Tried To Fix A Vundo Problem--is My Hijack Log Clean?
Back to top #14 racooper racooper Master of my own Domain Retired Staff 1,420 posts Posted 05 May 2005 - 06:56 AM For those of you who have Vundo and can't I do know from previous scans that it will eventually come back with results. Thank you for your understanding and cooperation!Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:Support CenterMicrosoft MVP/Windows - Security 2003-2009 Back to top #3 One Iota If I remember correctly, the last driver displayed in the list of drivers when booting in Safe Mode, is the last driver that started without issues. weblink
You saved the day because now I can boot into safe mode and get these files back! For a few days, AVG didn't recognize this as a virus. Found this with Google, determined the SafeBoot keys were missing from the registry, and merged your XPSP2 reg file. So the driver causing the problem is not displayed.
uzelac 23.03.2007 13:53 QUOTE(lucianbara @ 23.03.2007 19:10)knoppix is a free to download linux bootable cd, just download, burn and boot into it: http://www.knoppix.org/from there you can locate your windows drives and By the way, did you send me an email about sending me a .exe file? I can select it though. There are patches for Xp sp2 and sp3 as well as 2003 server and Windows 2000 SP4 in his download zip. […] Pingback by Windows XP Stop 0×0000007B Error Booting into
Once the program has loaded, select Perform full scan, then click Scan. Similar symptoms to the older "Virtumonde" variants, but Symantec's Virtumonde removal tool won't find any infection. The application should ask for permission to restart your computer - click Yes. I can run update and that pulls down fine.
After the reinstallation, what good antivirus/antimalware can you recommend ? Comment by kerf -- Sunday 22 April 2007 @ 15:20 many thanks for this wounderful achievement to the rest. could not open file for deletion etc. http://www.techspot.com/community/topics/vundo-virus-problem-w-log.118959/ Simply install WinZip and follow the wizard.
Thank you ! And if you absolutely want to donate something, make a donation to your favorite charity in my name. In particular, be sure to submit copies of suspect files that:- Got on to your system undetected by an up-to-date AV monitor- Are not consistently detected by some AV scans- Are Too bad.
I then selected and hit 'delete' but got a window which said "Cannot delete. Comment by Jonathan -- Wednesday 9 December 2009 @ 15:29 Thank you so much! The items not listed in red should not be touched at this time.3.2 Ad-aware (free version available): Download it here: www.lavasoftusa.com/software/adaware/majorgeeks.coma) Download and install the latest version of Ad-Aware. It installed fine on 2 of the 3, but on the 3rd, I get a blank screen with zonealarm logo in header.
I'm now publishing a registry export file (.reg) with the SafeBoot keys from a clean Windows XP SP2 install and a clean Windows 2000 SP4 Professional install. Comment by Didier Stevens -- Sunday 9 December 2007 @ 10:56 Thanks, Didier I was able to boot into SafeMode now using your reg-key for windows 2000sp4. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!Windows Updatehttp://update.micros...icrosoftupdate/And see this link for instructions on However, I changed my firewall settings to allow the program and tried all three mirrors.
The machine has 2 partitions on it and the data i need to recover in on the "D" drive (partition 2). Comment by Marco -- Sunday 25 October 2009 @ 22:17 I tried the Safeboot.zip, it does not work. Comment by Aalaf Alot -- Monday 26 October 2009 @ 4:01 You are my hero. Ariel -Mexico Comment by Ariel -- Wednesday 24 September 2008 @ 4:31 thyis is powerful stuff people.
Web to clean up any trace elements. For this reason, I think that Symantec may not recognize Search42 yet and by its heuristics is putting it into the category "download.trojan". birlliant but yet so simple thanks a mil Comment by KIo -- Wednesday 1 October 2008 @ 9:03 Thank you for the very helpful post.
Had finally cleaned out a nasty Vundo infection but had left over problems, such as inability to boot into Safe Mode.
It showed up in hijackthis as c:\windows\config\wfcps.dll, and there were various tmp and ini files in the same directory. I'll see if running the routine again will prove to be better. When finished, it shall produce a log for you. Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [EPSON Stylus CX4100 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /M "Stylus CX4100" /EF "HKCU"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Although this was designed for BartPE it will also run on XP. I see from comment #68 that you updated the original file and the file I've downloaded has "Last-Modified: Tue, 29 Jul 2008 22:14:09 GMT", which matches your comment. This obviously formatted the "C" drive. Comment by Gerry Mulvenna -- Friday 30 January 2009 @ 18:42 I have been very upset and fustrated to restore safe mode.
Jan 2, 2009 #12 kimsland Ex-TechSpotter Posts: 14,524 Yes actually I saw that it looked updated, but that's my standard advice - update first Regarding SAS; you can un-install it now Jan 6, 2009 #22 kimsland Ex-TechSpotter Posts: 14,524 Oh I've just been emphasizing on Malware removal Try this: http://www.techspot.com/vb/post662504-2.html And let me know the outcome Jan 6, 2009 #23 gubhenheim Bagle.fc/@MM was doing my head in. Comment by The Grog -- Tuesday 2 February 2010 @ 4:41 @The Grog: yes, this means your Safe Boot problems are not caused by deleted SafeBoot registry keys, but by something
Back to top #21 Claudius Claudius Member New Member 1 posts Posted 17 May 2005 - 09:54 PM Hey guys!....just new to this forum!....cuz u helped me fix my prob. Information will emerge in the days to come that will be far more specific. Websites will be automatically redirected, based on URL and on content. Comment by nabiy -- Thursday 22 February 2007 @ 11:38 I realy dneed to delete malware in my computer,now my computer infected with not-virus:Hoax.JS.Aqent.a Comment by delete Malware -- Friday 23