Persisting threat can't be removed by spywareguard.

Discussion in 'malware problems & news' started by Silver24-7, Sep 30, 2006.

Thread Status:
Not open for further replies.
  1. Silver24-7

    Silver24-7 Registered Member

    Sep 30, 2006
    when starting up my pc I get this BHO file change alert from spywareguard.
    I think great job spywareguard block that out for me :)
    But everytime I remove the changed settings it just pops up again.
    it only gives up coming after I click allow new BHO entry.

    here's a little log :p
    been going on for some time now and even after updating sywareguard and blaster, and custom adding the BHO to the blocklist ( it just creates a new BHO ID to come past the block :S )

    So if anyone knows this threat or any way how to remove it please tell me :)

    I also get some other really annoying popups/spyware.

    I have a dialer which keeps reinstalling itself from a location I have not been able to find yet, it's in italian and probably trying to call some paysite but my internet doesn't come through a modem so it just fails.

    Another really annoying thing is that everytime I open my IE it goes to my homepage but then quikly switches to this page trying to get me to install even more threats on my pc: ~snip~ malicious link removed

    and then there are annoying popups and a thing in my active programs tray telling me spyware is slowing down my internet and CPU and trying to get me to install spywaredoctor or some other crap programs which will only make things worse.

    If you know any of these threats and know how I can remove me please post here or pm me :)

    Last edited by a moderator: Oct 1, 2006
  2. spy1

    spy1 Registered Member

    Dec 29, 2002
    Clover, SC
    Just as an aside, it's possible that none of what you're describing would have come about had you updated SWG and SWB prior to the infection, rather than after the damage had already been done.

    As far as ridding yourself of the multiple infections you have, read and follow this: and register and post your results on that site so they can help you (Wilders no longer does this, AFAIK).

    Good luck. Pete
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    It looks like Vundo.

    If you are still having problems download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



    PS Hi Pete :cool:
  4. ccsito

    ccsito Registered Member

    Jul 27, 2006
    Nation's Capital
    I got a VUNDO/VIRTUMONDE trojan infection earlier this year. The five random alphabetic characters for a DLL, INI, COM, EXE file is one indicator of that trojan and it sticks its junk into the registry (usually a BHO entry) and also into the Windows32 system folder. If you have System Restore option set to back up your system, the System Restore Folder will also have have a copy of the infected files. Vundofix may or may not get rid of the problem completely (it did in my case) and you may need to use other utilities depending on how severe the infection is on your PC. You can run Hijackthis and post the results on the Spywareinfo forum for help.
  5. Bubba

    Bubba Updates Team

    Apr 15, 2002
    Just as a reminder....once a Wilders Team member(Admin,Moderator or Experts & Specialists) starts the process of personal assistance We ask that the member with the referenced problem Please follow the instructions given by that Specialist. Those not mentioned above are not permitted to comment with suggestions Please.

Thread Status:
Not open for further replies.