RAFA 0 Posted May 1, 2005 Aright all Need help please. Have Trojan Vundo b on me computor. Have scanned using norton and have three files with that virus on. have used the symantec removal tool a few times but it hasnt worked. The pop up warning via norton will not go away also even after ive clicked OK. Details of the viruses C:\WINDOWS\addins\playsrv.dll: (will be deleted on next reboot) C:\WINDOWS\assembly\temp\vsspc.dll: (will be deleted on next reboot) C:\WINDOWS\java\javautil.dll: (will be deleted on next reboot) The Trojan.Vundo.B removal was successful. The system will delete 3 Trojan.Vundo.B files from your PC on next reboot Even after using the removal tool it says it will delete on reboot but it hasnt. Hope someone can help me. Please note im not to clued up with computors so please explain any responces in layman terms....thanks Rafa Share this post Link to post
Wilhelmus 1 Posted May 1, 2005 First update your antivirus. Download Trojan.Vundo.B Removal Tool: http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.b.removal.tool.html 1) Disable System Restore.Disabling or enabling Windows XP System Restore 2) PHYSICALLY (turn modem off, pull plug, etc.) disconnect from Internet. Then boot into Safe Mode Starting your computer in Safe mode 3) Scan system with AV. ALL files and ALL harddrives. DELETE any infected file it founds. 4) Delete any values added to the registry. Click Start > Run. Type "regedit", without quotes. Click OK. Navigate to and delete the following subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ [Trojan file name] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} Exit the Registry Editor. 5) Reboot and restart in Safe mode. Do another full scan to make sure you got rid of it. 6) Re-enable System Restore (If you want). Share this post Link to post
RAFA 0 Posted May 2, 2005 Many thanks Wilhelmus, with your help think its sorted. many thanks again... RAFA Share this post Link to post