I have a customer PC with a virus that I just can’t beat. It is showing up on my scans as a Trojan.Vundo. A relatively simple virus that I have never had an issue defeating in the past. However none of the normal registry entries for this virus are present? Therefore I can’t delete it.
I have even tried using Vundo removal software, and the virus is just simply not detected. The symptoms are by the book for a Vundo, including massive numbers of IE Popups, etc.
Anyone have any ideas on where else the virus could be hiding?
Also, I do am trying to avoid the factory restore. Which is why I am going through all of this trouble. Any help appreciated.
Honestly dude IMO if it takes more than an hour to try and get a virus off, back up what you can and restore it. Dicking around to much is doing nothing but wasting your time and the customers.
Anyways Im not sure if you just tried a virus scan saw what it was and then tried to remove it, if not use Malwarebytes see if something else is hiding in there… If you have bootable software such as avast/norton/Eset or Dr Webb that will do a bootable scan than give those a try.
Sometimes dude certain viruses get so embedded its nearly impossible to get rid of them without spending hours on it. IMO it just wouldent be worht it to me.
My coworker (also a tech) just gave me a laptop he couldn’t beat. I ran ComboFix, then CCleaner to clean it up some more, ComboFix again (only take 10 minutes per run) and the machine is no longer having any issues. He’s ready to ship it back out to the agent in Buffalo. The virus the laptop had wouldn’t allow you to open task manager. Even in Safemode.
I am beginning to think that this has become the Chuck Norris virus though. Everything I throw at it gets thrown back at me and can feel the pain and hear the “pshh” sound like in Walker Texas Ranger when hes kicking some guys head in.
If I did use Linux to format the HDD, it would probably chew up Linux and spit back out, all the while teleporting the bad virus to all known Linux system in the world, destroying the system as we know it.
It just finished and yes it did work. It is the only thing out of a bunch of things I have tried including manual deletion. It will forever be in my “toolbox”.
Yeah I run that first before I run anything else when trying to get rid of nasty stuff. That and CCleaner (CCleaner more for the registry side than the application side).
Glad to see that it worked for you. I haven’t had it fail on me yet. Add this bout to the list haha.
damn, i know i have a couple little things on my comp that shouldnt be there, and i would love to run this program, but the link is all in spanish and i cant figure that shit out :lol
I gave hime good advice… ComboFix is a great tool and I deffinatly use it on stubborn shit but ive had it fail on me in tough virus situations such as the one 99 was experiancing, along with it corrupting system files when doing so with virus that were deep down in.
I had a virus much like the one 99 described about a month back, nothing worked on it…
Honestly if I have to spend more than an hour or hour and a half on a computer, Ill back it up and reformat, its honestly not worth the headache to try and get rid of something and fix anything it corrupts.
90% of the time a person isnt even aware that I reformat it unless theres some random program that I couldet get ahold of.
Im sure Ilya and 99 know, even when it appears as thou a virus is gone, sometimes it comes back to bite you in the ass.
99FRC, if you’re worried about possible system files issues…put in your OS CD (probably XP?) and run sfc /scannow from the command prompt. This will replace any corrupt/fishy DLL’s and SYS files.
And Shady’s advice was fine. I also reformat when it gets to a certain time point. Not worth charging the user more and more. I don’t work that way. I’m honest and try to give them the best bang for the buck.
‘sfc’ will replace the files with the original versions from the disc you’re running- i.e., if you’ve installed SP2 or whatever, the files replaced in the SP install will be replaced by whatever file versions are on the disc sfc is referencing… we’ve run into that a time or two.