Collections:
Other Resources:
Partial Removal of Trojan Vundo
Partial Removal of Trojan Vundo
✍: Guest
1. Looked at C:\WINDOWS\system32, and found the following suspicious files:
>dir C:\WINDOWS\system32
10/02/2006 10:42 PM 86,068 fcissfvg.dll
10/03/2006 10:31 PM 86,036 lyssmlnb.dll
10/12/2006 09:52 PM 98,324 yjsallam.dll
2. Looked at IE > Internet Options > Programs > Manage Addon, found the yjsallam.dll entry, and disabled it.
3. Zipped all 3 suspicious files into a zip file, bho_200610.zip, and tried to delete them:
>del C:\WINDOWS\system32\fcissfvg.dll
(deleted)
>del C:\WINDOWS\system32\lyssmlnb.dll
(deleted)
>del C:\WINDOWS\system32\yjsallam.dll
(not deleted because it is in use)
4. Closed all Internet Explorer windows and File Explorer windows, and ran HijackThis:
Find and check the yjsallam.dll in the log
Click the "Fix checked" button
5. Ran HijackThis again:
Go to Config >> Misc Tools>> Delete a file on reboot
Select file: C:\WINDOWS\system32\yjsallam.dll
Click Yes to reboot the system
6. Verified the following places:
HijackThis report: clean
C:\WINDOWS\system32 directory: clean
Internet Explorer add-on list: clean
2008-12-30, ∼6333🔥, 0💬
Popular Posts:
How to configure Apache server to run PHP engine as a loaded module on Windows systems? If you have ...
How to use IMDisplay to display an image file? If have image file called wizard.jpg and want to use ...
What is Microsoft Research Extra Toolbar Button and Extra Tools Menu Item for Internet Explorer (IE)...
Can I register my computer later? I don't want to register my computer during the initial Windows 7 ...
What is "ASP.NET State Service" in my Windows 7 service list? And how is "ASP.NET State Service" ser...