Jump to content
feroz

Adware-vundo, trojan.fake-alert not removed?

Recommended Posts

Hello,

Yesterday i noticed that while opening internet explorer, for every click there was a new window opening and asking me to scan the computer, or opening an ad page. i have mcafee installed and it recognizes the issue and says trojan detected and quarentined, but i still get the same problem.

yesterday i installed SAS and ran a scan it displayed close to 5 items that are either adware or trojan related. i followd the steps and removed them but again whne i reboot, i still have the same problem. i have scanned the computer multiple times and everytime i see a list of items that are supposed to be removed and i remove them.

this is the latest list i got

adware.tracking cookie [5 items]

adware.vundo variant [7 items]

adware.vundo variant/Rel [5 items]

trojan.Fake-Alert/trace [1 item]

after removing them there is a big log created.

but after i reboot i run into same issue.

is there a solution to clean this?

i installed professional edtion too

but no luck yet.

i appreciate your help

let me know if you need more info.

Thanks

Feroz

Share this post


Link to post
Share on other sites

i downloaded SAS pro trial version and ran the scan in safe mode.

Today when i tested it, SAS displays an alert, but still the ad window comes up.

this is exactly what was happening with Mcafee suite too.

i heard a lot of good thing about SAS but unfortunately this is not working for me.

are there any steps i am missing?

Thanks

Feroz

Share this post


Link to post
Share on other sites

Just to let you know, you are not the only one that is having this problem. This horrible little piece of malware came on to my computer on November 26, 2008. I am getting similar results and the same trojan.fake-alert file coming up.

Other files that have come up and that have been deleted by superantispyware are keminazo.dll and vivodiha.dll. Now every time I start my computer a little box pops up and says that those files cannot be found. It appears that there is a program that upon start up looks for and trys to activate those programs but can not find them because they have been deleted. My guess is that this same hidden program is activating or reproducing other programs as well and this is why you are getting the same spyware or malware files coming back even though they are detected and repeatedly deleted whenever you run superantispyware.

The problem seems to be that the hidden program is currently unknown to superantispyware. I say this as a novice, I know very little about malware other than the fact that I need to get rid of this and get my computer back. What may be of help is to let you know that after I ran the "find out what is running on your computer" option in superantispyware which sends you to the file research center there were a number of files that came up as not identified. Within that group what looked suspicious to me were 2 files, namely bewukobe.dll and degukime.dll. Does anyone know anything about these files? Are they good guys that we need or are they malware?

Any info on this problem will be appreciated. Thanks all.

Share this post


Link to post
Share on other sites
Within that group what looked suspicious to me were 2 files, namely bewukobe.dll and degukime.dll. Does anyone know anything about these files? Are they good guys that we need or are they malware?

You should submit these files to SAS for analysis. They do not look like known names to me. When googled, nothing shows up which a good sign they are probably malicious.

You can also run them through a jotti scan for an immediate analysis.

http://virusscan.jotti.org/

Share this post


Link to post
Share on other sites
Try scanning using SAS PRO with your system booted into SAFE MODE.

You mean to say that the paid for PRO version works better at cleaning and detecting than the free version?

If so, arg!

Share this post


Link to post
Share on other sites

Nope...the use of free SAS scanner is the same as the Pro version. The Pro version implements realtime protection...the scanners are the same.

Share this post


Link to post
Share on other sites

It is definitely hazardous to run without full realtime protection...scanners detect infections after the fact...realtime protection blocks them before they entrench on your system. Avira free, SAS free, and MBAM free have no full realtime protection.

Share this post


Link to post
Share on other sites

Yeah, I know I need a real time scanner, it's just a matter of which one.

When I tried MBAM and ran a scan, it picked up a couple of item SAS didn't, but for some reason, wouldn't quarantine them even though it said it did. According to them, it's an uncommon problem (system specific) and won't be fixed as they can't duplicate it.

Avira free does pick up Antivirus 2008 and 2009 though, just some FYI.

Thanks.

