Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer Vundo virus


  • Please log in to reply

#1
dowsp

dowsp

    Member

  • Member
  • PipPipPip
  • 447 posts
Hello

I just came across a previous thread which unfortunately is now closed..

I tried to follow the instructions to get rid of this nasty winfixer popup .

I did a virus scan and it came up saying i had a troj Vundo virus..
Unfortunately The FREE online Trendmicro antivirus i used as my symatec has just ran out, couldnt get rid of it..

I ASSUME this is caused by the winfixer pop up i have.


I attempted the instructions below and got as far as downloading the vundo exe folder and following instructions in the safe mode upto typing in C:WINDOWS\System32\npqss.*

after pressing enter to continue the fix.

I said it would RUN then HiJackThis would open automatically.

UNFORTUNATELY IT DIDNT OPEN IT..

It said if not open it manually...

Here I got stuck as i didnt know How I was to open it manually.. I was still in safe mode and the wording looked like it was in DOS....


On the screen there was instructions written similar to what you wrote upto this point, then It suggested I pressed enter after indicating It hadnt done it automatically..

On doing this the screen JUST ended up black with safemode wrote in the corners.. NOTHING else came on the screen to click..

In the end I couldnt get out of it so i had to turn my PC off...

For all i know it may have solved my problem, but as I wasnt sure, I didnt do the other instructions, such as clean up... delete cookies etc.

I did reopen one of my history files on the internet and winfixer came up again.

im not sure if IT had solved my problem if this was from a cookie or if it was still in my system.

can anyone advise please.

thanks

Dowsp








Let's see if we can get you fixed up.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this

QUOTE
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....




At this point press enter one time.

Next you will see:

QUOTE
Please Type in the filepath as instructed by the forum staff
and then press enter:


At this point please type the following file path (make sure to enter it exactly as below!):


C:\WINDOWS\System32\ssqpn.dll




Press Enter to continue with the fix.

Next you will see:

QUOTE
Please type in the second filepath as instructed by the forum
staff then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):


C:\WINDOWS\System32\npqss.*


Press Enter to continue with the fix.

The fix will run then HijackThis will open. If it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:



O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Bho - {7F709074-C96C-4cec-B0B8-DA49EA145F73} - C:\WINDOWS\System32\ojiogjbw.dll (file missing)
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ssqpn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\System32\ssqpn.dll



After you have fixed these items, close Hijackthis.
Press enter to exit the program then manually reboot your computer.
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

Advertisements


#2
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

Hello

I just came across a previous thread which unfortunately is now closed..

I tried to follow the instructions to get rid of this nasty winfixer popup .

I did a virus scan and it came up saying i had a troj Vundo virus..
Unfortunately The FREE online Trendmicro antivirus i used as my symatec has just ran out, couldnt get rid of it..

I ASSUME this is caused by the winfixer pop up i have.
I attempted the instructions below and got as far as downloading the vundo exe folder and following instructions in the safe mode upto typing in C:WINDOWS\System32\npqss.*

after pressing enter to continue the fix.

I said it would RUN then HiJackThis would open automatically.

UNFORTUNATELY IT DIDNT OPEN IT..

It said if not open it manually...

Here I got stuck as i didnt know How I was to open it manually.. I was still in safe mode and the wording looked like it was in DOS....
On the screen there was instructions written similar to what you wrote upto this point, then It suggested I pressed enter after indicating It hadnt done it automatically..

On doing this the screen JUST ended up black with safemode wrote in the corners.. NOTHING else came on the screen to click..

In the end I couldnt get out of it so i had to turn my PC off...

For all i know it may have solved my problem, but as I wasnt sure, I didnt do the other instructions, such as clean up... delete cookies etc.

I did reopen one of my history files on the internet and winfixer came up again.

im not sure if IT had solved my problem if this was from a cookie or if it was still in my system.

can anyone advise please.

thanks

Dowsp


Let's see if we can get you fixed up.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this

QUOTE
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
At this point press enter one time.

Next you will see:

QUOTE
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\ssqpn.dll
Press Enter to continue with the fix.

Next you will see:

QUOTE
Please type in the second filepath as instructed by the forum
staff then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\npqss.*
Press Enter to continue with the fix.

The fix will run then HijackThis will open. If it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Bho - {7F709074-C96C-4cec-B0B8-DA49EA145F73} - C:\WINDOWS\System32\ojiogjbw.dll (file missing)
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ssqpn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\System32\ssqpn.dll
After you have fixed these items, close Hijackthis.
Press enter to exit the program then manually reboot your computer.
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP