# Heeeeeeeeeeelp!!!!!!!!!!!!!



## BullGod (Jan 19, 2008)

Oh shit. I just got the nastiest virus ever. My Taskbar and my icons keep disappearing, like every 10 seconds. Something is awfully wrong. I think windows explorer is fucked and keeps reseting. I've tried everything!!!!!!!!!!!! Even in safe mode it does that. I'm scanning now with SuperAntiSpyware and it found something like 40 viruses till now. That's just wrong I regularly perform virus scans. I think I've got an ugly fucker right here. What to do?


----------



## BullGod (Jan 19, 2008)

I've got it from fucking utorrent. It was supposed to be a keygenerator for CS3. When I started it it instantly tried to put a program in startup named nod32something. I knew I was fucked right there. What's the best free antivirus? Please somebody help me, this disappearing Taskbar is driving me mad.


----------



## spud107 (Jan 19, 2008)

nuke = format
get nod32 av, its free for 30 days,


----------



## BullGod (Jan 19, 2008)

Shiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiit. SuperAntiSpyware is halfway through with scanning and it already detected 700 files !!!!  The fucker is growing fast. I think it won't get rid of this SOB! I'll try NOD32 but I'm kinda hopeless right now...


----------



## btarunr (Jan 19, 2008)

1. Stop panic. 

2. Download and run Quick Heal (trial), an Indian Antivirus program I used when dealing with most of my attacks. http://www.quickheal.co.in/

3. Be amazed at what you just ran.


----------



## spud107 (Jan 19, 2008)

i think the first option might work better then, sounds pretty bad,
but thats a last option if nod32 or what btarunr posted fails


----------



## BullGod (Jan 19, 2008)

spud107 said:


> i think the first option might work better then, sounds pretty bad,
> but thats a last option if nod32 or what btarunr posted fails



That is not an option. I canNOT AFFORD TO LOOSE what I have on my disk and I can't transfer  it all because as I've said Windows Explorer just resets every 10 seconds. 

btarunr I don't panic but this shit is not funny. I'm already downloading that program. It's coming kinda slow, the connection to Asia is usually slow. I hope it helps.


----------



## Namslas90 (Jan 19, 2008)

To verify the virus you can run Hijackthis;

http://www.greyknight17.com/spy/HijackThis.exe 

Sounds like a ZOLOB Virus, if BTA runners solution does not work try looking here;

http://fix-computer-problem.com/trojans/zlob-x_a/zlob-x_a.html

Could also be a Virus that has replaced your winsock file, to fix go here;

http://www.snapfiles.com/get/winsockxpfix.html

Unplug the internet connection before attempting any repair...Most Zolob and winsock viri reload throught the internet connection or Ram whiile being "dealt" with.  Run AVG or other anti-virus after "fixing" to remove any remants or variations in virus.

(I keep winsock fixer on my jump drive just for these types if viri)


----------



## BullGod (Jan 19, 2008)

Well it's not a Zolob or whatever. The program btaruner suggested doesen't work, it says file corrupted. I'm trying Nod32 now but I think I'm fucked...


----------



## xfire (Jan 19, 2008)

how bout safe mode.
I dont remember exactly but linux is supposed to have an av program to scan windows virus


----------



## BullGod (Jan 19, 2008)

I've tried safe mode. Same shit only that in safe mode it actually resets windows itself every 10 seconds. The sucker is smart too. Can't install any new antiviruses. It blocks them. 

In Taskbar there is a new process called imapi, I kill it and then it comes back to life... So yeah... It's fucked up.


----------



## Steevo (Jan 19, 2008)

Turn off your system and go burn a copy of a "live" OS and start it up on that. Mount the volume in question. Delete everything but your personal items. Build a image of Vista using OOBE or http://www.vlite.net/ with a anti-virus included and install that.


----------



## Steevo (Jan 19, 2008)

http://www.knoppix.org/


Knoppix will mount a NTFS volume and you can enable read and write control.


----------



## Steevo (Jan 19, 2008)

Or you could copy everything to a network drive after booting to Knoppix, and delete the partition, format it and then install to be absolutely sure you are clean. If you do copy to a network storage medium install a real time scanning AV like Norton on the recipient machine to check the files as they are passed.


----------



## xfire (Jan 19, 2008)

ubuntu 7.10 reads/writes ntfs.
Switch to linux no virus.
Try using ccleaner to scan registry for errors.


----------



## Steevo (Jan 19, 2008)

Switch to linux, play no games, dream of the more efficient stack linux has, the more security, lack of malware, lack of drivers, show others how much more efficient Linux is a memory management, tell them, shout it from the mountain tops, or not cause then you wouldn't be able to borrow someone elses system monitor gadget, change the color and proclaim that it is yours.



Or just keep Windows, install a good AV, Firewall and don't visit dodgy sites.......




I'm not knocking Linux, I used to run it, Debian was a hard motherfucker. But the lack of gaming, lack of hardware support killed it for me. I found that the pains of Windows were worth it on a machine that I use for gaming, surfing, and media. If I didn't do gaming and was so keen on media I would still have Linux.


