I use McAfee Security Center and it has indentified a vundo.gen.ab trojan that it can't delete.  Need help removing.
file name referenced in the scan results is c:\windows\system32\sarisamo.dll Not sure what that means. I'm using Windows XP.
November 3rd, 2009 5:54am

<edit> The forum in which you'd originally posted (thread has been moved since)</edit> is dedicated to "Scanning, Detecting, and Removing Threats" with the application named Microsoft Security Essentials, not McAfee Security Center.That being said...NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Microsoft PCSafety provides home users (only) with no-charge support in dealing with malware infections such as viruses, spyware (including unwanted software), and adware. https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 Otherwise... 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it. 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm 2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm 3. Now run a thorough check for hijackware, including posting requested logs in an appropriate forum, not here. Checking for/Help with Hijackware: http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://www.elephantboycomputers.com/page2.html#Removing_Malware **Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php or other appropriate forums.** If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. ~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
Free Windows Admin Tool Kit Click here and download it now
November 3rd, 2009 10:02am

Or instead you can go to Start > Run > Command Prompt> Regedit.exe This will open up your registry files. DO NOT MESS WITH ANYTHING ELSE IN THE REGISTRY YOU CAN POTENTIALLY RENDER YOUR COMPUTER INCAPABLE. Do CTRL-F and type in c:\windows\system32\sarisamo.dll Then if you want to you can delete this file and this might solve your trojan issue. Prompt me as soon as you can -Apollo24
November 4th, 2009 8:41pm

@Apollo24: I can assure you that messing about in the Registry and/or deleting... %windows%\system32\sarisamo.dll <=this file will NOT correct all hijackware-related issues.~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2009 12:35am

Well PA Bear, you have me confused then. Apollo 24 tells me to do one thing, but you tell me it won't work. Your rather lengthy instructions posted last Tues seemed quite complex and now I'm wondering what to do. What would a computer shop do that my McAfee doesn't already do? I tried downloading another virus removal program and ran a full scan, but it too did not remove the vundo.gen.ab file.
November 9th, 2009 8:34pm

What would a computer shop do that my McAfee doesn't already do? I tried downloading another virus removal program and ran a full scan, but it too did not remove the vundo.gen.ab file. Your system has been compromised by hijackware that your McAfee application didn't protect you from and which it can neither detect nor remove. In all likelihood, the shop would basically do Steps #1 & #2 in my first reply; then, if necessary, they'd either use other utilities and their own forensic knowledge to identify and remove all of the hijackware or they'd format your HDD & reinstall Windows.Since your system is already infected, its doubtful that any other anti-virus and/or anti-spyware applications would even install correctly now.You can follow Apollo24's suggestion if you wish but $10 says doing so won't help. Good luck!~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2009 9:43pm

PA Bear, please clarify what "NB" means in step 1 of your first post.
November 9th, 2009 11:37pm

PA Bear, please clarify what "NB" means in step 1 of your first post. See http://lmgtfy.com/?q=nb+abbreviation~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2009 11:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics