Tr/vundo.gen

[lady_rysher 0]

salam...

nk mintak tolong sume camne nk remove virus ni TR/Vundo.Gen...now my C;D;E;F can't open when sy double click..nanti dia keluar another window 'Open With: , choose the program you want to use to open this file'...

[baok 0]

Please download from Flash_Disinfector by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

---------------

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

--------------------

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• Please let your firewall allow the scanning/downloading process.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator

Post me these logs in your next reply..

1. Malwarebytes'

2. Deckard System Scanner (both main.txt and extra.txt)

[lady_rysher 0]

[sHäm 4]

..kenapa x buat yg simple aje..update AV kau..Scan ..pastu scan guna

Spyware Doctor @ Trojan Remover ke..pastu fix registry kau guna Tune Up ke..pastu tgk le result mcmana..

[baok 0]

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter

• Click on the Scan button.
• Select everything it is displaying there
• Click the Fix button.
• Then rescan with DAFT again - it should say now that "All associations are OK"
• Close DAFT if you receive that message. This means that it is fixed now.

--------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

  [kill explorer]
  C:\WINDOWS\system32\ckvo1.dll
  C:\WINDOWS\system32\ckvo.exe
  H:\1rfw8hjr.com
  I:\1rfw8hjr.com
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kamsoft
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cf3c95a-3b59-11dd-9c5d-0018de041a9c}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d659d49e-17f2-11dd-9bf4-0018de041a9c}
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcf9d262-19b0-11dd-9bf8-0018de041a9c}
  EmptyTemp
  purity
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

---------------

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT

• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives

Scan Mail Bases

Click OKNow under select a target to scan:

• Select

My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

Save the file to your desktop.Copy and paste that information in your next post.

Post me the following logs in your next reply..

1. OTMoveIt2

2. Kaspersky Webscanner

3. A fresh DSS log (after Kaspersky step..)

4. Tell me about your computer behaviour...

[lady_rysher 0]

adeh...my laptop is now officially lingkup...x boleh load window..it say "NTLDR is missing..please press any key to reboot"....anyway thanks for the help....

terima kasih

[baok 0]

adeh...my laptop is now officially lingkup...x boleh load window..it say "NTLDR is missing..please press any key to reboot"....anyway thanks for the help....

terima kasih

huh?? bila kena tu? selepas atau sebelum OTMoveIt2 step?...

rujuk laman web di bawah utk NTLDR is missing...

http://forum.lowyat.net/index.php?showtopi...6&hl=ntldr#

[sHäm 4]

..sepatutnya simple aje..

[lady_rysher 0]

selepas buat sume tuh...ble shutdown then nk on balik trus x leh load win....thanks for the info..nanti try buat..

ala...x simple la...complicated gk..sy dh try dh update av sume..sblm ni sy gune avg, lg la x leh nk detect langsung trojan tuh...bile change pada avira bru boleh detect...dh bpe banyak av yg sy install n uninsntall sume xleh..

[sHäm 4]

selepas buat sume tuh...ble shutdown then nk on balik trus x leh load win....thanks for the info..nanti try buat..

ala...x simple la...complicated gk..sy dh try dh update av sume..sblm ni sy gune avg, lg la x leh nk detect langsung trojan tuh...bile change pada avira bru boleh detect...dh bpe banyak av yg sy install n uninsntall sume xleh..

..tu kan dah simple bunyinya..pemilihan antivirus penting..x semua antivirus sama..think

about it....

[baok 0]

selepas buat sume tuh...ble shutdown then nk on balik trus x leh load win....thanks for the info..nanti try buat..

ala...x simple la...complicated gk..sy dh try dh update av sume..sblm ni sy gune avg, lg la x leh nk detect langsung trojan tuh...bile change pada avira bru boleh detect...dh bpe banyak av yg sy install n uninsntall sume xleh..

be more specific please.. after which step actually?

Do you have Windows CD?

Boot with your Windows CD and then do below..

1. Masukkan CD Windows ke dalam CD/DVD drive

2. Boot computer dari CD

3. Nanti akan ada Welcome to Setup menu. Tekan R untuk Recovery Console. Sila rujuk laman web di bawah untuk mengetahui caranya..

http://www.webtree.ca/windowsxp/repair_xp....very%20Console:

4. Kemudian dia akan tanya "Which Windows installation would you like to log onto". Pastikan ada 1: X:\WINDOWS.. (X:\ ialah directory untuk Windows). Then tekan 1 dan Enter. Kalau tak ada 1: X:\WINDOWS stop dan inform kat sini..

5. Dia akan mintak Administrator password.. Enter Administrator password.. Just tekan Enter sekiranya tiada Administrator password..

6. Kemudian, taip command di bawah dan press Enter

copy drive:\i386\ntldr c:\

copy drive:\i386\ntdetect.com c:\

Gantikan drive dengan huruf untuk drive cd anda (contoh E)

7. Kemudian taip exit dan tekan Enter.. Keluarkan CD Windows

8. Cuba boot Windows secara Normal dan bagi tahu result dia di sini..