----------



## BullGod (Jan 19, 2008)

Ok, got it stable for now. I figured out that explorer.exe wasn't really starting so I manually started it from command prompt. Thing is I don't know what will happen after a restart. If that thing happens again, can someone upload explorer on this site so I can replace mine. That's the only solution going trough my head right now...


----------



## xfire (Jan 19, 2008)

Linux is fast developing.
Also some very good games have come up(check the site in my sig an article 'bout top 25 games for linux has been published recently).
Try ubuntu(Debian based). Very good with hardware.
edit:
bullgod-did you try cccleaner.
Try disabling some services. type services.msc in run command.
Any luck with AVG?


----------



## btarunr (Jan 19, 2008)

Uh come on, help BullGod with his virus problem or leave, this ain't a thread for a Tux-show.


----------



## xfire (Jan 19, 2008)

we are doing both at the same time so no harm since this is genral nonsense anyway.
bullgod imapi has something to do with window inbuilt cd writing software. Also have you tried spybot search and destroy or adware se personal edition.


----------



## Steevo (Jan 19, 2008)

If you are infected there is no sence in remaining so, and with a lack of security you could be hijacked and rootkitted so that most scanners will not work. Try a VM detection tool if you choose to not reinstall to make sure that you are not compromised at a very low level.



Or boot to a secure media like was suggested and run a rootkit check, or a disk boot sector analysys to make sure that you don't have any extra files or jumps in place during boot.



I re wrote my boot sector so that there is no extra room for a file, and changed the jump to address to indicate the much smaller boot sector size and kernel locations. There are some rootkits/BSV in the wild that will change your jump locations during boot, and that will be ignored by most AV programs, or you will have a change listed to the boot sector.


----------



## Steevo (Jan 19, 2008)

This is a good read.
http://www.forensicfocus.com/downloads/ntfs-hidden-data-analysis.pdf


----------



## BullGod (Jan 19, 2008)

Well it's a troian called Vundo. It's harder than a motherfucker to get rid off. Norton made a special program just to get rid of this sucker BUT I gotta do it in safe mode and it's possible that it will not work. There's a zombie server out there that breached my computer and everytime I boot it keeps sending me the goddamned thing so AV programs are no help. Why oh why would someone make such a virus? I would kill the motherfucker that wrote the code. For real!


----------



## thoughtdisorder (Jan 19, 2008)

BullGod said:


> Well it's a troian called Vundo. It's harder than a motherfucker to get rid off. Norton made a special program just to get rid of this sucker BUT I gotta do it in safe mode and it's possible that it will not work. There's a zombie server out there that breached my computer and everytime I boot it keeps sending me the goddamned thing so AV programs are no help. Why oh why would someone make such a virus? I would kill the motherfucker that wrote the code. For real!



Are you absolutely sure that's what you've got? Vundo is a nasty one for sure. Just for shitz and giggles have you gone to Install/Remove programs and seen if it's listed? In some cases it's actually been listed there.


----------



## Steevo (Jan 19, 2008)

Comodo makes a good software firewall.

AVG makes good free AV.

HijackThis, Aports, AVG Rootkit free. 



Make use of these and you will probably never have a infection of any sort.


----------



## thoughtdisorder (Jan 19, 2008)

Steevo said:


> Comodo makes a good software firewall.
> 
> AVG makes good free AV.
> 
> ...



What are your thoughts on ZoneAlarm?


----------



## Steevo (Jan 19, 2008)

I haven't tried it.


If someone likes it, and it works for their purpose, go for it. I am not going to start a which AV is better thread.


----------



## thoughtdisorder (Jan 19, 2008)

Naw Steevo, wasn't trying to go there, was just curious on your thoughts. 

Bullgod, here's another option for removal of that sucker that seems less treacherous than symantecs way...

http://www.atribune.org/content/view/24/2/

The instructions are HERE


----------



## BullGod (Jan 19, 2008)

Oh shit, just ran the Symantec file and it said that Vundo wasn't found on my system. The PC Tools Antivirus reported it as mutant.Vundo. On the link you posted I've seen there is a new version out ther that can't be so easily removed. Guess who got it? Yay a mutant virus exactly what I needed! This has got to be the greatest day ever.  And Steevo I was using an antivirus, people report from all over the world that the sucker is going straight trough firewalls and live AV protection. So umhhh grrrrrrrrrrrrrrrrrrrrrrrr F#@!XSHO!tM@h3RfLuCk1nGSOB!


----------



## AphexDreamer (Jan 19, 2008)

What the Virues called? Is it the  Vundo Trojan?

If so check this site out.

http://www.atribune.org/content/view/24/2/

Or Better yet, Download the Vundo Fix.exe, HEre it is 

http://www.atribune.org/ccount/click.php?id=4

That is assuming its the Vundo Trojan?


----------



## panchoman (Jan 19, 2008)

just back up your files and then nuke the system.


----------



## thoughtdisorder (Jan 19, 2008)

panchoman said:


> just back up your files and then nuke the system.



