How do I get rid of this?

My message was this High Risk

Backdoor:Win32/Vundo.G!dll

c:/system volume
information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
--
Sandy

Sandy wrote:
> How do I get rid of this?
>
> My message was this High Risk
>
> Backdoor:Win32/Vundo.G!dll
>
> c:/system volume
> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll

Go through the preparatory steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to
do all scans in Safe Mode.

There are specific Vundo removal steps here:
http://www.elephantboycomputers.com/page2.html#Winfixer

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

This only fixed part of the problem. Am now able to use IE without ads.
Still getting the same scan message as previously stated. I ran Vundofix.exe
(6) but scan is still saying Vundo.G is still present along with ezula,
claria.Gain, newDotNet.
Seems to still be in C:\system volume information\restore. But now has even
more alike last posting.
--
Sandy


"Malke" wrote:

> Sandy wrote:
> > How do I get rid of this?
> >
> > My message was this High Risk
> >
> > Backdoor:Win32/Vundo.G!dll
> >
> > c:/system volume
> > information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
>
> Go through the preparatory steps systematically -
> http://www.elephantboycomputers.com/...moving_Malware
>
> Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
> (formerly Ewido - http://www.ewido.net/en/) and follow instructions to
> do all scans in Safe Mode.
>
> There are specific Vundo removal steps here:
> http://www.elephantboycomputers.com/page2.html#Winfixer
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the link above (not here, please).
>
> Standard caveat: If the procedures look too complex - and there is no
> shame in admitting this isn't your cup of tea - take the machine to a
> professional computer repair shop (not your local version of
> BigStoreUSA). Please be aware that not all local shops are skilled at
> removing malware and even if they are, your computer may be so infested
> that Windows will need to be clean-installed. Have all your data backed
> up before you take the machine into a shop.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

"Sandy" wrote:

> How do I get rid of this?
>
> My message was this High Risk
>
> Backdoor:Win32/Vundo.G!dll
>
> c:/system volume
> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
> --
> Sandy
Hi sandy,
= Turn OFF system restore and download the AVG and run a scan in both safe
Mode and Normal mode, you can download it on a CD from the machine you are
posting from and Disconnect the other machine from the Internet by unplugging
the cable and run the AVG.
The AVG will find the Trojans and remove them, also download the Lavasoft
and scan for malwares.

Download and install, then run a scan in both safe mode and normal:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5

= Then Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
===
www.nasstec.co.uk

Hi nass,

System Restore should be turned off *only after* all malware is removed.
The reasoning behind that, is it's better to have a "buggy" restore point,
then no restore point at all.

--
HTH,
Curt

Windows Support Center
http://aumha.org/

"nass" <nass@discussions.microsoft.com> wrote in message
news:CFDF7A6D-F8D9-4D4D-B540-9E50A8A3A662@microsoft.com...
>
>
> "Sandy" wrote:
>
>> How do I get rid of this?
>>
>> My message was this High Risk
>>
>> Backdoor:Win32/Vundo.G!dll
>>
>> c:/system volume
>> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
>> --
>> Sandy
> Hi sandy,
> = Turn OFF system restore and download the AVG and run a scan in both safe
> Mode and Normal mode, you can download it on a CD from the machine you are
> posting from and Disconnect the other machine from the Internet by
> unplugging
> the cable and run the AVG.
> The AVG will find the Trojans and remove them, also download the Lavasoft
> and scan for malwares.
>
> Download and install, then run a scan in both safe mode and normal:
> http://free.grisoft.com/doc/5390/lng/us/tpl/v5
>
> = Then Download the Hijackthis and send the report to one of many
> forums for analysis and troubleshooting:
> When all else fails, HijackThis v1.99.1
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware. Post
> your log to http://aumha.net/viewforum.php?f=30,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7, or other appropriate
> forums for expert analysis, not here.
> HTH.
> nass
> ===
> www.nasstec.co.uk

