Can't Remove Trojan.Vundo.B !

It's simple after three days of figuring it out... You CAN remove this by doing the following:

Download the Symantic tool.
Turn off System Restore,
Reboot in safe mode Then you MUST unregister the file that won't go away in safemode.
go to Run and type in regsvr32 /u C:\WINDOWS\Cursors\tcpdll.dll BE SURE TO TYPE THE NAME AND LOCATION OF YOUR FILE, THIS WAS MINE.
Then run the Symantic Tool. Reboot and you're all done!
This drove me crazy. I hope you have success.

 

Just tried this and it appears to work!!
Thanks! I was also frustrated for 3 days.

Thanks Again!!!!!

 

Thank you, thank you, thank you so much!!
just followed instructions posted and after days of frustration this horrible Trojan.Vundo.B , seems to be gone!!!
who ever found out how to fix it you are a Genius!!!!!!
thanks again
Abbiegail

 

Thank you, this really does work. I was skeptical - but I had tried everything else. This got rid of the virus and the insistent virus message. Thank you for sharing your wisdom!

 

Ditto - after 3 days of sheer frustration - this seems to be the only fix that has so far worked ...

To the guy that thought to post this - buy him a beer !

To the guy that wrote the virus - poke him in the eye with a sharp stick !!

Thanks again ...

 

You Genius!!!!!

This is the only solution that has worked!!!
Norton alone couldnt handle this

 

Hey thanks a lot saved me a lot of hassle!

 

Didn't work for me. Norton still tells me it couldn't delete the file & will on reboot. Doesn't do it on reboot, though. I've also tried combining the unregister trick with killbox, hijackthis & process explorer. No luck.

 

Did you first turn off you system restore..and then try to run the tool from symantec in the safe mode.

This is the new one for latest vintage of Trojan Vundo if it was not being detected or fixed by the previous tool. Give the one below a run if you have this problem.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.b.removal.tool.html

see here also

If you have the Vundo.B virus there appears to be a couple of key things to do when you run the new Symantec removal tool:

1. Run the removal tool when you are in the safe mode
2. Make sure you are disconnected from any network.



http://forums.majorgeeks.com/showthread.php?t=61780

 

Thanks, I too struggled with the pest for three days and your solution worked wonders. Wish I too could treat you to a nice meal and drink!

 

I have been struggling for hours with Trojan.Vundo.B. I am stuck trying to open in Safe Mode. I just get a black screen with 'Safe Mode' in the corners. I don't know what to do next.

 

I would just like to thank you,I have been trying for a few days to get rid of this trojan,this worked and it was so simple,I tried going to safe mode for so many other things however this I didnt try..........Yahhhoooooooooooooo yeah no more trojan,

 

Yes thanks to everyone here for their help. Nasty little fecker cost me hours and hours. Make sure you're using Symantec latest version of the removal tool only just released on 29/4.

 

Open in SAFE mode only

You will get a dialogue box very quickly flash on the screen before it all goes black.

Quickly click YES and Windows should load.

I went through all this on Friday evening before any of these solutions were plastered over the net. The site that helped me was :

http://www.sophos.com/virusinfo/analyses/trojagentdo.html

 

Yup what a mess..some have to do the instructions at this link found at the Recovery Tab and then do the safe mode scan with the symantec tool in the safe mode it seems

http://www.sophos.com/virusinfo/analyses/trojagentdo.html

 

MAR,
I had a similar problem with my safe mode. The desktop would not appear, or would disappear within a few seconds. You can still unregister the virus bu using "control-alt-delete" then click "File, New Task (run)" and type in the unregister command. Once that was done, I was able to to reboot in Safe mode and the desktop icons appeared, and was able to run the Symmantec virus removal tool. It worked great for me.
Gary M

 

What is the unregister command? Sorry if this is a dumb question. I tried to open in safe mode as instructed by other posts but it still did not work. I am getting increasingly frustrated. Thank you all for your help.

Mar

 

See if this helps:- http://www.bleepingcomputer.com/forums/tutorial61.html

As soon as you see that black screen keep hitting F8.

 

I have no words to thank you ! For three days I tried to remove it but though the message said that removal was successful, the virus alert kept popping out. I don't know much about computers but after following your advice the stupid Vundo is gone !
My mistakes were that I did not run the tool in safe mode and I did not unregister the file.
Thank you, thank you, thank you and if you are in Toronto I owe you a
VUNDO dinner !
Barb

 

HELP!!

 

does "Then you MUST unregister the file that won't go away in safemode." mean do the run thing or is this something else i need to do, soz can get around a computer but dont understand the speal many thanx

 

hi there this looks like this will help me but!!

does "Then you MUST unregister the file that won't go away in safemode." mean to do something seperate or is it to do the run? my virus is in c:\windows\fonts\wplay.dll
is this what i need to type in the run program

sorry to sound dim, i can get around a computer but dont understand all the speal.

many thanx cant wait to try this i too have spent 3 days trying all sorts and trying to get help

 

HELP!!

can someone help plz,the norton anti-virus has detected Trojan.Vundo.B virus and i have had it since the 27th of april and since that day i have tried everything and nothing works,i have the tool Trojan.Vundo.B and it doesnt work, i have tried the tool bar 4 times and everytime it says ''it has been successfuly been removed but then the norton anti-virus keeps on sayin that it detects it !!
so plz help!!
p.s need simple instructions i am only 13 yrs old lol

 

yes yes yes!!!!!!!!!!!!!!

did the download removal tool, turned off system restore, start in safe mode, run the tool

and hay blinking presto, the blinking virus is GONE!!!!

thank you sooooooooooooo much

 

MAR,
The unregister stuff is in the original thread, where it says
""Reboot in safe mode Then you MUST unregister the file that won't go away in safemode. go to Run and type in regsvr32 /u C:\WINDOWS\Cursors\tcpdll.dll BE SURE TO TYPE THE NAME AND LOCATION OF YOUR FILE, THIS WAS MINE.""
So, even if your safe mode doesn't give you desktop icons (is black with safe mode in 4 corners), you can still do the unregister task by doing the following;

Click "control-alt-delete" which will bring up your task manager. Then click "File, New Task (run)" and type in the window which says open the path shown below;
regsvr32 /u C:\WINDOWS\Cursors\tcpdll.dll
pay attention to the spaces, and you must enter your file location (ie. C:\WINDOWS\Cursors\tcpdll.dll is the file location for the original poster's virus, mine was C:\WINDOWS\assembly\GSC\mscontrl\runmc.dll) for your virus (this will be shown in the symmantec pop up window if you are running that virus scan software), then press OK, and you should get a message saying the file was unregistered. Now reboot in safe mode again, and I'll bet it operates properly. You can go back into the task manager and re-execute the unregister command (it will remember what you had previously tyuped in). Good luck!