shtyra Posted April 3, 2010 Hello all. I am having a problem removing Vundo/variant. Some basics first; I run the following on my laptop, Windows XP, Avira free edition, Malwarebytes free edition, Zonealarm firewall free edition and SuperAntispyware Professional edition. My problem started yesterday after n.exe requested permission from ZoneAlarm to access. I denied permission but as soon as I did that IE windows started popping up. (I run Firefox) I immediately closed my browser figuring an infection. I tried to run Malwarebytes and the .exe file was missing. I then tried to run SuperAntispyware Professional edition, which ran fine, and it popped up 24 infections all with Vundo/variant or some variation of. I quarantined all, rebooted and ran the program again, it ran clean. I then ran Avira free edition antivirus and it ran clean. I reinstalled Malwarebytes and ran that and it detected 6 Vundo variation, which I quarantined. Ran again, clean. Ran SuperAntispyware again, it ran clean. I then opened Firefox and checked a few sites (known news sites approved by McAfee siteadvisor) and in about 1/2 hour n.exe requested permission again. I denied the request and IE windows started popping up. Hibernated for the night and in the morning I googled n.exe to find it is a known malware/spyware and rather nasty. I made sure SAS, MWB and Avira were updated and tried to run MWB. Of course the .exe was missing. I ran SAS and the same 24 detections as yesterday popped up. It was like deja vu. I followed yesterdays process of running SAS, Avira and MSB until clean. I then navigated to where ZoneAlarm told me n.exe was located and it was still there. I scanned the file with all three and none detected it as malicious. Which would be fine, except I'm still having reinfections and I suspect n.exe is the cause. Help! Any advice on how to get rid of this nasty bugger? Share this post Link to post Share on other sites
Seth Posted April 4, 2010 Hi Shtyra. You have a couple of options: 1) Submit a SuperAntiSpyware Customer Support Request: https://www.superantispyware.com/csrcreateticket.html The SAS team can then analyze the infection and make appropriate changes. 2) Run ComboFix from Safe Mode: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Share this post Link to post Share on other sites
shtyra Posted April 4, 2010 Hi Seth, thanks for the reply. I've run ComboFix on the suggestion from another site (majorgeeks) and they are analyzing the log. So far so good. If I still have problems, I will contact Support. Thanks again for the reply. Share this post Link to post Share on other sites