Need adware removal help

  • diggsthis
  • Born
  • Born
  • diggsthis
  • Posts: 1

Post 3+ Months Ago

I am having a problem with "vundo" or "virtumundo" adware and have followed some of the instructions in the thread (http://www.ozzu.com/mswindows-forum/del-457-adware-t32369.html) that were within my capability.

I am running Windows XP Home and have McAfee Intenet Suite 6, AOL's anti adware, Spybot S&D, AdAware SE.

It seems the trojan (originally del-457) has installed a program named dnsdrv.exe that is eating up my RAM and makes everything run slowly. Task manager shows the CPU performance changing in a sin curve, corresponding to the dnsdrv.exe file CPU usage. I delete it with task manager and it immediately starts up again, too quickly to delete it.

McAfee says it cannot clean, delete, or quarantine it. Privacy Defender did no better. I have tried scanning with Windows in 'safe mode' (whatever difference that makes) and tried disabling system restore, all to no effect.

I tried stopping the program using the dos prompts taskkill and pskill, neither of which was recognized, giving the error "this is not an internal or external command,operable program or batch file."

Trying to delete the file without first stopping it results in an "access denied" message.

The file is not hidden. I tried the recommended "attrib -a -h -r" without success.

I have been subject to this problem for three weeks, trying to resolve it for the past 1 week.

What can I do to get rid of that file?

Any help is much appreciated.

John
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I split your topic out into it's own so it has better visibility. Be patient while people look at your problem and try to help with answers.
  • DevLHuntr
  • Novice
  • Novice
  • DevLHuntr
  • Posts: 16

Post 3+ Months Ago

what windows os are you using? When you are trying to remove anything like that, always go into safe mode because it is less likely to load drivers and settings that are infected. Try using Stinger tool(mars.utm.edu/~brikferg/files/stinger.exe) I believe this is made by mcafee also but might clean it up for you. If this is a virus or similar, all the adware removal tools in the world aren't going to help you. Also make sure you definitions are up to date, thats with spybot, adware, virusscan. I can't stress this enough. I can't count how many times an up to date definitions fixed a problem that should have been easy. Let spybot run "next time you start windows" Since this will run before windows loads
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

diggsthis -- if you are still having problems read and follow the instructions here:

http://www.ozzu.com/sutra133028.html#133028

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 86 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.