Here's the skinny.

Norton AntiVirus has dectected a virus on my computer.

Object Name - C:\WINDOWS/system32/gebcc.dll
Virus Name - Trojan.Vundo
Action Taken - Unable to repair file & Access to the file was denied.

The Symantec Trojan.Vundo Removal Tool 1.2.4 does not even find evidence of the virus. The Norton AntiVirus does, but both the Quarantine & Deletion fail.

So has every other thing that I have tried yesterday afternoon, evening and into this morning.

Suggestions??

Tee,

I have the same exactt hing as you going on .

This is a bad scene.

Drew

I don't have it with a trojan, but I have it with the most annoying adware I've ever seen: searc-h.com. I can't remove some of its components and I've used McAfee and two different adware removals.

I wish I could figure out what the deal was.

Can't quartine or delete and no trojan tool can find it. I tried to manual find it myself and came up blank.

If the more educated computer people on this forum can come up with something to do I would appriate it.

Drew

As an alternative to wiping your hard drive and re-installing windows. You may be able to use a Linux boot disk to delete these files. Here are instructions for the brave:

1. The reason that you cannot delete certain virii and malware is because it embeds itself into the operating system. Once the OS is started, it will not allow the deletion of so called 'system protected or in use files'.

2. Using a Linux boot cd will give you access to your hard drive without starting windows. A small Linux distrubution called SLAX can be downloaded and burned to cd. Just make sure to set your burner software for .iso and do not make a data disk.

3. Slax can be downloaded from this site. Choose the standard edition:

SLAX Linux Live CD (http://slax.linux-live.org/download.php)

4. Once you have the cd burned, you will need to leave it in the cd tray and reboot. You need to instruct your computer bios to boot from the cd. This usually involves hitting the ESC or DEL key as the computer first boots. (Watch the black screen as your computer starts and it may display a message like 'F2 to configure bios' or something similar. This will be the actual key you will need to hit)

The bios configuration screen is usually a DOS looking text only command window. You need to search thru the menus to find the boot sequence. Make sure to set the boot search to use the CDROM 1st. (the hard drive should be 2nd and the floppy can be 3rd, etc).

5. Hit the ESC key after this sequence is set. The bios manager should prompt you to save changes. Select yes and the computer should reboot.

6. As your computer starts, it will load the SLAX operating system from the CD. You will be prompted to login. The username and password are shown on the start screen as 'root' and 'toor'.

7. Once slax is started, you will be running the KDE Desktop (an alternative to windows). Slax has an auto mounting feature that should auto detect your windows hard drive.

8. In the upper left corner you will see a 'Computer or File Manager' Icon. This is similar to 'My Computer' in windows. Double clicking it will bring up a file manager.

9. Once the file manager is started, you will have to work your way down the filesystem tree. Off the top of my head, you will have to click the 'storage' or 'filesystem' icon to get access to this tree.

10. Slax Linux should have autodetected your windows hard drive so you need to find the folder called /mnt/hda1 or similar. Note that linux does not use drive names like C: instead the root of the filesystem is simply called / (slash).

11. Once you make it to the /mnt/hda1 folder you should recognize your windows folders, from here you should be able to delete the offending .dll that is causing your problems. Once the file is deleted, you can close all of the Slax Linux windows and logout from the KDE Desktop. Hit ALT+CTRL+DEL keys simultaneuously, the CD rom should auto eject and you can reboot.

12. After rebooting, you can try booting into windows safe mode by hitting the F5 or F8 keys as your computer starts up. (You may have to google for 'windows safemode' for your version of windows). Assuming that you get the safemode prompt, do not load any device drivers! Skipping these should allow you to boot to windows and let norton remove the trojan.

13. Once the trojan is removed, I suggest that you download and install AdAware, Spybot Search and Destroy and Zone Alarm Firewall (if your not already running a firewall). You can get these free programs at:

Download dot Com (http://www.download.com/)

14. I also highly suggest that you try migrating over to the Firefox web browser because it blocks active x controls that are used to poison Internet Exploiter.

Mozilla Firefox (http://mozilla.org/)

15. Remember to reset your bios back to boot from the hard drive 1st if you so desire...............

.. I have used this method to sucessfully disinfect many friends and family computers. Depending on how savvy you are, I hope you find it successful!

:cool:

Try this Program free for 30 days. I'm using it now and it rid me of 7 different trojans.
http://www.trendmicro.com/en/products/us/personal.htm

Microtrend PC-Cillin. Click "Try now".

I don't have it with a trojan, but I have it with the most annoying adware I've ever seen: searc-h.com. I can't remove some of its components and I've used McAfee and two different adware removals.

Try this site: www.securitytango.com (http://www.securitytango.com)

Do ALL the steps, in order, and use safe mode if you can.
Also, they have a neat radio show archived at www.soundbytes.com (http://www.soundbytes.com/)

Excellent post. Even though I don't have any virus problems, I'm going to build my virus rescue bootable LINUX CD and add it to the toolkit.

And I second your recommendation to run a firewall like ZoneAlarm. Here's a little story to go along with the recommedation.

A couple of weeks ago, I noticed I was having delays with web pages being fetched. Not all the time and downloads seemed to be doing OK. Then I started having problems with certain applications on my employers intranet accessed via VPN. Again, not everything was having problems just occasional delays, Outlook would complain or problems updating a 528KB Excel file on a fileserver.

When it started to get more frequent, it was the day we had some systems being shutdown because of Rita. I chalked it up to network redirection issues. The corporate help desk certainly couldn't explain why I had problems.

I finally decided to do some sleuthing. Using a number of speed testing sites, I found my upload speed was around 68kb/sec -- ugg! The last test site created a nice report that suggested the line have a quality test performed. The next morning I was on the telephone with the local cable company.

We started out with the usual cable modem only configuration. Things were very, very good and squeaky clean. Next, the router went back into the network. This is where the problem was.

And this is the point: even though the router has a built in firewall, it was flakey too. The tech on the other end could ping my PC once I had all the shields down. She shouldn't have been able to do that.

A new router and I'm a happy camper again.

The lesson I learned is regardless of firewalls in the H/W and claims by the experts that you don't need to run a S/W firewall, I always will.

Good luck to those with the infections.

DJofSD

Another way to get rid of them without wiping off your hard drive is to go to http://www.techsupportforum.com/showthread.php?t=15968

Get Ad-Aware like they say, and also the program called HiJackThis from http://www.greyknight17.com/spy/HijackThis.exe

Run it, and it will create a log file, register for that forum, and post the log. They will help you get rid of it. I have used that forum 3 times for removing crazy viruss from others computers. There are other forums that will help with those Hijackthis log files, but that was the first one that i found :)

Buddha,

I used the forum you mentioned and they have a thread devoted to this virus.

They had a cure posted there and now my system is clean. Thank you!

Thanks to all,

Drew

Glad I could help :) I know that whenever someone that I know comes up with some crazy virus's, they have helped with me removing their problems without reformatting.