Virus attack - Help!!

OK, so, I installed that Sandboxie program and have Firefox running it... but now it has a [#] before and after the name. Is that because I didn't pay for it? Otherwise, it seems to be working fine so far... I'll see if it ever gives me any popups.

--Edit--

Nope, still getting popups. Crap. I'll run an Ad-Aware scan overnight then... (I have so many files and drives that it takes like 4 hours do to a full scan and I'm not gonna sit here waiting during the day)

The # signs are there to indicate the program is running sandboxed. It's not a popup blocker. It redirects all HD writes to the sandbox folder. So if a program thinks it's writing to C:\Windows\System32 it's really writing to
SandoboxFolderName\Drives\C\Windows\System32.

There's a complete explanation with diagrams on the introductory page



For popup blocking I use Firefox. I've given up totally on IE and any browser that uses the IE ActiveX Control. Too many people target it.
If you run Firefox sandboxed, you should be good.

Well, I made some headway.

Turns out I'm infected with Vundo. So that explains why all the random DLLs that AVG and Symantec were removing did nothing. I'll try that one suggestion on removing it...

Stupid PITA viruses... Someone said that Vundo was like one of the, if not THE, hardest to remove viruses out there. At least it's not one of the horrible ones that just destroys your hard drive... I can still use all my files.

Have you tried Dr. Delete, it can remove the file while it is in use, which is usually need to get rid of Vundo. Since it usually aligns itself with winlogin, if not completely removed it will install over and over again. This is what makes it so hard to remove, the other programs remove it, but it re-installs because winlogin can not be shut down.

Also you mentioned Symantec, they have a special DL to remove the Vundo virus, you may want to try. But at any rate, every infected part and the association with winlogin has to be removed before re-booting.

Then try this:http://vundofix.atribune.org/

oops...... important point..... thanks Doc.......

I tried VundoFix, but it didn't seem to work. It pointed out some DLLs that were infected/created by the virus, but not THE DLL that I have to delete.

So far, I think that Malwarebytes Anti-Malware program has worked... I ran it in Safe Mode and so far I haven't seen the symptoms recur.

As far as Dr. Delete... Unlocker can also do that, right? I have Unlocker installed, the problem is FINDING the file. Isn't it usually called VirtuMonde.dll? Or something like that? If I can find the actual file I can use Unlocker to delete it pretty easily.

I did see the page for that Symantec fix, but I also noticed that it was made in 2005... would it still work now?

It is possible that it will work, but it may be possible that the virus has mutated. Which could cause the Symantec fix not to work. Go ahead and try it and see if will fix your problem.

Hi dfssupercenter
You mentioned using Linux to fix your virus problem a few posts back. If you know what files you want to delete but Windows & the virus have them hidden and or won’t let you, you could try Puppy Linux on a live CD. Puppy is the only distro that lets you save files back to the CD via multi-session burning back to the live CD so you can run a full Linux configuration off a CD/DVD with out having to install it to the HD. It has full NTFS read/write capabilities so you will be able to delete the files you need to. Also you can back them up to the same live CD before you delete them. That way if you get windows to the point it won’t startup, you can boot the live CD again and restore them.
BTW: This not spam! LOL
Below is a link to the current Live CD. You could burn the ISO with Imgburn but make sure you burn it as a Multi-session and don’t finalize the CD. After your first boot from the CD you will get a few graphical windows to setup your country and then your video setup (very easy) after that you should get a full windows 98 looking desktop. Just to be safe use the “Menu” (Start in windows) and shut down Puppy to make sure you are prompted to save the session back to the CD. If you get no burn errors you should be good to go. Just reboot the Live CD again and you will go right to the desktop without having to setup the country & video again.
Puppy runs as root so you won’t have to do a bunch of cryptic command line stuff.
If you get the CD all setup and need help mounting your windows partition, just yell.
I’m out here lurking

Eric’s site is the closest to you (& me) and is very fast to download the ISO from.

If you want to learn more about Puppy, check out the forum.



BTW: where have you been surfing to get such a virus?
ROFLMAO

I downloaded Knoppix... but due to some burning error it seems to refuse to start.

The problem is, I don't know exactly which files to delete. I need some sort of an antivirus program for Linux that will search for Windows viruses and delete them. Does such a program exist?

Danny
Let me ask some of the Puppy guru’s over on the forum and see what anti-virus is available for Puppy and if it will safely scan your Windows partition.
Knoppix Is a good distro but is complicated unless you are a Linux guru.
Puppy is brain-dead easy.

OK, I'll have to look up that Puppy then.

In the meantime, I can try the thing about using ProcessExplorer to suspend Explorer and Winlogon while running that fixer... and see if that makes a difference. But it'd be nice to have a working Linux disc that I can use in the future.

Why not post a HJT log on a site that specialized in virus removal?

The program "exterminate it" (not freeware) does have listings of the registry keys, files, and folders, that should be able to help you identify the infected sources. If I remember correctly they also have a link (or search for it) to "remove on reboot" where you can send your infected parts to. Maybe worth reading, I haven't been there in a while but I'm sure they give all the details and instructions, for manually removing it, (at least they use to).

Drf
One of the members on the Puppy forum pointed me to this program that can be run in puppy but also has and .EXE file you can download in windows an it creates a bootable Linux CD that has the Anti-V program only.

You will also need to download the current virus database file for the program to be up to date. Download it and unzip it to a usb flash or to another drive so you can update the live CD after booting.

Here is the forum for more info on this procedure.


This one looks real good to me because the CD is Linux and there will be nothing loaded at Windows boot that will prevent the virus from being removed or hidden from view.
Danny have a look at Puppy anyway. It's about the best starter Linux distro for getting your feet wet in the tux world.