Solve : Trojan Vundo.be issues?

1.	Solve : Trojan Vundo.be issues?
Answer» This trojan is apparently in or running from sstrs.dll. I've tried everything I can think of to DELETE that file: SAFE mode Safemode with command prompt A BartPE boot CD Data scrubbers (such as eraser and BCwipe which have delete on reboot type features) Hijack this delete on reboot Virus scanners (trend micro can detect it) unlocker and killbox yet the file is always inuse or otherwise impossible to delete. Any suggestions? I'm using widnows 2000 What about this: http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99 or these: http://www.bleepingcomputer.com/forums/topic18610.html http://www.softpedia.com/get/Antivirus/Trojan-Vundo-B-Free-Removal-Tool.shtmlStarforce, if you haven't tried anything else yet I'd really like to know if Ewido cleans it for you. http://www.ewido.net/en/ It won't hurt you. trust me Thanks. Quote Starforce, if you haven't tried anything else yet I'd really like to know if Ewido cleans it for you. http://www.ewido.net/en/ It won't hurt you. trust me Thanks. Ahh...a new toy. Well, lets just say the trendmicro trail sucked arse, it slowed my system toa crawl worse than any virus I ever had. I realise I got a 1200 mhz on 256 ram but still...so I'll see what this does. ok, ewido has givin me a popup alert to sstrs.dll a few times, I asked it to cleana nd quarentine and once to simply delete, so FAR the file is still there. It's in the middle of a full scan right now. Found a few other oddballs the rest missed, such as the fact that I had that effin purity scan again. Also, that vundofix.exe I downloaded, never reopens after I select run as a TASK. Or, atleast I see no evidence it has in task manager or anywhere else.I'm not quite sure exactly where you are at right now? You could also try Ewido in safe mode, let us know the END result. Quote I'm not quite sure exactly where you are at right now? You could also try Ewido in safe mode, let us know the end result. Well, at this point I'm back where I started. I ran the basic scans on ewido to keep the time short and it removed items and detected the sstrs.dll but didn't delete it. I also tried dos and will trys afe mode command prompt but I hve no idea how to start windows 2000 in dos so..if that option doesn't work... Also now that I know how to do the cd and delete stuff in dos I might try Bart PE again.Do the full Ewido scan in safe mode, let's see if it works. Thanks. Quote Quote I'm not quite sure exactly where you are at right now? You could also try Ewido in safe mode, let us know the end result. Well, at this point I'm back where I started. I ran the basic scans on ewido to keep the time short and it removed items and detected the sstrs.dll but didn't delete it. [highlight]I also tried dos and will trys afe mode command prompt but I hve no idea how to start windows 2000 in dos so..if that option doesn't work...[/highlight] Also now that I know how to do the cd and delete stuff in dos I might try Bart PE again. Safe Mode is not DOS. Win2000 does not have DOS. Safe Mode is F8 at boot before the Windows logo. Yikes a vundo plague, come on Starforce, what happened?I might hafta find someone who can use my drive as a slave drive, and boot of theirs and then sweep all the crap out...What kind of hard and optical drives are in that machine? How much data needs to be backed up roughly?I got 2 hd, one 30 and one 200gb and I got a zip 256 and a dvd+r (I think it's a dual layer). I could just dump everything over and format but I don't see a point in doing a system restore when I'll be building a whole new machine soon.Did you try ASquared as well ? ? And or the trial version of Trojan Hunter. Again update them both first...turn off System Restore and run them in SafeMode. Hope this helps. patio. 8-)Never heard of either of those.

Answer»

This trojan is apparently in or running from sstrs.dll. I've tried everything I can think of to DELETE that file:

SAFE mode
Safemode with command prompt
A BartPE boot CD
Data scrubbers (such as eraser and BCwipe which have delete on reboot type features)
Hijack this delete on reboot
Virus scanners (trend micro can detect it)
unlocker and killbox

yet the file is always inuse or otherwise impossible to delete. Any suggestions?

I'm using widnows 2000
What about this:

http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99

or these:

http://www.bleepingcomputer.com/forums/topic18610.html

http://www.softpedia.com/get/Antivirus/Trojan-Vundo-B-Free-Removal-Tool.shtmlStarforce, if you haven't tried anything else yet I'd really like to know if Ewido cleans it for you.
http://www.ewido.net/en/
It won't hurt you. *trust me*
Thanks. Quote

Starforce, if you haven't tried anything else yet I'd really like to know if Ewido cleans it for you.
http://www.ewido.net/en/
It won't hurt you. *trust me*
Thanks.

Ahh...a new toy. Well, lets just say the trendmicro trail sucked arse, it slowed my system toa crawl worse than any virus I ever had. I realise I got a 1200 mhz on 256 ram but still...so I'll see what this does.
ok, ewido has givin me a popup alert to sstrs.dll a few times, I asked it to cleana nd quarentine and once to simply delete, so FAR the file is still there. It's in the middle of a full scan right now. Found a few other oddballs the rest missed, such as the fact that I had that effin purity scan again. Also, that vundofix.exe I downloaded, never reopens after I select run as a TASK. Or, atleast I see no evidence it has in task manager or anywhere else.I'm not quite sure exactly where you are at right now?
You could also try Ewido in safe mode, let us know the END result. Quote

I'm not quite sure exactly where you are at right now?
You could also try Ewido in safe mode, let us know the end result.

Well, at this point I'm back where I started. I ran the basic scans on ewido to keep the time short and it removed items and detected the sstrs.dll but didn't delete it. I also tried dos and will trys afe mode command prompt but I hve no idea how to start windows 2000 in dos so..if that option doesn't work...

Also now that I know how to do the cd and delete stuff in dos I might try Bart PE again.Do the full Ewido scan in safe mode, let's see if it works.
Thanks. Quote

Quote
I'm not quite sure exactly where you are at right now?
You could also try Ewido in safe mode, let us know the end result.

Well, at this point I'm back where I started. I ran the basic scans on ewido to keep the time short and it removed items and detected the sstrs.dll but didn't delete it. [highlight]I also tried dos and will trys afe mode command prompt but I hve no idea how to start windows 2000 in dos so..if that option doesn't work...[/highlight]
Also now that I know how to do the cd and delete stuff in dos I might try Bart PE again.

Safe Mode is not DOS. Win2000 does not have DOS. Safe Mode is F8 at boot before the Windows logo. Yikes a vundo plague, come on Starforce, what happened?I might hafta find someone who can use my drive as a slave drive, and boot of theirs and then sweep all the crap out...What kind of hard and optical drives are in that machine? How much data needs to be backed up roughly?I got 2 hd, one 30 and one 200gb and I got a zip 256 and a dvd+r (I think it's a dual layer). I could just dump everything over and format but I don't see a point in doing a system restore when I'll be building a whole new machine soon.Did you try ASquared as well ? ?

And or the trial version of Trojan Hunter.

Again update them both first...turn off System Restore and run them in SafeMode.

Hope this helps.

patio. 8-)Never heard of either of those.

Solve : Trojan Vundo.be issues?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment