Spyware, Viruses, & Security forum

General discussion

Please Help! I think im infected with the Vundo Trojan!!

Hello everyone. I have been recently getting pop ups for me to download WinAntiVirus Pro 2006 and then when I try to exit I get to the WinAntiVirus website, about 3 pop-ups later im ok until the next pop-up. I have read that this is caused by the Vundo trojan but when I scan with Norton antivirus 2005 I get nothing and same with Ad-Aware SE. I have also downloaded the Vundo removal too from the symantec website and it said that Vundo was not found. I have all my virus definitions up to date. Can anyone help me PLEASE, the pop-ups are really annoying.

I also noticed that at startup I have two items called PowerReg Scheduler and PowerReg Scheduler V3. I read that this is due to a virus and also from other people that it is a Windows application that should be left alone. I did not realise this until about a month ago. Does anyone have advice for this too?

I am running Windows XP home editions with service pack 2.

Thank You

Discussion is locked
You are posting a reply to: Please Help! I think im infected with the Vundo Trojan!!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Please Help! I think im infected with the Vundo Trojan!!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
How To Remove Winfixer / Virtumonde / Msevents / Trojan.vund
Collapse -
Nothing found :(

In reply to: How To Remove Winfixer / Virtumonde / Msevents / Trojan.vund

Thank you for replying so fast Marianna. I went to both sites and I downloaded both VundoFix and VirtumundoBegone. I first ran VundoFix and it said nothing was found and then ran VirtumundoBegone in safe mode and again nothing found. I also searched for the files, directories, and processes asociated with PowerReg Scheduler and I did not find anything either. I dont know anything else that would give me pop-ups to download WinAntiVirus.

Is there anything else I can do to find out what I am infected with? Or any more suggestions on fixes for Vundo and PowerReg Scheduler?

Thank you!

Collapse -

In reply to: Nothing found :(

What you could do is,

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon ''Update'' then select the ''Update now'' link.
Next select the ''Start Update'' button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the ''Scanner'' icon at the top of the screen, then select the ''Settings'' tab.
Once in the Settings screen click on ''Recommended actions'' and then select ''Quarantine''.
Under ''Reports''
Select ''Automatically generate report after every scan''
Un-Select ''Only if threats were found''
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the ''Scanner'' icon at the top and then the ''Scan'' tab then click on ''Complete System Scan''.
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select ''Apply all actions''.

Close ewido and reboot your system back into Normal Mode.

Pls. let us know jow you are doing.

Collapse -
Some things found

In reply to: Brad...

Sorry I haven't responded, my internet went down. I did what you said and ewido found 3 tracking cookies and 4 downloaders. ConHook aa, ConHook aa, ConHook ab, ConHook ab.

Collapse -
Did Ewido clean them up?

In reply to: Some things found

and how is your computer running?

Collapse -

In reply to: Did Ewido clean them up?

My computer is running pretty good, I think ewido got rid of it. If anything happends or I get the same pop-up again I will tell you.

Thank you very much for your help.

Collapse -

In reply to: Did Ewido clean them up?

ewido quarantined the files. No problems with that.

Collapse -
Great job :)

In reply to: Addition

ewido quarantined the files. No problems with that.

You can delete the files from quarantine Wink

Happy SAFE Computing Happy
Collapse -
:)Thank you!

In reply to: Great job :)

Thank you for helping me! This is the first and hopefuly last virus I havent been able to get rid of.

Collapse -
Knock on wood it was the first and last one ;)

In reply to: :)Thank you!

Collapse -
Yes hopefully

In reply to: Knock on wood it was the first and last one ;)

I still do have PowerReg Scheduler and PowerReg Scheduler V3 in my startup tho :/. They dont show up for startup applications in CCleaner also.

Collapse -
powerreg scheduler v3.exe =

In reply to: Yes hopefully

Collapse -

In reply to: powerreg scheduler v3.exe =

I checked and PowerReg Scheduler V3 was created when I got the modem and I have had Hashbro games on the computer which explains PowerReg Scheduler. I will be sure to stop them from running at startup.

Hopefully this will be it. Thank you so much

Collapse -
(NT) (NT) You're Very Welcome :)


Collapse -
A bit more about Power Reg Scheduler..

In reply to: Yes hopefully

Brad, when I first saw you write about the Power Reg Scheduler, I knew I ran across this on my computer, but couldn't remember the specifics. Being the packrat that I am, I keep a folder of screenshots of any past ''detections''. I just checked it and it brought some things back to me.

When I first installed MSAS, it detected the Power Reg Scheduler as spyware. MSAS had noted the publisher as Leader Technologies. I went searching from there. I have a Dell computer. One of creator's of programs, which oft times comes bundled with Dell Computers, is that of Sonic's. I have Sonic's Update Manager and Sonic's RecordNow.

You say it shows in ''Start up''. I see I had an entry under Documents and Settings\Your Name\Start Menu\P---....'' I can't read the rest of what's in the path, according to my screenshot. I use Sonic's RecordNow, every once in a while. I don't know if the updater doesn't work properly, because of my deletion of the Scheduler of not. Ordinarilly, I would say it has nothing to do with it. After reading from this website. I'm beginning to have my doubts. You may get something out of it, or not. You'll also see where someone notes, LeaderTech publishes registration for companies like Epson, Palm and Adobe (photoshop). It may be worth reading, although there are no definitive answers.

If by any chance, you do have a Dell, or any of Sonic's products, it might be worth putting it in quarantine for a little while, to see if it has a negative affect upon any of these products. If you don't have any of the products.. forget I mentioned it! Grin

Good luck with whatever choices you make..

Collapse -
In addition

In reply to: Please Help! I think im infected with the Vundo Trojan!!

Collapse -

In reply to: Please Help! I think im infected with the Vundo Trojan!!

I think I have exactly what you had.. so I'm going to try the ewido thing, only I didn't have the start up programs I think that you said you had, but I really hope this works, I hate having all these pop ups and winantivirus stuff.

Collapse -
lady.. If you try Ewido..

In reply to: same

Collapse -

In reply to: lady.. If you try Ewido..

Ok thank you but so far I have no problems at all Grin

Collapse -
(NT) (NT) Brad.. Are you a 'lady'? :D

In reply to: Ok

Collapse -

In reply to: (NT) Brad.. Are you a 'lady'? :D

no i am not =P, but i figured you were talking to me. You were talking to me right? :S

Collapse -

In reply to: lmao

In answer to your question:

The post I answered, was that of ''Lady4548'', titled ''Same''. Just as you answered me, by going to my post and pressing ''Reply to this message'', that is how I answered her. Wink

It's really not "a big deal''. Happy And I do appreciate you thanking me in your original post.


Collapse -
A tip

In reply to: same

Before you scan with ewido or any other antvirus/antispyware make sure you turn off system restore or else when you delete the virus(s) system restore will restore the file you just deleted. Turn system restore on after you are done.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.