. I have a new computer now, given to us by the fostering network, which I am using for the kids but will act as a nice back up if I have problems with this one again.

Graham.
LSemmens

[*] posted on 31-12-2007 at 11:31
Google gives you this: http://www.google.com.au/search?q=vundofix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

For some reason BBcode wouldn't accept that so you'll have to c&p the entire link into your search bar.
Bur-q-ua12

[*] posted on 31-12-2007 at 10:49
Hi Grayles.

What on earth is "VundoFix6.7.0.7"?

When I searched for it on Altavista I hardly get any hits at all, except a link back to this forum.

/
B12

Quote:
Originally posted by grayles
Hi, thanks Daz but I think that hopefully I have sorted it by running VundoFix6.7.0.7

Guess I should have waited for the advise I sought but sometimes its just hard not to try and fix it yourself, just hoping now that I have done the right thing.

Running a new scan now and will post if it worked.

Thanks,

Graham.

grayles

[*] posted on 20-12-2007 at 23:08
Ok all done, thanks for your help. I'll do some scans overnight to make sure all is clear.

Graham
Pancake

[*] posted on 20-12-2007 at 22:55
Cookie you can leave.Its no problem...
grayles

[*] posted on 20-12-2007 at 22:51
Ok thanks, Ive done all that now. But should I also delete all the internet files and cookies from all other users as well?

Graham
Pancake

[*] posted on 20-12-2007 at 21:48
Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Documents and Settings\Les\Local Settings\Temp\vtstt.dll
C:\Documents and Settings\Guest\Local Settings\Temp\pmnlm.dll



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================

Ok.What you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

=============================

Open Internet Explorer and click on the "Tools" menu.


In the "Tools" menu, click on "Internet Options".


In "Internet Options", go to the "General" Tab. There are two buttons located in the middle. One is "Delete Files" and the other is "Delete Cookies".


Click "Delete Files" to delete temporary internet files. You may have to wait for the hourglass.
Tip: You may want to check the box that says "Delete Offline Content" to delete your offline web pages.


Click the "OK" button when you receive the confirmation box.


Next, click the "Delete Cookies" button. This removes your internet cookie files.


Click "OK" on this confirmation box as well.

Note:
grayles

[*] posted on 20-12-2007 at 19:49
I did not have time to post this morning, but here is my scan report from last night.


Thanks again,

Graham
grayles

[*] posted on 19-12-2007 at 23:10
Ok thanks Pancake, I am doing that now. As I replied to Daz I have since tried Vundofix. I was in a middle of a scan with Zonealarm when you posted and it had already found two infections, although it turned out that both were in temp folders, not where it was originally.

Once I have the scanner running I will have to get to bed, as I need to get up for work at 4:30am and its past 11 now, and will hopefully post the results in the morning (I am assuming it will take a while for the scan to complete)

Thanks for your help,

Graham
Pancake

[*] posted on 19-12-2007 at 22:54
This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [bad img]http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif[/bad img]


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Pancake

[*] posted on 19-12-2007 at 22:51
This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • [color=#6666CC]Extended[/color]
    • Scan Options:
      • [color=#6666CC]Scan Archives
      • ScanMail Bases[/color]
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [bad img]http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif[/bad img]


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Pancake

[*] posted on 19-12-2007 at 22:50
This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [bad img]http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif[/bad img]


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
grayles

[*] posted on 19-12-2007 at 21:52
Hi, thanks Daz but I think that hopefully I have sorted it by running VundoFix6.7.0.7

Guess I should have waited for the advise I sought but sometimes its just hard not to try and fix it yourself, just hoping now that I have done the right thing.

Running a new scan now and will post if it worked.

Thanks,

Graham.
Daz

[*] posted on 19-12-2007 at 21:45
F-Secure's Removal Tool Here

Norton's Info/Removal

AdAware 2007 claims to be able to sort it as well. I've not had much luck running AdAware 2007 though.....

Pancake will no doubt pop in with advice though, so wait for the expert's opinion....

He might well want a Hijack This log too though...
grayles

[*] posted on 19-12-2007 at 19:26
Zonealarms virus checker is reporting it has found
"not-a-virus.Adware.Win32.Virtumonde.bxc"
on my computer.

But it is not able to treat it.

I assume that it really is a virus and so how do I get rid of it.

Thanks,

Graham