Trojan.Vundo or something else? 2

[ts8586]

I keep getting Norton anti-virus messages saying that it found trojan.vundo, so I downloaded the FixVundo removal tool from the Symantec site, ran it twice (once in normal mode, once in safe mode) and both times it said that my system did NOT have Trojan.vundo.

Has anyone else had that problem?

 

[karlisi]

Perhaps Norton AV already deleted this virus and only informs you. Only guess.

===
Karlis
ECDL; MCSA

 

[diogenes10]

Here's a link to a vundofix tool:

http://www.geekstogo.com/forum/How-...-Msevents-Trojan-vundo-ATLDistrib-t91765.html

You could try running that.

You could also look at a HijackThis log. Lines like these indicate vundo is or was present:

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\byxywxx.dll
O2 - BHO: (no name) - {90862529-0695-43DE-9F78-26532EF40A22} - C:\WINDOWS\System32\rtaeyblm.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\System32\iskbkchv.dll
O2 - BHO: (no name) - {E711777E-CB3B-4725-8260-6F5C5D3A478E} - C:\WINDOWS\System32\byvts.dll (file missing)
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\System32\sisxwukw.dll",realset
O20 - Winlogon Notify: byvts - C:\WINDOWS\System32\byvts.dll (file missing)
O20 - Winlogon Notify: byxywxx - C:\WINDOWS\SYSTEM32\byxywxx.dll
O20 - Winlogon Notify: ddayy - C:\WINDOWS\System32\ddayy.dll

 

[ts8586]

Thank you, folks. Ran the FixVundo app and SpySweeper, and that seems to have fixed the problem.