Collections:
Other Resources:
Partial Removal of Trojan Vundo
Partial Removal of Trojan Vundo
✍: Guest
1. Looked at C:\WINDOWS\system32, and found the following suspicious files:
>dir C:\WINDOWS\system32
10/02/2006 10:42 PM 86,068 fcissfvg.dll
10/03/2006 10:31 PM 86,036 lyssmlnb.dll
10/12/2006 09:52 PM 98,324 yjsallam.dll
2. Looked at IE > Internet Options > Programs > Manage Addon, found the yjsallam.dll entry, and disabled it.
3. Zipped all 3 suspicious files into a zip file, bho_200610.zip, and tried to delete them:
>del C:\WINDOWS\system32\fcissfvg.dll
(deleted)
>del C:\WINDOWS\system32\lyssmlnb.dll
(deleted)
>del C:\WINDOWS\system32\yjsallam.dll
(not deleted because it is in use)
4. Closed all Internet Explorer windows and File Explorer windows, and ran HijackThis:
Find and check the yjsallam.dll in the log
Click the "Fix checked" button
5. Ran HijackThis again:
Go to Config >> Misc Tools>> Delete a file on reboot
Select file: C:\WINDOWS\system32\yjsallam.dll
Click Yes to reboot the system
6. Verified the following places:
HijackThis report: clean
C:\WINDOWS\system32 directory: clean
Internet Explorer add-on list: clean
2008-12-30, 5424🔥, 0💬
Popular Posts:
I just installed the Windows 8 Release Preview on the Samsung slate that we attendees got at the MIX...
This tutorial shows you how to boost performance by stopping and disabling unnecessary services on W...
What are the commonly used background processes on Windows systems? A background process is a progra...
How to connect your computer to a wireless router? Here are the steps of how to connect your compute...
How to burn or record MP3 music files as audio tacks to audio CD (Compact Disk Digital Audio or CD-D...