Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP

Partial Removal of Trojan Vundo

Q

Partial Removal of Trojan Vundo

✍: Guest

A

1. Looked at C:\WINDOWS\system32, and found the following suspicious files:
>dir C:\WINDOWS\system32
10/02/2006 10:42 PM 86,068 fcissfvg.dll
10/03/2006 10:31 PM 86,036 lyssmlnb.dll
10/12/2006 09:52 PM 98,324 yjsallam.dll

2. Looked at IE > Internet Options > Programs > Manage Addon, found the yjsallam.dll entry, and disabled it.

3. Zipped all 3 suspicious files into a zip file, bho_200610.zip, and tried to delete them:
>del C:\WINDOWS\system32\fcissfvg.dll (deleted)
>del C:\WINDOWS\system32\lyssmlnb.dll (deleted)
>del C:\WINDOWS\system32\yjsallam.dll (not deleted because it is in use)

4. Closed all Internet Explorer windows and File Explorer windows, and ran HijackThis:
Find and check the yjsallam.dll in the log Click the "Fix checked" button

5. Ran HijackThis again:
Go to Config >> Misc Tools>> Delete a file on reboot
Select file: C:\WINDOWS\system32\yjsallam.dll
Click Yes to reboot the system


6. Verified the following places:
HijackThis report: clean
C:\WINDOWS\system32 directory: clean
Internet Explorer add-on list: clean

2008-12-30, ∼6042🔥, 0💬

Administration Adware Spyware Apache Bluetooth DOS Commands Edge General Internet Connection Internet Explorer Media Center Media Player Mozilla Firefox MS Access Performance PHP Programming Security Silverlight Tips Tools Tutorials Windows 10 Windows 7 Windows 8 Windows Phone Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Vista Windows XP