How-to remove Winfixer, Virtumonde, Msevents, and Trojan.vundo (ATLDistrib Object) using Atribune's VundoFix removal tool

WinFixer:




Credit: Atribune

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please save the contents of C:\vundofix.txt in case the infection is not removed, it will need to be posted with your HijackThis log in the malware forum.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If the infection(s) are still present, please post the contents of C:\vundofix.txt and a HiJackThis log in the Malware Removal Forum.

Have you've found the VundoFix removal tool useful? Please consider a donation to the author: Atribune.org.

Alternate fix: (use only if the above fix didn't work)
1) Download VirtumundoBegone
2) Save VirtumundoBeGone.exe to your desktop.
3) Run VirtumundoBeGone.exe and follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
4) When it has finished, reboot.

It will create a log on your desktop called VBG.TXT, if the infection is still present, post this log and a HiJackThis log in the Malware Removal Forum.

=====================================================================
This is a self-help guide. Use at your own risk.

Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply.

This post has been edited by therock247uk: Jun 24 2008, 07:40 AM

This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.

The self-help guide to remove Vundo appears to have cleared up the my problems loading IE and Firefox! Many thanks!

Gina

I think I have the WinAntiVirus virus. I looked it up on wikipedia and said its similar to winfixer. I ran a Vundo Removal software and it didn't detect it. I've ran numerous antivirus scans and it still does not go away! I just have new infections that pop up. I need help please!!! And I'm new to this, so I'm not sure what you guys mean when you say HiJack This. And I saw on one forum to mess with my regedit-- but that seems risky!

Hello Supermd and welcome
Have a read Here

That will get you started and someone will be along to help you in the malware forum

bldu8042,

Please post these logs in a single post, in the Malware Forum.

One of our staff members will pick it up and help you with the malware removal process.

Regards,
RatHat

This took 5 minutes to fix what I've been struggling with for weeks. Thanks!

Thanks for taking the time to let us know zudplucker
Glad to hear its all sorted out

Hey guys,

After I ran this fix, it got rid of the VirtuMode virus which caused all my problems to go away.....but now, when I start my computer, I get a pop up error that says can't find c\windows\system32\scttwewc.dll

Is this a whole new problem I have or do you think this is related to the virus I had. It looks suspiciously like some of the files that my Symantec was quaratining related to the VirtuMode thing.

Hi zudplucker and welcome to Geeks to Go!

Please follow the instructions HERE and then post your log in the Malware Removal forum.

I just registered as a new member to Geeks to Go.

I have what I believe is the Virtumonde Malware. As a new member I started to follow the instructions as outlined under the self-help removal guides for "How-to remove WInfixer, Virtumonde, Msevens, ...". Everything was going well until I came to the section that had me reboot my notebook into SafeMode and start a scan using AVG anti-spyware. The program shows that it have 5 objects. I then try to "Apply all Actions" as instructed but receive an error message on the right side of the window which reads, "Errors have been occurred while applying the actions, please inspect the list on the left." When I review each line item the Action column reads "Error while quarantining", for one of the five items. The other 4 items show "Error while deleting!". I have tried this twice with the same results. Could I have a bad copy of the AVG Anti-Spware? Should I try to reinstall AVG and re-run the scan?

Any assistance would be greatly appreciated.


Thanks in advance,

Hello BT_RN,

Please follow steps described here : > You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide

Then post HijackThis report at the following forum : Malware Removal - HijackThis™ Logs Go Here

If you don't receive response in no less then 3 days, post at this forum : The Waiting Room


Best regards,

hello all i ran both vundofix and virtumundobegone but still my malwarebot says i have a vundo downloader in my c:\WINDOWS\system32\vtstq.dll and 2 vundo adwares in my Hkey_local_machine\software\microsoft ... i do not know how i got these and ofcourse would love to remove them
Thanks for your time .
Done

Hello didit and welcome at Geekstogo,

Please read and follow the steps discribed here.

Then post a HijackThislog in the Malware Forum.

This post has been edited by Thunderbird1988: Nov 25 2007, 03:46 AM

Hello, I believe I have Virtumonde on my computer. I tried Vundofix and Virtumundobegone. And I also used Norton 2008, SpySweeper, and Ad-Aware. And nothing has removed it. Spysweeper detects Adware: Virtumonde but can't remove it. I also found these and I think they are related to the problem: awtqn.dll and gebayyw.dll
If you could help me I'd really appreciate it. Thanks