How To Fix Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

TIP: You should click here to fix Windows errors and optimize system speed.

Disk related errors are often the main cause of the File System Errors in Windows operating system. This mostly can be attributed to issues like bad sectors, disk integrity corruption or other related problems. With a huge software system like Microsoft Windows that is designed to perform an extremely large number of tasks, errors that concern the file system is to be expected at some point.

Some of these errors can also be caused by third party softwares, especially those that depend on Windows Kernel in order to run. Common users can also trigger such file errors with heavy use.

From the Forums

A user in the forum details it further:

Please continue here:   All I know is that my new computer has detected the Trojan files listed in the subject and I don't know how to get rid of them. I am running Vista premium and this is my first post, so I need to know what I can do to remove this stuff before it starts wreaking havoc.

What causes Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Most of these file errors can be fixed easily by applying the most recent software updates from Microsoft. However, sometimes, certain type of errors can be hard to repair.

For the more complex file system error issues, common solutions include the following:

  • Resetting Windows
  • Doing system file maintenance repairs
  • Clearing the Windows Store Cache
  • Repairing Component Store
  • Reinstalling Windows Apps

You can also use the System File Checker tool in order to fix corrupted and missing system files. Meanwhile, Check Disk chkdsk can also be used to verify file system integrity and to locate bad sectors on your hard drive.


More info on Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

RECOMMENDED: Click here to fix Windows errors and optimize system speed.

Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

My computer has not started acting up on me or anything, so this is all that I can assume.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 8/16/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Vundo Trojan Detected

Thank You! Below is the copy of the system scan, with the extra.txt attached. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [tg...

Detected: Vundo!grb (Trojan)

And my HDD is constantly working quietly on something.

I have the Vundo!grb trojan and Mcafee detects it, says it removes it, but its lying. DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 9:34:07.34 on Sat 03/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1358 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Comm...

Vundo Trojan detected. Need help

If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner.
Sorry for the delayed response. However...

panda scan didnt read it as vundo trojan, but i do know which file have been causing tremdenous problems for me.

Okay, i have completed a scan
My mcfee detected this file and readed it as a vundo trojan.

Trojan Vundo Detected

Please help me or I will go insane.
This pop up keeps coming up that Mcafee has detected the Vundo Trojan in C:\WINDOWS\system32\geeba.dll and supposedly it has removed it. I restart my computer like Mcafee asks me to but the message keeps coming up.

Vundo and Trojan detected by McAfee

Would be great if somebody let me know if we are now good to go,

cheers. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
End of file - 7025 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:19, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Vi...

Zlob Detected By Spyhunter

We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. I only have one user account on this laptop and I noticed I get that message a lot. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please note that your topic was not intentionally overlooked.

My explorer.execrashes frequently and it's very annoying.Also when I ran the Spybot Search & Destroy it found some stuff and when I tried to fix it, it said I needed to log on under administrator privileges and I already am. Please...

trojan.vundo -- most recent, detected 12/20/12, quarantined

Not all features of programs are working. Who can do this?3) wlanapi.dll is missing. Other installed programs: Spybot, Malwarebytes, HJT, CCleaner, Mini toolbox, FSSPosted 12/20/121) attempted to reinstall SP3 ---> it FAILS when it reaches the need to copy Beethovens symphony No. 9.wma. Defrag reported some files could not be defragged but report did not list file names.

All Users folder is still inaccessible. Inserted OP disk and received:"The option to upgrade will not be available at this time because set-up was unable to load the file D:/i386/WINNTUPG/NETUPGRD.DLL. KB977914 failedWHAT I'VE DONE SO FAR:Ran disk clean up and defrag.Ran "Check System Compatibility" feature from XP OP disk (all OK)Uninstalled SP3 - In retro spec, I believe I should have never done this. Do I need to copy all of the i386 folder from CD (WINXP, SP2) and replace the one on PC?I'm no expert for sure, but I'm really believing the many nuisance problems are all related to registry entries being incorrect or corrupted; and further believing there is a simpler fix than reinstalling the OP system.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. Per report all were fixed successfully. Click the Watch This Topic button at the top on the right. Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible.

Folders are set to re...

Trojan.vundo Virus Detected But Still Have Problems

Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix: ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of ma...

XP Slowdown TROJAN VUNDO TROJ_VUNDO.IFH Detected but Won't Die

Everyone else with similar problems, please start a new topic.

If you should have a new issue, please start a new topic. This applies to the original topic starter only.

Trojan.Vundo detected on work computer

When I ran HJT I got an application error at the end of the scan, about the tim when the report would pop open. "The instruction at '0x10037b81' referenced memory at '0x00000000". The memory could not be 'read'". Click OK to terminate the program
Click Cancel to debug the program

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 9:23:14 AM, on 9/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SpamBlockerUtility\Bin\\SbWeatherOnTray.exe
C:\Program Files\SpamBlockerUtility\Bin...

