So, my computer got infected and I eventually figured out it was by the malware known as “Virtumundo”. Basically, it runs constantly rundll32 in the background (I’m hoping here that "Virtumundo is the only malware responsible), everything is considerably slowed down, some programms can’t run at all, my system is generally unstable, etc… Plus of course, I get pop-up adds, and mostly about “anti-viruses”, since I’m visiting many site to get rid of this malware, and the adds are related
There’s normally a couple tools specifically dedicaced to removing this particular nastiness, but since I’m using Windows 98, only “Vundofix” run on my computer.
And it fails. It correctly finds the nasty files, but fails to delete one of them called MLJJH.dll, and of course as soon as I reboot, the malware restores itself and all the nasty files come back.
Now, I’ve the following hypothesis : Vundofix is unable to remove the .dll file because it’s currently used by Windows (I can’t delete it manually for this reason), as it runs all the time, and apparently also in safe mode.
So my question is the following : is there a way to suspend or stop it (the rundll32 stuff) from running so that meawhile I could try to delete the file, for instance using the Vundofix tool?
Any other suggestion to get rid of “Virtumundo” are welcome, of course.
And while I’m at it, is this malware related to the Virtumundo company (an “online advertizer”) or not? If it is, how can a well-known company get away with such stuff?
It’s also called vundo. You need to download special tools to clean it; a search will find them.
If the tools won’t run, my suggestion is this:
Run the computer in safe mode.
Search for and remove MLJJH.dll
(very important) search for hjjlm.* Vundo installs this second file to detect if mljjh.dll (or whatever the name of the virus file is). It has to be deleted, too.
Thank you all for your responses.
After wasting a fucking full 24 hour day minus 6 hours of sleep :mad: searching for infos, downloading all sort of tools and utilities (some that I’m going to keep, by the way) and trying all sort of thing, I eventually wasted my problem.
There are utilities out there specifically dedicaced to this particular malware. They wouldn’t run on my computer except for Vundofix, but it couldn’t delete two of the files (hidden files, of course, in C\windows\system) called hjjlm.ini and mljjh.dll and of of course, they would reconstitute the rest, and this crap still pestered me. (I would mention however that from what I read, these utilities succeded perfectly in the case of many other victims). Safe mode didn’t help, Process Explorer couldn’t stop the process for more than one second, etc… Of course, I couldn’t delete them manually, even in safe mode, it would have been way too easy!
Finally, I dug up my old “MS-DOS for dummies”, rebooted under MS-DOS and deleted with the MS-DOS editor the content of the files Vundofix wasn’t able to kill (long, but after 24h, it was a breeze) . And, half to my surprise, it worked !!! I rebooted in safe mode, used again all sort of utilities to be sure this crap wasn’t on my computer anymore, all sort of cleaning utilities just to be on the safe side, and it was gone!!! (say this the same way Frodo said “It’s gone!!” if you’ve watched the “Lord of the rings” movies).
Now, given the number of people who apparently had to deal with this crap (that, by the way, went unoticed by my AVG anti-virus) , I want people who distribute it to spent in jail one second for each hour wasted by someone to get rid of it. They should still be behind the bars went the sun will become a super-nova… :mad:
Thanks again for your responses and suggestions…
Glad your problem is gone, but for the benefit of others who may have the same problem, VundoFix was updated on 1/19, so it may work now. Of course, these bastards seem to mutate daily, so it is hard to stay ahead of them. Here is a Vundo removal guide that is updated whenever VundoFix is updated, I have found all of their removal guides to be very helpful.
!!! I rebooted in safe mode, used again all sort of utilities to be sure this crap wasn’t on my computer anymore, all sort of cleaning utilities just to be on the safe side, and it was gone!!! (say this the same way Frodo said “It’s gone!!” if you’ve watched the “Lord of the rings” movies).