Back to top #6 Thunder Thunder Members 3,294 posts OFFLINE Gender:Male Location:Belgium Local time:10:47 PM Posted 19 July 2008 - 05:00 PM OK Quikwgn, I'll hear from you later then. After finishing erasing the hdd, immediately flash the BIOS and purge the memory (sudden power loss with do that nicely - pull the PC's power cord from the wall socket). examples: agkrexce.dll, fccARIK.dll, igQwrIN.dll. July 2nd, 2008 #23 oldsod View Profile View Forum Posts Private Message Senior Member Join Date Dec 2005 Location Canada Posts 9,004 Re: "Trojan.Win32.Monderc.gen" ZoneAlarm Can not Remove, Quarentine, or Delete have a peek at these guys
Super Anti-Spyware appears to be a little too super for its own good. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Thanks again! Take a deep breath ""C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\meow\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=LAPTOPComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\meowLOGONSERVER=\\LAPTOPNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model http://www.bleepingcomputer.com/forums/t/157269/laptop-infected-with-boaxxevundomonderc/
take down the names of the remaining files for later use. The time service will not change the system time by more than -54000 seconds. Fredi kps20.07.2008, 13:26Please, turn off the system restore (how - see the rules (http://virusinfo.info/showthread.php?t=9184)). I was thinking my regular profile with admin-rights should be good enough.
Now the PC is like new - erased drive, flashed BIOS and clean memory. The time now is 12:47 PM. ©2003-2016 Check Point Software Technologies Ltd. I haven't had time to look @ it yet since I'm still @ work. Have to work now for some hours, but will be back around noon (4 hours).
Almost any user with this malware has got this from cracked softwares and not innocently by some email or web browser drive by. Why did ZA NOT pick up the Vundo stuff when deep scanned in safe mode, while SaS picked it up immediately? 2. Now I can even reboot and the system comes up normally, except for the dll-messages. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/search/troj%20_%20vundo/52 Fredi20.07.2008, 19:35Yes, it started in normal mode with last known good config.
Your computer will reboot. How can I get rid of that thing? No, the user did this all to themslves all by themsleves. No, I didn´t start it as administrator.
kps20.07.2008, 21:04No, I didn´t start it as administrator. What can I do? Plus you will be re-assured the windows is perfectly clean - no nagging thoughts of what if the computer still is infected. Thanks again fax for the advice provided a few posts up Questions: 1.
Say, what makes you spend your Sunday at the computer helping jerks like me to get rid of their malware??? More about the author Any help is greatly appreciated! sometimes .dll.vzr. Thanks man, I think I owe you a beer or two...
All Rights Reserved. ZoneAlarm Technical Support Open Monday-Saturday 24 hours PST Click Here to Chat with Technical support now. 10/19/2016 Update 184.108.40.20685 version available freeto all users. PC is slow and sometimes pops up websites with strange security warnings and security software to purchase. check my blog I am gonna run a few more scans using ZA, HJT and SaS over the next few days just to see what (if anything happens).
Drivers can be found at the vendor of PC's own web site or at the web sites of the actual hardware used. where did kis detect it? Any assistance provided would be greatly appreciated.
if you downloaded anything from dailykeys.com, you definitely have vundo.
It does take a kick in the pants for some people to get a proper perspective of things, but it does work. (eventually, I hope). Register now! VundoÂ is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user'sÂ consent. New - Anti-Phishing Protection for Chrome.
Probably not :( On Vista it is not. this is the common place it lies, but it can be anywhere, so find the directory) with zonealarm. This applies only to the original topic starter.Everyone else please begin a New Topic. news The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms System Changes The following system changes may indicate the
I am gonna run each one of these invidiually and follow it with a scan using HJT/ SaS and see if the nasties return. This family uses advanced defensiveÂ and stealth techniquesÂ to escape detection and to hinderÂ removal.