[shadow06031992]

hi guys.. im new here, so if i did something wrong in creating this topic, let me know, but right now im desperate. My girlfriend has had various problems with Trojans the 6 months or so. So far, I've been able to help her get rid of them.. or so i thought. Recently she found a .exe file for the Trojan-Downloader.popuper, which i thought i had gotten rid of back in February. That and she also had the Vundo Trojan that took me quite a while to "get rid of" but she had a scan that told her it was still there. She tried to delete that file, but Windows Defender wouldn't let her because it has the file quarantined. She does use vista. Here is a screen shot of the spyware doctor program that she has installed, showing the Trojans.



I am going to quote a message she sent me this morning about it. Hopefully you cna answer some of her questions, as well as find a way to remove it. If you need anymore information, i would be glad to tell you.

I went through the registry and backed up the file that was supposedly in collaboration with the Vundo Trojan i had..
Then i deleted it out of the registry._.

but in the C drive i still find a file related to Vundo that i was trying to kill in the first place and it wont let me delete it because of windows defenders quarantine guard against it...

I deleted the exact registry key for that file location..Doesn't that mean the file under the C drive shouldn't exist anymore?Or have a rendered that file useless by destroying the registry key?._. or have a released it to wreck possible and unrepairable damage upon my comp?!

New info:

She found a file called kdcoo.exe on her comp. Windows Defender, says that it is the Vundo Trojan shown here:


she looked up the file and it says the file was added in September of last year, but she did buy the comp until October 31st.

Here is a shot of the file in explorer, and also Windows Defender showing that the file cannot be removed.


Just recently, she told me about some random messages that have popped up on her comp in the last 2-3 days. This one she said popped up 4 times 3 days ago, and she just clicked the "X" and then later it would come up later. This is the message:


Also, yesterday, she got a message about he computer maybe having counterfeit software:


Hopefully all of this is relevant to help solve the problem. i will be posting more information as i receive it.

Also at this point, she is reluctant to download anything, as that is how she got the Trojan in the first place. so if you can solve the problem without having to make a hijacker log or anything, that would be appreciated, as she is leary about getting another virus or making the current one worse than it already is. I'm not quite sure on to the extent of what the Vundo Trojan does, but form what she has said and what i have read, it isn't system threating.

Also something that might be relevant, is that she gets knocked offline every once in a while, and he modem is still on, but her computer says it is off.

Edited by shadow06031992, 11 August 2008 - 12:26 PM.