I like the way you think! Panchoman for President!

BullGod, did ya try the link I posted?


----------



## panchoman (Jan 19, 2008)

its the easiest way.. he could've nuked his system and would be found installing drivers atm instead of frantically loads of anti virus programs..

btw... pm me later about the file you were trying to get from utorrent. its always helpful to read reviews on the torrent and scanning it before opening it you know..


----------



## Steevo (Jan 19, 2008)

OK. Calm down.

Download and install Comodo, it has the option to terminate and quarantine files.
Download HijackThis, once downloaded rename it to something else.






Disconnect that PC from the net, before you do this.
Find the *.dll that it has installed.
Find the *.exe it has installed.
Use Comodo to terminate and quarantine the *.exe
Delete the temp files listed by Symantec that the program has generated.
Find and delete the registry keys generated by this file as shown here. http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=2


Reboot.


After reboot run the renamed HijackThis and prepare a report, post the report .


----------



## BullGod (Jan 19, 2008)

Well it's finally over. The beast is dead. It was a long battle. I somehow figured what it was doing, it wasn't using the internet. The stupid thing was using Windows System Restore to repair itself after every reboot. Goddamn Microsoft, outta my first salary I'm gonna buy a new HDD and put Ubuntu on another partition. This was just ridiculous, I've spent over 5 hours in safe mode using almost ten AV programs plus registry cleaners, system doctors, you name it, to no avail untill I've turned SR off. Still the AV couldn't kill it, I had to manually delete every contaminated file and edit the registry, refresh the shell, manually start explorer and then some more deleting, fun stuff really... But now after all this I think I'm happy.  You should be happy too! http://www.youtube.com/watch?v=ABWyXKT5qt4


----------



## thoughtdisorder (Jan 19, 2008)

Glad you were able to get er done! Sounds like you went through hell to get there though! Some of the most grueling tasks like that can be some of the best learning experiences though. (Although that's prob not what ya want to hear right now)

Congrats!


----------



## Steevo (Jan 19, 2008)

Turning off System restore was on e of the first things that the Symantec paper showed to do.



But i am glad you got it cleaned, now please for your own sake install Comodo & AVG Free they are light on resources and very effective.


----------



## DaMulta (Jan 19, 2008)

BullGod said:


> I've got it from fucking utorrent. It was supposed to be a _keygenerator for CS3. _When I started it it instantly tried to put a program in startup named nod32something. I knew I was fucked right there. What's the best free antivirus? Please somebody help me, this disappearing Taskbar is driving me mad.



LOL you got owned


----------



## AphexDreamer (Jan 19, 2008)

Nice, you know if you have important stuff on that particular Hard Drive, I don't think its wise to be risking it like that by downloading torrents....

Anyways you beat the SOB and you've learned your leason.


----------



## BullGod (Jan 19, 2008)

Steevo said:


> Turning off System restore was on e of the first things that the Symantec paper showed to do.
> 
> 
> 
> But i am glad you got it cleaned, now please for your own sake install Comodo & AVG Free they are light on resources and very effective.



Yeah whatever, I don't really like readme files. I did it the old-fashioned way.  Nod32 discovered some infected files in System Restore and I was like aha! that's where the bitch is hiding! I'm running Nod32 now, I'm gonna check out a firewall too but I don't know if my system can handle it. It's ancient...


----------



## BullGod (Jan 19, 2008)

Anyways thanks guys! Without your support I would have been dead by now. My gf would have killed me if she lost her precious pictures. And I can't loose all my porn now can I?    If this would have happened in real life there would  for everybody.


EDIT: Oh and can a mod change the thread title to whateva please? There's no need for screaming now...


----------



## 3991vhtes (Jan 20, 2008)

BullGod said:
			
		

> There's no need for screaming now...


 There was no need for screaming in the first place. It's unnecessary to have profanity in almost every post....


----------



## NONYA (Feb 3, 2008)

I got the same crap,i didnt even have to DL a torrennt,just did a torrent search on torrenz!I can open internet explorer using task manager but my desktop icons ar gone!Can you give me a detailed explination of how u fixed it,i ran every program i can including a vundoremover tool,nothing works.Thanx


----------



## NONYA (Feb 3, 2008)

btw VUNDO FIX FOUND SOME DDL FILES BUT COULDNT DELETE THEM,I TRIED TO DO IT MANUALLY  BUT IT WONT LET ME ANY IDEA HOW TO DELETE THESE FILES?


----------



## theonetruewill (Feb 3, 2008)

http://www.gibinsoft.net/gipoutils/
Use Move on boot.


----------



## NONYA (Feb 4, 2008)

tHANX FOR THE HELP GUYS,LUCKILY i HAD MOVED ALL MY IMPORTANT DATA TO MY 2ND hd SO I JUST UNPLUGGED IT AND REFORMATTED THE hd,little bastard is gone now.BE CAREFULL ON TORRENT SITES THIS THING IS NASTY!!!!!!!!!!!!


----------

