Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib


  • Please log in to reply

#1
admin

admin

    Founder Geek

  • Administrator
  • 24,094 posts
  • MVP
How-to remove Winfixer, Virtumonde, Msevents, and Trojan.vundo (ATLDistrib Object) using Atribune's VundoFix removal tool

WinFixer:
winfixer1_748965.jpg

WinFixer_1.png

Credit: Atribune

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please save the contents of C:\vundofix.txt in case the infection is not removed, it will need to be posted with your HijackThis log in the malware forum.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If the infection(s) are still present, please post the contents of C:\vundofix.txt and a HiJackThis log in the Malware Removal Forum.

Have you've found the VundoFix removal tool useful? Please consider a donation to the author: Atribune.org.

Alternate fix: (use only if the above fix didn't work)
1) Download VirtumundoBegone
2) Save VirtumundoBeGone.exe to your desktop.
3) Run VirtumundoBeGone.exe and follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
4) When it has finished, reboot.

It will create a log on your desktop called VBG.TXT, if the infection is still present, post this log and a HiJackThis log in the Malware Removal Forum.

=====================================================================
This is a self-help guide. Use at your own risk.

Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply.

Edited by therock247uk, 24 June 2008 - 07:40 AM.

  • 0

Advertisement


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,094 posts
  • MVP
This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.
  • 0

#3
Frusratedgmb

Frusratedgmb

    New Member

  • Member
  • Pip
  • 4 posts
The self-help guide to remove Vundo appears to have cleared up the my problems loading IE and Firefox! Many thanks!

Gina
  • 0

#4
supermd

supermd

    New Member

  • Member
  • Pip
  • 1 posts
I think I have the WinAntiVirus virus. I looked it up on wikipedia and said its similar to winfixer. I ran a Vundo Removal software and it didn't detect it. I've ran numerous antivirus scans and it still does not go away! I just have new infections that pop up. I need help please!!! And I'm new to this, so I'm not sure what you guys mean when you say HiJack This. And I saw on one forum to mess with my regedit-- but that seems risky!
  • 0

#5
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Supermd and welcome
Have a read Here

That will get you started and someone will be along to help you in the malware forum :whistling:
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
bldu8042,

Please post these logs in a single post, in the Malware Forum.

One of our staff members will pick it up and help you with the malware removal process.

Regards,
RatHat
  • 0

#7
zudplucker

zudplucker

    New Member

  • Member
  • Pip
  • 2 posts
This took 5 minutes to fix what I've been struggling with for weeks. Thanks!
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thanks for taking the time to let us know zudplucker
Glad to hear its all sorted out :)
  • 0

#9
zudplucker

zudplucker

    New Member

  • Member
  • Pip
  • 2 posts
Hey guys,

After I ran this fix, it got rid of the VirtuMode virus which caused all my problems to go away.....but now, when I start my computer, I get a pop up error that says can't find c\windows\system32\scttwewc.dll

Is this a whole new problem I have or do you think this is related to the virus I had. It looks suspiciously like some of the files that my Symantec was quaratining related to the VirtuMode thing.
  • 0

#10
MoNsTeReNeRgY22

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,527 posts
Hi zudplucker and welcome to Geeks to Go!

Please follow the instructions HERE and then post your log in the Malware Removal forum.
  • 0
<

Advertisement


#11
BT_RN

BT_RN

    New Member

  • Member
  • Pip
  • 1 posts
I just registered as a new member to Geeks to Go.

I have what I believe is the Virtumonde Malware. As a new member I started to follow the instructions as outlined under the self-help removal guides for "How-to remove WInfixer, Virtumonde, Msevens, ...". Everything was going well until I came to the section that had me reboot my notebook into SafeMode and start a scan using AVG anti-spyware. The program shows that it have 5 objects. I then try to "Apply all Actions" as instructed but receive an error message on the right side of the window which reads, "Errors have been occurred while applying the actions, please inspect the list on the left." When I review each line item the Action column reads "Error while quarantining", for one of the five items. The other 4 items show "Error while deleting!". I have tried this twice with the same results. Could I have a bad copy of the AVG Anti-Spware? Should I try to reinstall AVG and re-run the scan?

Any assistance would be greatly appreciated.


Thanks in advance,
  • 0

#12
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello BT_RN,

Please follow steps described here : > You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide

Then post HijackThis report at the following forum : Malware Removal - HijackThis™ Logs Go Here

If you don't receive response in no less then 3 days, post at this forum : The Waiting Room


Best regards,
  • 0

#13
didit

didit

    New Member

  • Member
  • Pip
  • 1 posts
hello all i ran both vundofix and virtumundobegone but still my malwarebot says i have a vundo downloader in my c:\WINDOWS\system32\vtstq.dll and 2 vundo adwares in my Hkey_local_machine\software\microsoft ... i do not know how i got these and ofcourse would love to remove them
Thanks for your time .
Done
  • 0

#14
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello didit and welcome at Geekstogo,

Please read and follow the steps discribed here.

Then post a HijackThislog in the Malware Forum.

Edited by Thunderbird1988, 25 November 2007 - 03:46 AM.

  • 0

#15
jacquelyn

jacquelyn

    New Member

  • Member
  • Pip
  • 4 posts
Hello, I believe I have Virtumonde on my computer. I tried Vundofix and Virtumundobegone. And I also used Norton 2008, SpySweeper, and Ad-Aware. And nothing has removed it. Spysweeper detects Adware: Virtumonde but can't remove it. I also found these and I think they are related to the problem: awtqn.dll and gebayyw.dll
If you could help me I'd really appreciate it. Thanks
  • 0

Advertisement



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured