Avg found system file

Discussion in 'malware problems & news' started by maddawgz, Jun 25, 2007.

Thread Status:
Not open for further replies.
  1. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    This morning avg got a system file in qaurantine called ddcywts.dll do i leave it in there ? I decided to do a search and came across Vundoo so i ran i didnt think it would find anything , do i remove all in the box in the picture attached helpppp thanks MD :mad:
     

    Attached Files:

  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    You have the classic Vundo/Virtumonde trojan symptoms in your System32 Windows folder. That is where the trojan deposits the five lettered (usually scrambled) INI, DLL, and BAK extensions files. When you boot up each time, the five letters change (the trojan tries to hide that way from being detected). If you are getting pop up window ads from adult friend finder, winfixer, casino games, or some kind of spam that keeps repeating, then you definitely have the trojan. Vundo/Virtumonde was reported to exploit the earlier versions of Java so be sure that you update that program. I would run a Hijackthis on your system and post the log report on a tech support forum just so that all registry entries of that trojan are removed. Vundofix may or may not take care of the trojan. There are variants (rootkits among them) where that utility does not work and requires more extensive repair procedures. You can allow the utility to remove those entries, but I would still suggest that you have your O.S. examined to totally eradicate the trojan. But the final decision is up to you. Since it is in quarantine, it may be "suppressed", but again if your system appears to work OK, then you may not experience any further problems.

    By the way, what websites or email attachments have you recently accessed before you got this alert?:eek:
     
Loading...
Thread Status:
Not open for further replies.