Guest Knowledge Worker Posted July 18, 2008 Posted July 18, 2008 OK!!! I was a bad boy and was downloading bad things from the internet Windows Defender found a Trojan: Win32/Vundo.gen Used Window Defender to remove it It told me that it needs to send the file to Microsoft I allowed it. Windows Defender crashed. Rebooted Used Windows Defender and Norton Internet Security 2008 to scan the entire computer Same Virus was found by Windows Defender. It was able to remove it this time NIS 2008 found no virus Now every time I login to my Vista Home Premium 2008, I encounter the following error message Title: RunDLL Message: Error loading C:\Windows\System32\urqOGVPJ.dll The specified module could not be found OK button Click on it, it goes away Rebooted. Same error message Went to C:\Windows\System32 and deleted urqOGVPJ.dll Rebooted same error message Quote
Guest David H. Lipman Posted July 18, 2008 Posted July 18, 2008 From: "Knowledge Worker" <knowledge.worker@hotmail.com> | OK!!! | I was a bad boy and was downloading bad things from the internet | Windows Defender found a Trojan: Win32/Vundo.gen | Used Window Defender to remove it | It told me that it needs to send the file to Microsoft | I allowed it. Windows Defender crashed. | Rebooted | Used Windows Defender and Norton Internet Security 2008 to scan the entire | computer | Same Virus was found by Windows Defender. | It was able to remove it this time | NIS 2008 found no virus | Now every time I login to my Vista Home Premium 2008, I encounter the | following error message | Title: RunDLL | Message: Error loading C:\Windows\System32\urqOGVPJ.dll | The specified module could not be found | OK button | Click on it, it goes away | Rebooted. Same error message | Went to C:\Windows\System32 and deleted urqOGVPJ.dll | Rebooted | same error message The Vundo is pretty good at protecting itself. That's why the file is NOT getting deleted. It is loaded via the Registry Winlogon/Notify function and you can't even delete that key. 4 phase answer... Perform Part 1, Part 2 and Part 3 and alternately part 4 It is suggested that you execute each tool in Normal Mode then in Safe Mode. If you are using any version of Sun Java that is prior to JRE Version 6.0, then you are strongly urged to remove any/all versions. There are numerous vulnerabilities in them and they are actively being exploited. It is highly suggested that you update to the latest version which is Sun Java JRE/JSE Version 6.0 update 7 (jre 6u7) Simple check, look under... C:\Program Files\Java The only folder under that folder should be the latest version. Such as... C:\Program Files\Java\jre1.6.0_07 http://java.sun.com/javase/downloads/index.jsp http://www.java.com/en/download/manual.jsp FYI: http://sunsolve.sun.com/search/document.do...y=1-26-102557-1 http://sunsolve.sun.com/search/document.do...y=1-26-102622-1 http://sunsolve.sun.com/search/document.do...y=1-26-102648-1 http://sunsolve.sun.com/search/document.do...y=1-26-102729-1 http://sunsolve.sun.com/search/document.do...y=1-26-102732-1 http://sunsolve.sun.com/search/document.do...y=1-26-102760-1 Part 1 ------------ Download Adware-Virtumundo Removal Tool -- http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe Part 2 ------------ Download Atribune's VUNDOFIX.EXE http://www.atribune.org/ccount/click.php?id=4 Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there. Part 3 ------------ Malwarebytes Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe Part 4 ------------ Norman Vundo removal tool. http://download.norman.no/public/Norman_Vundo_Cleaner.exe http://www.norman.com/Virus/Virus_removal_tools/52658/en Please report back your results -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.