|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
December 24th 05, 08:37 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
trojan vundo in system 32
norton found trojan.vundo in system32\ssssjokr.dll and is unable to repair
and access denied i tried lippmans winfix scans in normal and safe mode they find ssssjokr.dll but report unable to open file and no fix or removal happens what am i doing wrong? bear in mind i'm not a computer all star here! -- huch 
|
| Ads |
|
#2
December 24th 05, 08:42 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
You'll need to turn-off System Restore, reboot, then turn it back on.
The virus has infected your System Restore folder (system volume information). How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/default...&Product=winxp -- Carey Frisch Microsoft MVP Windows - Shell/User Microsoft Community Newsgroups news://msnews.microsoft.com/ ------------------------------------------------------------------------------------------- "hucho" wrote: | norton found trojan.vundo in system32\ssssjokr.dll and is unable to repair | and access denied i tried lippmans winfix scans in normal and safe mode they | find ssssjokr.dll but report unable to open file and no fix or removal | happens what am i doing wrong? bear in mind i'm not a computer all star here! | -- | huch
|
|
#3
December 24th 05, 08:52 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
"Carey Frisch [MVP]" wrote:
You'll need to turn-off System Restore, reboot, then turn it back on. The virus has infected your System Restore folder (system volume information). How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/default...&Product=winxp Bad advice. Never repeat never turn off System Restore on an infected system, unless and until it is absolutely proven that the only remnants of the infection are contained in the system restore archives. In this instance the infected file is in the \system32 folder so turning off system restore will do diddly squat towards resolving the issue. Ron Martell Duncan B.C. Canada -- Microsoft MVP (1997 - 2006) On-Line Help Computer Service http://onlinehelp.bc.ca
|
|
#4
December 24th 05, 11:32 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| norton found trojan.vundo in system32\ssssjokr.dll and is unable to repair | and access denied i tried lippmans winfix scans in normal and safe mode they | find ssssjokr.dll but report unable to open file and no fix or removal | happens what am i doing wrong? bear in mind i'm not a computer all star here! | -- | huch Huch: It's "Lipman" :-) You stated "...but report unable to open file and no fix or removal.." My WinFixerFix tool in the McAfee scan mode does NOT report that kind of error. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply from the last scan. I have updated the WinFixerFix tool to specifically handle the DLL you posted. I suggest downloading the tool again. Here are the directions. Two phase answer... Perform Part 1 the perform part 2 Part 1 ------------ Download Adware-Virtumundo Removal Tool v1.5 -- http://secured2k.home.comcast.net/to...undoBeGone.exe Information on the Adware-Virtumundo Removal Tool: http://forums.mcafeehelp.com/viewtopic.php?t=57049 Part 2 ------------ Download WinFixerFix.exe from the URL -- http://www.ik-cs.com/programs/virtools/WinFixerFix.exe Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#5
December 25th 05, 12:10 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
sorry mr lipman i wasn't quoting the report i just watched the scan run and
when it came to ssssjokr.dll it said unable to open file and continued on i will try your suggestion thanks -- huch "David H. Lipman" wrote: From: "hucho" | norton found trojan.vundo in system32\ssssjokr.dll and is unable to repair | and access denied i tried lippmans winfix scans in normal and safe mode they | find ssssjokr.dll but report unable to open file and no fix or removal | happens what am i doing wrong? bear in mind i'm not a computer all star here! | -- | huch Huch: It's "Lipman" :-) You stated "...but report unable to open file and no fix or removal.." My WinFixerFix tool in the McAfee scan mode does NOT report that kind of error. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply from the last scan. I have updated the WinFixerFix tool to specifically handle the DLL you posted. I suggest downloading the tool again. Here are the directions. Two phase answer... Perform Part 1 the perform part 2 Part 1 ------------ Download Adware-Virtumundo Removal Tool v1.5 -- http://secured2k.home.comcast.net/to...undoBeGone.exe Information on the Adware-Virtumundo Removal Tool: http://forums.mcafeehelp.com/viewtopic.php?t=57049 Part 2 ------------ Download WinFixerFix.exe from the URL -- http://www.ik-cs.com/programs/virtools/WinFixerFix.exe Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#6
December 25th 05, 01:26 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| sorry mr lipman i wasn't quoting the report i just watched the scan run and | when it came to ssssjokr.dll it said unable to open file and continued on i | will try your suggestion thanks I'll watch for your reply. Please don't forget... Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#7
December 26th 05, 08:58 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
12/25/2005 01:55:03
Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* Summary report on C:\*.* File(s) Total files: ........... 74349 Clean: ................. 74320 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 00:30.40 this is all i get in the report it still seems as if the scan cant look in the system 32 file to check for virus sorry for the lateness of this reply but som holliday stuff has gotten in the way -- huch "David H. Lipman" wrote: From: "hucho" | sorry mr lipman i wasn't quoting the report i just watched the scan run and | when it came to ssssjokr.dll it said unable to open file and continued on i | will try your suggestion thanks I'll watch for your reply. Please don't forget... Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#8
December 26th 05, 02:30 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| 12/25/2005 01:55:03 | | Options: | /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL | /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML | "C:\MCAFEE\SCANREPORT.HTML" | | Scanning C: [] | Scanning C:\*.* | | Summary report on C:\*.* | File(s) | Total files: ........... 74349 | Clean: ................. 74320 | Possibly Infected: ..... 0 | Cleaned: ............... 0 | Non-critical Error(s): 1 | Master Boot Record(s): ......... 1 | Possibly Infected: ..... 0 | Boot Sector(s): ................ 1 | Possibly Infected: ..... 0 | | Time: 00:30.40 | this is all i get in the report it still seems as if the scan cant look in | the system 32 file to check for virus | sorry for the lateness of this reply but som holliday stuff has gotten in | the way | It's a clean report. As long as youi are logged in as the "administrator" or with an account with administrative rights it can scan *all* areas of the OS. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#9
December 26th 05, 07:32 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
i am logged in as admin so is there a next step something else i can try?