Hi Curt,
What you gona do with infected restore point, feed the Beast LOL.
nass
===
www.nasstec.co.uk

"Curt Christianson" wrote:

> Hi nass,
>
> System Restore should be turned off *only after* all malware is removed.
> The reasoning behind that, is it's better to have a "buggy" restore point,
> then no restore point at all.
>
> --
> HTH,
> Curt
>
> Windows Support Center
> http://aumha.org/
>
> "nass" <nass@discussions.microsoft.com> wrote in message
> news:CFDF7A6D-F8D9-4D4D-B540-9E50A8A3A662@microsoft.com...
> >
> >
> > "Sandy" wrote:
> >
> >> How do I get rid of this?
> >>
> >> My message was this High Risk
> >>
> >> Backdoor:Win32/Vundo.G!dll
> >>
> >> c:/system volume
> >> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
> >> --
> >> Sandy
> > Hi sandy,
> > = Turn OFF system restore and download the AVG and run a scan in both safe
> > Mode and Normal mode, you can download it on a CD from the machine you are
> > posting from and Disconnect the other machine from the Internet by
> > unplugging
> > the cable and run the AVG.
> > The AVG will find the Trojans and remove them, also download the Lavasoft
> > and scan for malwares.
> >
> > Download and install, then run a scan in both safe mode and normal:
> > http://free.grisoft.com/doc/5390/lng/us/tpl/v5
> >
> > = Then Download the Hijackthis and send the report to one of many
> > forums for analysis and troubleshooting:
> > When all else fails, HijackThis v1.99.1
> > (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> > It will help you to both identify and remove any hijackware/spyware. Post
> > your log to http://aumha.net/viewforum.php?f=30,
> > http://castlecops.com/forum67.html,
> > http://forums.subratam.org/index.php?showforum=7, or other appropriate
> > forums for expert analysis, not here.
> > HTH.
> > nass
> > ===
> > www.nasstec.co.uk
>
>
>

Hi nass,

I realize there are two schools of thought on this one, and one can find
just as many references to turning off SR, but I stand by my procedure, (as
I'm sure you do yours).

More info:

http://msmvps.com/blogs/spywaresucks.../17/66724.aspx
http://bertk.mvps.org/html/tips.html#PurgeAndClean

--
HTH,
Curt

Windows Support Center
http://aumha.org/

"nass" <nass@discussions.microsoft.com> wrote in message
news:D70A6CA8-A2E6-4462-BF84-4C17417F625F@microsoft.com...
> Hi Curt,
> What you gona do with infected restore point, feed the Beast LOL.
> nass
> ===
> www.nasstec.co.uk
>
> "Curt Christianson" wrote:
>
>> Hi nass,
>>
>> System Restore should be turned off *only after* all malware is removed.
>> The reasoning behind that, is it's better to have a "buggy" restore
>> point,
>> then no restore point at all.
>>
>> --
>> HTH,
>> Curt
>>
>> Windows Support Center
>> http://aumha.org/
>>
>> "nass" <nass@discussions.microsoft.com> wrote in message
>> news:CFDF7A6D-F8D9-4D4D-B540-9E50A8A3A662@microsoft.com...
>> >
>> >
>> > "Sandy" wrote:
>> >
>> >> How do I get rid of this?
>> >>
>> >> My message was this High Risk
>> >>
>> >> Backdoor:Win32/Vundo.G!dll
>> >>
>> >> c:/system volume
>> >> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
>> >> --
>> >> Sandy
>> > Hi sandy,
>> > = Turn OFF system restore and download the AVG and run a scan in both
>> > safe
>> > Mode and Normal mode, you can download it on a CD from the machine you
>> > are
>> > posting from and Disconnect the other machine from the Internet by
>> > unplugging
>> > the cable and run the AVG.
>> > The AVG will find the Trojans and remove them, also download the
>> > Lavasoft
>> > and scan for malwares.
>> >
>> > Download and install, then run a scan in both safe mode and normal:
>> > http://free.grisoft.com/doc/5390/lng/us/tpl/v5
>> >
>> > = Then Download the Hijackthis and send the report to one of many
>> > forums for analysis and troubleshooting:
>> > When all else fails, HijackThis v1.99.1
>> > (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
>> > use.
>> > It will help you to both identify and remove any hijackware/spyware.
>> > Post
>> > your log to http://aumha.net/viewforum.php?f=30,
>> > http://castlecops.com/forum67.html,
>> > http://forums.subratam.org/index.php?showforum=7, or other appropriate
>> > forums for expert analysis, not here.
>> > HTH.
>> > nass
>> > ===
>> > www.nasstec.co.uk
>>
>>
>>

Hi Curt,
I agree with in this point, my take on this if the system restore is ON it
will resurrect the beast and restart over again (if restored to that infected
point).
Thanks for the Info.
Regards,
nass
===
www.nasstec.co.uk

"Curt Christianson" wrote:

> Hi nass,
>
> I realize there are two schools of thought on this one, and one can find
> just as many references to turning off SR, but I stand by my procedure, (as
> I'm sure you do yours).
>
> More info:
>
> http://msmvps.com/blogs/spywaresucks.../17/66724.aspx
> http://bertk.mvps.org/html/tips.html#PurgeAndClean
>
> --
> HTH,
> Curt
>
> Windows Support Center
> http://aumha.org/
>
> "nass" <nass@discussions.microsoft.com> wrote in message
> news:D70A6CA8-A2E6-4462-BF84-4C17417F625F@microsoft.com...
> > Hi Curt,
> > What you gona do with infected restore point, feed the Beast LOL.
> > nass
> > ===
> > www.nasstec.co.uk
> >
> > "Curt Christianson" wrote:
> >
> >> Hi nass,
> >>
> >> System Restore should be turned off *only after* all malware is removed.
> >> The reasoning behind that, is it's better to have a "buggy" restore
> >> point,
> >> then no restore point at all.
> >>
> >> --
> >> HTH,
> >> Curt
> >>
> >> Windows Support Center
> >> http://aumha.org/
> >>
> >> "nass" <nass@discussions.microsoft.com> wrote in message
> >> news:CFDF7A6D-F8D9-4D4D-B540-9E50A8A3A662@microsoft.com...
> >> >
> >> >
> >> > "Sandy" wrote:
> >> >
> >> >> How do I get rid of this?
> >> >>
> >> >> My message was this High Risk
> >> >>
> >> >> Backdoor:Win32/Vundo.G!dll
> >> >>
> >> >> c:/system volume
> >> >> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
> >> >> --
> >> >> Sandy
> >> > Hi sandy,
> >> > = Turn OFF system restore and download the AVG and run a scan in both
> >> > safe
> >> > Mode and Normal mode, you can download it on a CD from the machine you
> >> > are
> >> > posting from and Disconnect the other machine from the Internet by
> >> > unplugging
> >> > the cable and run the AVG.
> >> > The AVG will find the Trojans and remove them, also download the
> >> > Lavasoft
> >> > and scan for malwares.
> >> >
> >> > Download and install, then run a scan in both safe mode and normal:
> >> > http://free.grisoft.com/doc/5390/lng/us/tpl/v5
> >> >
> >> > = Then Download the Hijackthis and send the report to one of many
> >> > forums for analysis and troubleshooting:
> >> > When all else fails, HijackThis v1.99.1
> >> > (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
> >> > use.
> >> > It will help you to both identify and remove any hijackware/spyware.
> >> > Post
> >> > your log to http://aumha.net/viewforum.php?f=30,
> >> > http://castlecops.com/forum67.html,
> >> > http://forums.subratam.org/index.php?showforum=7, or other appropriate
> >> > forums for expert analysis, not here.
> >> > HTH.
> >> > nass
> >> > ===
> >> > www.nasstec.co.uk
> >>
> >>
> >>
>
>
>

nass wrote:

> Hi Curt,
> I agree with in this point, my take on this if the system restore is
> ON it will resurrect the beast and restart over again (if restored to
> that infected point).


An infection in a restore point is completely innocuous *unless* you restore
to that restore point. If you turn off System restore, you lose *all*
restore points, not just the infected one, and it's possible that you may
want or need to restore to a restore point created before becoming infected.
I think it's far better to keep the restore points until the problem is
fixed.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup



> "Curt Christianson" wrote:
>
>> Hi nass,
>>
>> I realize there are two schools of thought on this one, and one can
>> find just as many references to turning off SR, but I stand by my
>> procedure, (as I'm sure you do yours).
>>
>> More info:
>>
>> http://msmvps.com/blogs/spywaresucks.../17/66724.aspx
>> http://bertk.mvps.org/html/tips.html#PurgeAndClean
>>
>> --
>> HTH,
>> Curt
>>
>> Windows Support Center
>> http://aumha.org/
>>
>> "nass" <nass@discussions.microsoft.com> wrote in message
>> news:D70A6CA8-A2E6-4462-BF84-4C17417F625F@microsoft.com...
>>> Hi Curt,
>>> What you gona do with infected restore point, feed the Beast LOL.
>>> nass
>>> ===
>>> www.nasstec.co.uk
>>>
>>> "Curt Christianson" wrote:
>>>
>>>> Hi nass,
>>>>
>>>> System Restore should be turned off *only after* all malware is
>>>> removed. The reasoning behind that, is it's better to have a
>>>> "buggy" restore point,
>>>> then no restore point at all.
>>>>
>>>> --
>>>> HTH,
>>>> Curt
>>>>
>>>> Windows Support Center
>>>> http://aumha.org/
>>>>
>>>> "nass" <nass@discussions.microsoft.com> wrote in message
>>>> news:CFDF7A6D-F8D9-4D4D-B540-9E50A8A3A662@microsoft.com...
>>>>>
>>>>>
>>>>> "Sandy" wrote:
>>>>>
>>>>>> How do I get rid of this?
>>>>>>
>>>>>> My message was this High Risk
>>>>>>
>>>>>> Backdoor:Win32/Vundo.G!dll
>>>>>>
>>>>>> c:/system volume
>>>>>> information\restore{106cf321-99a3-9103-1bd027606a99\rp74\a0009528.dll
>>>>>> --
>>>>>> Sandy
>>>>> Hi sandy,
>>>>> = Turn OFF system restore and download the AVG and run a scan in
>>>>> both safe
>>>>> Mode and Normal mode, you can download it on a CD from the
>>>>> machine you are
>>>>> posting from and Disconnect the other machine from the Internet by
>>>>> unplugging
>>>>> the cable and run the AVG.
>>>>> The AVG will find the Trojans and remove them, also download the
>>>>> Lavasoft
>>>>> and scan for malwares.
>>>>>
>>>>> Download and install, then run a scan in both safe mode and
>>>>> normal: http://free.grisoft.com/doc/5390/lng/us/tpl/v5
>>>>>
>>>>> = Then Download the Hijackthis and send the report to one of many
>>>>> forums for analysis and troubleshooting:
>>>>> When all else fails, HijackThis v1.99.1
>>>>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool
>>>>> to use.
>>>>> It will help you to both identify and remove any
>>>>> hijackware/spyware. Post
>>>>> your log to http://aumha.net/viewforum.php?f=30,
>>>>> http://castlecops.com/forum67.html,
>>>>> http://forums.subratam.org/index.php?showforum=7, or other
>>>>> appropriate forums for expert analysis, not here.
>>>>> HTH.
>>>>> nass
>>>>> ===
>>>>> www.nasstec.co.uk