nightowl
02-26-2006, 06:56 PM
3 different fixes to try.
1st Fix
Remember the Bad file is not always ssttt.dll It could be 5 different letters alltogether,The CLSID numbers may be different also. They will show on your Hijackthis Log as an 02 and a 020 like the example in bold below.
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
http://www.atribune.org/downloads/VundoFix.exe
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
QUOTE
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net
At this point press enter one time.
Next you will see:
QUOTE
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\ssttt.dll
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
QUOTE
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\tttss.*
This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ssttt.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
http://www.pandasoftware.com/products/activescan.htm
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
2nd Fix
Download VirtumundoBegone and save it to your desktop.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Reboot your computer into Safe Mode
Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.
Exit when it has finished
Now run HijackThis and see if any of the symptons above remain. If the entries have "(file missing)" at the end, it can be fixed.
3rd fix
If the infection appears to still be active then please download the following tool and save it to your desktop.
Symantec Vundo Removal Tool
http://securityresponse.symantec.com/avcenter/FixVundo.exe
Reboot your computer into Safe Mode
Then double click the tool you just downloaded and follow the instructions.
Exit when it has finished
This thread is Closed, If this doesnt fix your problem Please Post your HijackThis Log on the Message Board
http://forums.designtechnica.com/forumdisplay.php?f=94
1st Fix
Remember the Bad file is not always ssttt.dll It could be 5 different letters alltogether,The CLSID numbers may be different also. They will show on your Hijackthis Log as an 02 and a 020 like the example in bold below.
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
http://www.atribune.org/downloads/VundoFix.exe
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
QUOTE
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net
At this point press enter one time.
Next you will see:
QUOTE
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\ssttt.dll
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
QUOTE
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\tttss.*
This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ssttt.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll
After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
http://www.pandasoftware.com/products/activescan.htm
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
2nd Fix
Download VirtumundoBegone and save it to your desktop.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Reboot your computer into Safe Mode
Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.
Exit when it has finished
Now run HijackThis and see if any of the symptons above remain. If the entries have "(file missing)" at the end, it can be fixed.
3rd fix
If the infection appears to still be active then please download the following tool and save it to your desktop.
Symantec Vundo Removal Tool
http://securityresponse.symantec.com/avcenter/FixVundo.exe
Reboot your computer into Safe Mode
Then double click the tool you just downloaded and follow the instructions.
Exit when it has finished
This thread is Closed, If this doesnt fix your problem Please Post your HijackThis Log on the Message Board
http://forums.designtechnica.com/forumdisplay.php?f=94