Bad Case of Vundo Trojan

[SkaterKid]

I just downloaded a Java and the Javac compiler for my computer. Shortly after this I my computer started to act very strange. Immediately after this happened my anti virus Avast picked up over a dozen infected files on a routine scan. I downloaded Malware Bytes, spybot search and destroy, HijackThis and Ad-aware. All concluded that my computer was infected with a newer version of the common Vundo virus which came in through my newly added java packages. Recently it started changing many of my registry keys, can anyone help me get rid of this virus I have not deleted any files or registry keys yet in fear it would make things worse . Please help me restore my system.

[IncandescentLight]

There is a way to "restore" all your files and get rid of the trojan. Go to Start>All Programs>Accessories>System tools>System Restore and restore your computer to a date BEFORE you had the trojan.

[Andomis]

What IncandescentLight said is mostly true, however it doesn't really restore all of your files, nor is garenteed to remove the trojan. It will only reset the main vital system files, installed programs (as long as they are recorded- however viruses can mask these by deleteing the entries), and your "personal" data found in your user profile. I would suggest attempting it however, followed by resetting your registry values by pressing f8 on boot up, then selecting last known good configuration- it will auto load the registry keys (only from HKLM\System\CurrentControlSet- so it might not help either) and drivers from about a week before normally (or the day before the 'restore point'). Following this I would suggest running the normal antivirus/spyware removal programs to see if they can remove any other occurances.

Also google the specific findings after you have done this, and see if there are manual removal processes that you can follow to make sure you get rid of the infections.

Good Luck,
Andomis

[SkaterKid]

Well there are a couple of problems with these suggestions I would just like to point out. System restore is out of the picture, I have no recovery partition on my computer ( I think it was labeled D:/ ). I gave it up when I installed Linux and never really re-assigned a recovery partition. I am not sure if that effects system restore but I no when I press f8 and try to do a system recovery it runs an error simply saying there is no recovery directory. That being said I am running Linux which means if someone was willing to give me a list of files, registry entries and other infected objects I could probably just disassemble this virus without even coming close to booting windows. Second concern comes with manual removal, I would love to remove this manually. I consider my self to be somewhat a "power user" and would be more than comfortable deleting it in a command prompt or through safe mode. The problem I have found with this is there are so many different versions of Vundo, so therefore there are so many different processes to get rid of it many which don't apply to newer versions of the virus. Now would it be smart to just start deleting files and registry entries that may not even apply to the version of the virus that I have? What should be the next step, I know if I delete some of the files it comes back on reboot. Dose anyone know the registry keys I should delete to stop this from happening?

[Muskelmann098]

Take a look at this: http://www.symantec.com/security_respon ... 99&tabid=3

I didn't have time to read through, but it looks like it could be useful.