I have a spyware called Vundo BHW that won't go away

[Gntea]

Combofix is in that folder.

I'm now currently running a virus scan and I will post the results later.

[Blade81]

Hi

Let's try removing with a batch file.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here)
@echo off
c:
cd\documents and settings\Emily\Desktop
ComboFix /u

Double-click on fixes.bat file to execute it.

[Gntea]

My virus scan did not find any more viruses in my computer. My spyware scan did find some spyware it could not automatically delete:
KaZaA
Bifrost
Loadtrex A
Vundo BHW

I did delete them with my anti-spyware program. Although they aren't doing anything to harm my computer to my knowledge, I am wondering if I should worry about them if they keep popping up on my spyware scans but do not seem to harm my computer.

For the ComboFix, I did the batch file but it seems to be taking a long time to uninstall so I'm going to leave my computer on and go off to bed. I will check in the morning if it is still trying to uninstall.

[Blade81]

Quote:

My spyware scan did find some spyware it could not automatically delete:
KaZaA
Bifrost
Loadtrex A
Vundo BHW

Hi

Could you post results of your antispyware scan? I need to know what objects exactly it flagged with those detections.

[Gntea]

ComboFix did not uninstall even after I left it for 14 hours.

Okay here is my spyware scan report:

Spyware Report (12/8/2008 12:11:03 PM)
Scan Target Scanned Items Detected Spyware Items
Local Disk (C 181920 1
RESTORE (D 10 0
Local Disk (G 4659 0
Local Disk (K 23304 0
Cookies 148 48
Registry 32404 3
Memory 17 0
Total 242462 52



Spyware Type Item Action
WebTrends Spyware cookie C:\Documents and Settings\Emily\cookies\emily@statse.webtrendslive[1].txt Delete
KaZaA Registry hkey_users \S-1-5-21-3646181656-1281075794-927890586-1009\software\kazaa Quarantine
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[1].txt Delete
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[2].txt Delete
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[3].txt Delete
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[4].txt Delete
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[5].txt Delete
DoubleClick Spyware cookie C:\Documents and Settings\Emily\cookies\emily@doubleclick[6].txt Delete
Mediaplex.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@mediaplex[2].txt Delete
QuestionMarket.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@questionmarket[2].txt Delete
QuestionMarket.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@questionmarket[3].txt Delete
AtlasDMT.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@atdmt[1].txt Delete
AtlasDMT.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@atdmt[3].txt Delete
Zedo Spyware cookie C:\Documents and Settings\Emily\cookies\emily@zedo[2].txt Delete
Ads.SpecificClick.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@specificclick[2].txt Delete
PointRoll.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@ads.pointroll[1].txt Delete
PointRoll.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@ads.pointroll[2].txt Delete
TribalFusion.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@tribalfusion[1].txt Delete
TribalFusion.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@tribalfusion[2].txt Delete
TribalFusion.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@tribalfusion[4].txt Delete
2o7.net Spyware cookie C:\Documents and Settings\Emily\cookies\emily@msnportal.112.2o7[1].txt Delete
2o7.net Spyware cookie C:\Documents and Settings\Emily\cookies\emily@msnportal.112.2o7[2].txt Delete
2o7.net Spyware cookie C:\Documents and Settings\Emily\cookies\emily@msnportal.112.2o7[3].txt Delete
Com.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@com[1].txt Delete
BS.Serving-Sys Spyware cookie C:\Documents and Settings\Emily\cookies\emily@bs.serving-sys[1].txt Delete
Casalemedia Spyware cookie C:\Documents and Settings\Emily\cookies\emily@casalemedia[2].txt Delete
Serving-Sys Spyware cookie C:\Documents and Settings\Emily\cookies\emily@serving-sys[2].txt Delete
Ad.YieldManager.com Cookie Spyware cookie C:\Documents and Settings\Emily\cookies\emily@ad.yieldmanager[1].txt Delete
Ad.YieldManager.com Cookie Spyware cookie C:\Documents and Settings\Emily\cookies\emily@ad.yieldmanager[2].txt Delete
Ad.YieldManager.com Cookie Spyware cookie C:\Documents and Settings\Emily\cookies\emily@ad.yieldmanager[3].txt Delete
Tacoda cookie Spyware cookie C:\Documents and Settings\Emily\cookies\emily@tacoda[1].txt Delete
Tacoda cookie Spyware cookie C:\Documents and Settings\Emily\cookies\emily@tacoda[3].txt Delete
Bifrost Registry hkey_users \S-1-5-21-3646181656-1281075794-927890586-1009\software\wget Quarantine
rambler.ru Spyware cookie C:\Documents and Settings\Emily\cookies\emily@rambler[2].txt Delete
revsci.net Spyware cookie C:\Documents and Settings\Emily\cookies\emily@revsci[2].txt Delete
adlegend.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adlegend[2].txt Delete
adrevolver.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adrevolver[2].txt Delete
adrevolver.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@media.adrevolver[2].txt Delete
easyad.info Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adserver.easyad[1].txt Delete
euroclick.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adopt.euroclick[1].txt Delete
interclick.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@interclick[1].txt Delete
quantserve.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@quantserve[2].txt Delete
quantserve.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@quantserve[3].txt Delete
quantserve.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@quantserve[4].txt Delete
adecn.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adecn[1].txt Delete
cpmstar.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@server.cpmstar[2].txt Delete
turn.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@turn[2].txt Delete
adriver.ru Spyware cookie C:\Documents and Settings\Emily\cookies\emily@adriver[1].txt Delete
eyereturn.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@eyereturn[1].txt Delete
eyereturn.com Spyware cookie C:\Documents and Settings\Emily\cookies\emily@eyereturn[3].txt Delete
Loadtrex A Registry hkey_local_machine \software\xpre Quarantine
Vundo BHW Application C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNEXOh.dll.vir Quarantine

[Blade81]

Hi

Report looks ok Could you download ComboFix.exe again and then try uninstalling it with the batch file making sure that the file is saved on desktop?

[Gntea]

I tried to download it again but it was trying to remove the other one that is saved on my desktop. It tried to remove it but the progress bar stopped at 10/13. This is what always happens when I try to remove ComboFix.

[Blade81]

Hi

In that case delete following ComboFix related items manually

1) files:
ComboFix.exe on your desktop

2) folders (if found):
c:\ComboFix
c:\QooBox

[Gntea]

I have successfully deleted ComboFix as well as the files.

[Blade81]

Good

In that case I believe your case is ready. Unless there's something else please follow the final instructions in post #8 of this thread.