Share this post


Link to post
Share on other sites

A very strong combination would be Avira Premium or Avira Internet Security Suite, SAS PRO, and MBAM free. You can upgrade from SAS free to SAS PRO for $19.95 and for an additional $9.95, you get a lifetime subscription.

Share this post


Link to post
Share on other sites

Hmm,

I guess I missed something as I thought the $19.95 was a one time fee.

Does that fee cover more than one computer? I have two.

Share this post


Link to post
Share on other sites
Hmm,

I guess I missed something as I thought the $19.95 was a one time fee.

Does that fee cover more than one computer? I have two.

The $19.95 special covers a single computer and you don't pay again for updates or upgrades.

Share this post


Link to post
Share on other sites

I am relatively unfamiliar with the workings of computers and was wondering if anyone knows how to see what programs or files are being started upon booting up. It seems there is a program that resides silently until startup and then starts various malware which produces the adware-vundo and trojan-fake alert on my computer. Would this program show up in some sort of start menu and how do I access it to look for suspicious files?

I am still trying to get rid of this garbage. I ran SAS in safe mode, it sees the malware, erases it which necessitates rebooting to erase it completely and then upon rebooting the malware files regenerate and come right back.

any info or ideas will be most welcome

Thanks

Share this post


Link to post
Share on other sites

Hi, you guys listen i know that there's been a new computer virus going around and stuff like that. but what i think we need to do is have someone investigate who create's these virus's and find ways of traceing these people that do this. especialy the person who created this virus

with the keminazo.dll. this virus is really bad and i think the person who created it should serve some time in jail.

Share this post


Link to post
Share on other sites

i opened a ticket with the support group and got a mail asking to collect some diagnostics. Today i ran that program and sent the diagnostics. i will wait for the response and keep u posted. The problem still exists and it is annoying.

Feroz

Share this post


Link to post
Share on other sites

Success at last

last night i downloaded the latest version of SAS. in my earlier tries it was not downloading the latest definitions. SAS provided a new link along with my problem ticket which helped me download the latest definitions.

now i think my computer is virus/spyware free. I will test it for another day and keep you all posted.

well i can say now "IT WORKED"

Feroz

Share this post


Link to post
Share on other sites

Glad to hear the good news feroz. I had the same problem and it seems that after downloading the definitions update on Dec. 5, 2008 and running SAS the problem went away. After running those definitions I got the usual messages from SAS that there was the vundo and trojan fake alert but after removing with SAS they did not come back on the reboot as they usually do.

Please keep us posted as to your continued success. I will do so also.

I still am getting messages on reboot from the operating system telling me that it cannot find certain files to start them namely vivodiha.dll, dewukobe.dll and keminazo.dll. I wish someone could tell me how to stop my computer from trying to start these every time I reboot. It seems to be more of an annoyance now since SAS removed them when this problem started. Obviously this piece of spyware created several attacking files.

Anyway, I am very happy to see that when I ran SAS last night the vundo and fake alert was gone.

Thank you Pandato for helping feroz and us all to get rid of this terrible threat. I recommend SAS every time spyware progams come up in conversation.

thanks, mrmorse

Share this post


Link to post
Share on other sites

My computer picked up the infamous Adware.Vundo Variant/Rel and Trojan.Fake-Alert/Trace today. I tried using my AVG Anti-Spyware to remove and it didn't do anything. After some research on the Net. I downloaded and installed SUPERAntispyware Pro trial and installed it. Ran a scan, rebooted and my problem was solved! I'm sold. I will pay for SUPERAntispyware Pro now so that I have it for good. I am a very happy camper! Good job. Thank you! :D

Share this post


Link to post
Share on other sites
My computer picked up the infamous Adware.Vundo Variant/Rel and Trojan.Fake-Alert/Trace today. I tried using my AVG Anti-Spyware to remove and it didn't do anything. After some research on the Net. I downloaded and installed SUPERAntispyware Pro trial and installed it. Ran a scan, rebooted and my problem was solved! I'm sold. I will pay for SUPERAntispyware Pro now so that I have it for good. I am a very happy camper! Good job. Thank you! :D

You are more than welcome! Enjoy the product and please tell your friends!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...