Jump to content
Sign in to follow this  
Jadwiseman

Vundo varient has me stumped

Recommended Posts

Hi there,

I'm having a little bit of a problem with what i'm pretty sure is a new varient of Vundo... and it's smarter than any other that i've come across. Usually you would get the blocked registry, task manager, msconfig... ect and many popups warning that your infected, some even changed my system clock to say "VIRUS!!!" ... which was pretty cool actually, but SuperAntiSpyware would always be the key factor in repairing the system and getting rid of it all.

Now i've had one that caused my system to BSOD while running SuperAntiSpyware, the scan had already detected three seperate infections, one being something to do with smitfraud? or something... and since then I haven't been able to boot into my OS... I can get past post but it will automatically restart, safe mode loads to the point that it asks me if I want to system restore or not and then will reboot. This things also changes my 'Administrator' password everytime I try to change it to something else so I can't login via that account or login to the OS in the Recovery Console.

The only solution so far that has worked is Winternals... from here I can access my drives and registry and have managed to delete some stuff from the "run" folders and some new system32 baddies... but I still cannot boot into the OS normally or via safe mode? Through Winternals I have been able to access and run SuperAntiSpyware and do a scan, but it hasn't picked up a thing. Is there anyone that can help? or know of somewhere where people could help?

Thank you

Share this post


Link to post
Share on other sites

I'm not a professional subscriber so I cannot open a support ticker unfortunately.

I also thought of slaving the drive, but I don't have a spare SATA driver around nor do I have the time to install a new operating system just so I can slave the drive...

Latest developments:

I have decided to do a repair installation of windows to see if I can actually boot into the system, it worked but now as starting up the system wil BSOD:

*** AfwCore.sys - Address B734C271 base at B7338000, DateStamp 499c0da4

This is apparently related to something called Outpost Firewall... in which I do not have... I still get the system reboot whenever going into safe mode. Ideas?

Share this post


Link to post
Share on other sites

Thank you very much, i've now opened a support ticket.

Update:

I've managed to solve the BSOD issue with AfwCore.sys and can get to the logon screen, but when I logon (before explorer loads) the computer will reboot, as it does when I load into safe mode... ideas?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×