QUESTION: awvvv.dll

Discussion in 'malware problems & news' started by cat1, Sep 14, 2006.

Thread Status:
Not open for further replies.
  1. cat1

    cat1 Registered Member

    Joined:
    Sep 14, 2006
    Posts:
    1
    Hi, does anyone know what this is referring to?
    C:\\WINDOWS\System32\awvvv.dll

    Is it part of SpywareGuard?

    Thanks for your help.
     
  2. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    I run SpywareGuard and I don't see it on my system.

    More knowledgable members I'm sure might identify it.

    Sorry couldn't be more help
     
  3. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England

    Hi cat1 and welcome to Wilders

    NOTE : This is info only

    according to this site it looks like spyware called VIRTUMONDE

    http://www.geekstogo.com/forum/lofiversion/index.php/t75722.html


    you can read a description of it at this site

    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=53087


    I don't know much about this so please wait until one of the experts answers to your post
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I got that Trojan program (otherwise known as Winfixer/Vundo/Virtumonde) earlier this year. The trojan embeds the main part in the System32 folder and also makes changes to the registry (BHO updates) and changes other settings as well. You may get popup ads when you start your browser. You will probably need Hijackthis (Merijn.org) and Vundofix (atribune.org) utility to treat that infection. A lot of other support forums provided very useful information to help others who got the same trojan. Please note that the infection type will vary (some got the rootkit version and some did not) so the methods used to remove the trojan will vary. I got my help through the Spywareinfo.com forum. I think Castlecops.com and Atribune.org sites also have a help forum too.

    Best thing to do is to use some of the online scanners to see if you have the problem. Even though they may not show any problems, you should still post your question on the help forum and allow the tech support person to analyze your hijackthis log. The trojan can dynamically change its name each time you bootup your machine in an attempt to avoid being detected.
     
  5. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    very few online scanners will show vundo

    it is very badly detected by many antiviruses or antispyware programs and even though atribune does his best to keep up with his vundofix tool the only way is to post a HJT log on one of the HJT cleaning forums

    Many of the latest versions of vundo contain a root kit that hides from HJT & several other tools but if you know where to look in the HJT log you will see what should be there is missing, which is a good indication of the rootkit vundo

    I can confirm that C:\WINDOWS\System32\awvvv.dll appears to be vundo by the name and is a known vundo file but just attempting to delete that file doesn't cure it as it has multiple backups that restore it
     
Loading...
Thread Status:
Not open for further replies.