computer hijacked

I was running pccillan and before that norton, but the pccillan let vundo.aq trojan into my system. I got rid of pccillan an installed nod32 (trial) and was surprised at how much stuff was living in my notebook without me knowing!

I thought all was ok but the computer started restarting itself after being logged into a profile for 5 mins. I have 4 accounts loaded, 2 kids, missus and me. talked to guys at work and started computer in safe mode off the office professional 2003 disc and thought I had fixed it,,,, but no.

Contacted NOD32 tech support and explained and he said I have probably been hijacked. Sent me an email with norton destruction thing, which I did. On his advise I want to get rid of the 4 accounts. Iwent looking for stuff in my internet setup and found all accounts were defaulting to res://c:\windows\system32\shdoclc.dll.

I have set up nod 32 as per the tutorial sent and want to subscribe but this bug seems to get upset when you deny it access to the net and starts the whole restart thing again. I am running wireless to a belkin router. The computer is a HP Pavillion zd8001ap. Is it safe to stay on the net and outlook?

Please help, very frustrated. Id like to save the home movies, kids school work and family pictures etc

 

It might not be a problem with NOD32.

Do you use a software firewall beside belkin router?

The hardware firewall (NAT or SPI firewall comes with router) will only monitor incoming traffic but not outgoing traffic.

It is best to use a hardware firewall as a first line of defense and software firewall as the second line of defense.

 

Hi nognlou, welcome to Wilders.

Please follow the directions in the 2nd post HERE to remove vundo

Once complete, please reboot your computer into "Safe Mode" and run a scan, and then please post the results of the log here.

Cheers

 

Thanks for the prompt response. Tried downloading the vundo fix exe many times but a pop up message comes up every time it gets to 99%, IE cannot download Vundofix.exe from WWW . etc. The connection with the server was terminated abnormally. Can this thing recognise its own name and stop you trying to kill it?

 

Please download and run "HijackThis" found HERE and post your log at one of the following sites SpywareInfo, CastleCops or TomCoyote please make sure you follow their posting rules.

Once they have your system clean, please advise us here and we will look at making sure your security is right for the future.

Cheers

 

Thanks for all your help. I was tearing my hair out and called in the experts as this was way over my head. Computer now fixed and I have learnt alot. To know that there is support out there for numpty's like me is half the battle. Cheers.