-- huch "David H. Lipman" wrote: From: "hucho" | 12/25/2005 01:55:03 | | Options: | /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL | /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML | "C:\MCAFEE\SCANREPORT.HTML" | | Scanning C: [] | Scanning C:\*.* | | Summary report on C:\*.* | File(s) | Total files: ........... 74349 | Clean: ................. 74320 | Possibly Infected: ..... 0 | Cleaned: ............... 0 | Non-critical Error(s): 1 | Master Boot Record(s): ......... 1 | Possibly Infected: ..... 0 | Boot Sector(s): ................ 1 | Possibly Infected: ..... 0 | | Time: 00:30.40 | this is all i get in the report it still seems as if the scan cant look in | the system 32 file to check for virus | sorry for the lateness of this reply but som holliday stuff has gotten in | the way | It's a clean report. As long as youi are logged in as the "administrator" or with an account with administrative rights it can scan *all* areas of the OS. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#10
December 26th 05, 08:24 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| i am logged in as admin so is there a next step something else i can try? | Are still having problems ? No Vundo Trojan was noted in the McAfee report. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#11
December 27th 05, 02:36 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
why is norton still finding trojan.vundo in sytem32 i still have a window up
on my screen that can't be closed all i can do is move it to a corner of screen where its out of the way -- huch "David H. Lipman" wrote: From: "hucho" | i am logged in as admin so is there a next step something else i can try? | Are still having problems ? No Vundo Trojan was noted in the McAfee report. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#12
December 27th 05, 03:04 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| why is norton still finding trojan.vundo in sytem32 i still have a window up | on my screen that can't be closed all i can do is move it to a corner of | screen where its out of the way That's a good question. Please find the Norton log file and copy and paste the pertinent information in your reply. I want to see exactly what file (fully qualified name and path of the file) is being declared to be infected by the Vundo trojan. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#13
December 27th 05, 04:50 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
Source: C:\WINDOWS\system32\ssssjokr.dll
here's what i copied out of the norton log directly huch "David H. Lipman" wrote: From: "hucho" | why is norton still finding trojan.vundo in sytem32 i still have a window up | on my screen that can't be closed all i can do is move it to a corner of | screen where its out of the way That's a good question. Please find the Norton log file and copy and paste the pertinent information in your reply. I want to see exactly what file (fully qualified name and path of the file) is being declared to be infected by the Vundo trojan. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#14
December 27th 05, 01:30 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
From: "hucho"
| Source: C:\WINDOWS\system32\ssssjokr.dll | here's what i copied out of the norton log directly | huch | The Vundo do generates random names and "morphs" constantly. However, I updated the tool Monday for that particular DLL and its removal. I ask that you download the updated version of WinFixerFix again and use it once again. This time it sould eliminate; C:\WINDOWS\system32\ssssjokr.dll Download WinFixerFix.exe from the URL -- http://www.ik-cs.com/programs/virtools/WinFixerFix.exe Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#15
December 28th 05, 04:36 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
trojan vundo in system 32
Virus Scan Report File
-------------------------------------------------------------------------------- Virus Scan Information -------------------------------------------------------------------------------- McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4660 created Dec 27 2005 Scanning for 167896 viruses, trojans and variants. -------------------------------------------------------------------------------- Virus Scan Results -------------------------------------------------------------------------------- 12/27/2005 17:12:38 Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /MIME /HTML "C:\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* C:\WINDOWS\desktop.html ... Found the AdClicker-AJ trojan !!! The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 74411 Clean: ................. 74381 Possibly Infected: ..... 1 Cleaned: ............... 0 Deleted: ............... 1 Non-critical Error(s): 1 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 00:24.23 -------------------------------------------------------------------------------- this was interesting as it found a trojan not before mentioned on any reports from this scan or norton scans also i ran both in norm and safe modes and watched the scan run carefully both times the norm mode did the usual showing the files as they were scanning and placing unable to open file messages after several files including ssssjokr.dll but when i ran in safe mode it did much the same except when it came to ssssjokr.dll it ran right past it without saying uable to open file but it didn' t seem to find the trojan vundo I tried in both modes twice -- huch "David H. Lipman" wrote: From: "hucho" | Source: C:\WINDOWS\system32\ssssjokr.dll | here's what i copied out of the norton log directly | huch | The Vundo do generates random names and "morphs" constantly. However, I updated the tool Monday for that particular DLL and its removal. I ask that you download the updated version of WinFixerFix again and use it once again. This time it sould eliminate; C:\WINDOWS\system32\ssssjokr.dll Download WinFixerFix.exe from the URL -- http://www.ik-cs.com/programs/virtools/WinFixerFix.exe Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| System Restore | badsgt | General XP issues or comments | 3 | December 13th 05 06:23 AM |
| USB Mass Storage Device - This device cannot start. (Code 10) | lobo201 | Hardware and Windows XP | 11 | November 26th 05 09:39 PM |
| System slow to respond | Marcie | Windows XP Help and Support | 3 | November 17th 05 01:09 PM |
| Problems with system restore failure after trojan attack. | Munka | Windows XP Help and Support | 28 | May 8th 05 05:00 PM |
| System Restore Points not available | Esmeralda | General XP issues or comments | 26 | May 4th 05 04:23 AM |
Linear Mode