Trojan.vundo, Downloader being detected by Norton

Please help! Sometimes it finds Trojan.Zlob too. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:12 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

3 Viruses Detected Using Symantec Including Trojan.vundo

I have tried following deletion instructions provided by norton but this has not worked and the viruses keep coming back.Originally I was infected with "Trojan.Vundo", then "Downloader" and now finally "Trojan Horse". I am now also infected with "Trojan.adclicker" and "Downloader.misleadapp".

Trojan (Vundo) detected. Browsers unable to open websites

Note: You must be logged onto an account with administrator privileges.Close all applications and windows. The browsers (both IE and Firefox) are unable to open any websites. (I am sending this request from a different machine)

I may not be able to run online scanners. check some important areas of your system and produce a report for your analyst to review. Double-click on dss.exe to run it, and follow the prompts.

When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Details
Detection: Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan), Vundo (Trojan)
File Path: C:\WINDOWS\system32\ddcArPhw.dll

This is on an XP system with SP2. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.

To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload. Please attach extra.txt to your post. DSS automatically runs HijackThis for you, but it will also install and p...

Trojan.Vundo Virus Detected & Norton AntiVirus Will Not Remove

Double-click on it to extract the files to a new folder on your desktop. Therefore, I updated via LiveUpdate and ran a full system scan. I logged onto Norton AntiVirus? website and downloaded the FixVundo and FxVindoB utilities they have.

It also indicates it is unable to repair the file. If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab. Neither of them could find the virus (they both said my system did not have it). Click on see report.

It is below. I logged onto your website and I?m pretty sure I?ve followed all the steps in the Please, Read This Before Posting A Hijackthis Log. At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\cbeeg.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The fix should then automatically launch HijackThis. (if it doesn't, you'll have to do it manually)
In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\geebc.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Startup: PowerReg Scheduler V3.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} - http://www.wildtangent....

Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. I do not currently have a flash drive on hand, but I do have an 4 GB SD card.

I have been prompted to do a manual removal of Trojan.Zeroaccess!inf4 from c:\windows\system32\services.exe. C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM ...

Adware.Vundo Variant & Trojan.Fake-Alert/Trace detected

I have both AVG Anti-Virus 8.0 Free and SuperAntiSpyware (Lifetime). Cheers,


Somewhere along the line I have picked up both Adware.Vundo Variant and Trojan.Fake-Alert/Trace - the latter is described as Trojan Horse BHO.GME by my AVG program.

Clearly I need help from someone who knows what they are doing! AVG detects the Trojan Horse on start-up every time, so quarantining it does not solve the problem.

vundo trojan detected, malware problems and internet constantly re-directing

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. If you click on this in the drop-down menu you can choose Track this topic. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: ensure you read this guide carefully and install the Recovery Console first. From previous scans i have deleted multiple trojans and a vundo which is not good news for me.

Referred from here: ~ OBhello all, i posted my problem in the am i infected? Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. he think i may be infected with a powerful...

Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

I downloaded an icon pack APK file on my computer to upload to my mobile. Anyway, the thing is, when I double clicked on it, BlueStacks (Android Emulator) opened up, and Avast started giving me lots of warnings about BlueStacks accessing Trojan URLs (it blocked them of course).
Now, the thing is: I scanned the APK file both in Malware Bytes Anti Malware and Avast (and even Malware Bytes Anti Rootkit), and it showed no virus or malware found. And more importantly, (though I have deleted the APK file in question from my computer) is my computer safe? But when I try to attach the the same APK file as a Gmail attachment (which I read on the net detects viruses, which is why I tried it), Gmail gives me a "Virus found" error.
So, my question is how come such reliable antivirus / anti-malware programs like MBAM and Avast didn't detect the virus but Gmail did?

Or has a rootkit / trojan been installed? Upload file in question here: for security check.

I did a stupid thing yesterday.

Hijackthis log, trojan & suspicious file detected

Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. Run the scan, enable your A/V and reconnect to the internet. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

about rootkit activity and are asked to fully scan your NO.Now click the Scan button.

Hey all,Windows Defender detected a suspicious file. Please note that your topic was not intentionally overlooked. After downloading the tool, disconnect from the internet and disable all antivirus protection. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.

Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. The file is no longer on my system it looks like but the Windows Defender quarantine is empty. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

I just ran Spybot S&D and it detected Virtumonde.sdn Trojan C-04 and said it cleaned it. None of these have detected anythin...

LATEST TIP: You should click here to fix Windows errors and optimize system speed.

Recommended Links:

(1) Download (Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!) repair utility.

(2) Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

(3) Solved: Help! Infected by WinAntiSpyware2007 and Trojan.vundo! HiJackThis file included.

(4) Vundo Trojan Detected

(5) Detected: Vundo!grb (Trojan)

Note: Manual troubleshooting of Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo! is only recommended for advanced computer users.Download this automatic repair tool instead.