Hi,

I am using BitDefender Free Edition, Adware, and Spybot..Still my machine is infected with Trojan.Vundo.EGL . It is associated with the file fccyaYSM.dll in Windows/System32

What is this stuff..?? My machine is a bit slow..Earlier Spybot detected almost 16 entries under the same name and fixed it..but a recent scan with bitdefernder shows the presence of above entry.It can't disinfect,delete or move it to quarantine...

Anyone knows how to fix it..??

you should scan in safe mode...

if still doesn't work out, download pc doctor from pack.google.com and scan in safe mode.

_

How about deleteting the file manually ?

^^^
wont work as they will be already loaded and cos of that there will be a lock on the file


_

Use Unlocker http://ccollomb.free.fr/unlocker/ to unlock locked files :D

^^^^
yeah (process explorer will also be useful in this case) but you dunno for sure which all are virus files :p


_

Thanks for the reply guys..But not yet..
I fixed it using Symantec FixVundo 1.5
The report generated said :

The total number of the scanned files: 157302
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0

Well, I restarted my machine and then came the error message from windows saying that two modules couldn't be started because
ssvtvnko.dll and suhvafoh.dll were missing.

Few hours back I started my browser and was writing to you guys and again suddenly browser automatically closed...the system turned slow too

Back to Spybot scan and again found that the machine is infected with Vundo and two more new malware .Fixed it and scanned it again to show it's presence again.

Any idea how to fix this PERMANENTLY..?? Things have gone to that extent that I am suspecting even spybot and adaware (I can't format my machine at this point :-( Plenty of data scattered across)

Here I am attaching the Spybot report

Anyone plz help

can you please say whether did you scan in safe mode ???


_

can you please say whether did you scan in safe mode ???


_

No digital dude.. lt wasn't mentioned in FixVundo 1.5 ..And they said it did the job succesfully..Anyway I am checking the safe mode option..Talk to u soon.

just reboot and press F8 man (right after the BIOS post screen) you will get options to boot windows in safe mode.. choose that and you will boot into windows safe mode... then run the scan now it will clean everything ;)


_

I know that digital dude. and I did it.. Ran FixVundo from Symantec in Safe Mode but sadly it couldn't find any. Now I have to tell you i tried PC Tools Spyware Doctor before tring safe mode which detected a few after Spybot fixing. Interestingly when fixed you can see several command windows opening in random and closing...They are so fast so I couldn't get any details
The machine is slow now...

.Anyway I am attaching the FixVundo Log.

sorry mate just posted cos some ppl might not know that also :p
and this is a pretty old trojan virus :D

sadly theres no trace of finding it in the log :(

try the following link:
http://forums.techguy.org/malware-removal-hijackthis-logs/406823-solved-trojan-vundo-virus.html


btw for me a safe-mode scan with spybot and norton virus scan will remove everything... dunno much about stuff which doesn't go easily even after this step :(

_

thanks dude..tired now...will check after a few hours