Virus Fightin’


Wow, What a complete @#$*#@*& of a virus.

The virus in question was called Vundo (or at least a variant there of).

Steps taken;

  • Repaired Windows to get it to boot.
  • Ran Symantec AntiVirus – Found it! yay. Deleted? Yes! yay.
  • Reboot – virus is still there.
  • Turn off system restore – no system restore tab!
  • Run regedit to turn it back on – disabled.
  • Disabled System restore service – worked.
  • Boot into safe mode, install MalwareBytes anti-Malware app. As soon as it’s installed the app is deleted before I can run it! (virus is still there).
  • Downloaded Spybot, installed and ran OK. Yay! Ran full scan. It starts to catch stuff…
  • Brain fart… I downloaded and INSTALLED MalareBytes on another machine. Copied the application folder (after install) to thumb drive. Ran Malwarebytes directly from thumbdrive. It runs! Yay!
  • After that downloaded and installed AVG Free and ran deep scan on that.
  • Downloaded and installed Windows Defender. (free from Microsoft)
  • If, after turning off the system restore, (courtesy of MalwareBytes reactivation) running full scans with MalwareBytes, Spybot S&D, AVG as well as Windows Defender and it all comes up clean, then you’re home and free… This is where I got to and was able to recover the machine, however I’ve had to rebuild too many machines recently because of these $*&@#% viruses/Malware/Scareware/annoying programs.
  • If it still keeps coming back then it’s time to rebuild the machine I’m afraid.

Useful Links…

AVG Free


Spybot S&D

Windows Defender

Acronis (for whole machine backups including applications)


Tags: , , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: