General discussion

Trojan.Vundo / ssqro.dll

Got a Norton AntiVirus Alert. If found 'Trojan.Vundo'. Then it says that 'C:\WINNT\system32\ssqro.dll', couldn't be repaired and that access to that file was denied. So I ran Nortan AV and AVG AntiVirus, neither of them found the virus. Both Norton and AVG are up to date. The computer runs slow, can still access the internet, when I select a program to start, it will start, but its slow. Same goes for using the start menu and such. The worst part of it, is that when I ok it, it will go away for like five seconds, then it shows up again and will not go away. Don't know what else to do. Did a google search on 'Trojan.Vundo' and 'ssqro.dll', found a removal tool from symantec, for the virus, I ran it and it did not find anything. Any info. or help with this, would be greatly appreciated.

Running WinXp Home, on a Gateway m520 Laptop, connected to cable modem.

Discussion is locked
Reply to: Trojan.Vundo / ssqro.dll
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Trojan.Vundo / ssqro.dll
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
mm724 .. This MAY be worth a try...

I'm not exactly sure what you are saying. You say Norton AV says you have it. Then when you ran it, it says you don't? You also said you ran the removal tool from Symantec. Was this the tool you ran?

According to the instructions I've read you must disable Norton's AV from loading in start up, reboot and THEN run fx.vundo.exe. Did you do this?

(Please note: There are different versions of this tool. This one is fx.vundo.exe, while you may have run fix.vundo.exe) If you ran either version and did not disable Norton from loading in startup and rebooted before running the tool, it may have rendered the tool ineffective.

Please know I am not an expert. But I have done a lot of reading and there should certainly be NO harm done by trying this, until one of the ''experts'' come along.

Of course the issue with the ssqro.dll may change the whole picture. My thinking is, since there is no harm in running this tool AND if you are able to do so w/o the ssqro.dll issue interferring, there is nothing lost.. and possibly something to be gained.

I wish the best.. and have no doubt the ''experts'' will be along anytime now. Wink

- Collapse -
Many versions of This. See if "H" or other fits Here:
- Collapse -
Trojan.Vundo / mljjk.dll

I have the exact same problem as mm724. I got it Friday morning and have been working all weekend to find a way to eliminate it. I use WinXP Prof on a Dell4550 w/ cable connectivity.
Norton AV pops up a virus alert that I have trojan.vundo at C:\WINDOWS\system32\mljjk.dll. I click Okay, but then AV immediately pops up a virus alert that Access to file is denied. I click okay, and the first message immediately pops up again. Cannot stop that repetition. Computer has slowed to about 25% of its usual speed on all tasks.
Tried the removal tool NAV refers me to:
but each time the recovery tools says ''trojan.vundo has not been found on your computer''. Tried recovery tool 12 times all different ways:
ran it in safe mode
ran it with Norton AV off
with system recovery off
with internet access disconnected
and ran it with every possible combination of these.
Always the same result.

I ran AdAware 4 times, and Spybot S&D 3 times both in and out of safe mode. Usual culprits found and removed, but no trojan.vundo found.

I ran Norton AV System Scan 4 times and each time it found the virus but was unable to quarantine, unable to delete, and said ''failed to fix virus'' or somesuch.

This is a monster. I've searched all over CNet and all over the internet to no avail.
Oh yeah, I also ran that MS Security scan and it says I have no problems. Not much help there.

I'm pretty amateur so I was about to reinstall Windows in hopes that this would cure the problem. But this seems like using a grenade to kill a mosquito. Any ideas?

- Collapse -
fsafisher.. I've noticed you tried..

one of the tools, I previously mentioned in my prior post. You tried the one that did not seem to do as well as this one:

Above is the fx.vundo.exe tool, while you ran fix.vundo.exe. Did you run the tool with Norton disabled in Startup? Try this one.

Having said that, I don't even know if that one will work, but as I mentioned above, it can't hurt. (As you've said, you tried the same one 12 times.. why not try this once. Grin)

As Tobeach mentioned, I might think there are more variants by now, but since I have read this helped many other's, it's worth a try. I'll try to find the link where I read this and post it the first thing in the morning. Hopefully someone more knowledgeable than Tobeach or I will get you an answer before that.

Don't get frustrated. You will eventually get rid of it. And as amateurish as I am too, I can tell you or ask you.. not to rush to reinstall your OS. There are people extremely well versed and capable here that will help you. (You just may not have found them yet. LOL)

Hang in there.. if you haven't found a fix shortly.. I'll get back to you with that link!


- Collapse -
trojan vundo

I went through all the same stuff fsafisher did and finally gave up and reinstalled my operating system. That worked. I fortunately don't have much that I care about that gets wiped out when I reinstall the operating system. I mostly use the pc to surf the web and play games. Good luck. That trojan vundo sucks big time.

- Collapse -
Same problem


I followed the advise of many here. I downloaded the removal tool from symantic ( Fx VundoB the correct/newest one), disabled Windows Restore and Norton AV, restarted in safe mode and ran the tool. However, the fix always tells me that I do not have the threat on my computer. However, when I restart my computer in normal mode, the virus alert window returns.

I havent tried the EZFix or whatever it is...I actually have the oppurtunity to receive that software free through my job, however, I read that this software can not run simultaneously with Norton Av. Is this true? If I download this fix, won't I also have to download the software? Will I need to nix Norton AV?

Any help will be greatly appreciated.

- Collapse -
mm724 and fsafisher.. If you haven't had success..

as of yet, this may be of interest:

'In the last few weeks a new variant of Virtumonde aka Vundo was released and no longer worked. A new VundoFix has been released and I am proud to say so far it has had great success.'

This is a quote from the above referenced page, where they will direct you to where you would get instructions for it's removal. (It may or may not be the same fix I referenced above) I don't know if this replaces posting a HJT log (at another forum), or it is in addition to.

Either way they claim to have been successful.

Best of luck to you both..

- Collapse -
Fixing Vundo

Yes, the fix works, but it requires detailed steps for deleting specific files, etc. and a HJT log will be needed. There might be more helpers to handle it sooner on the forums that Roddy usually suggests.

To quote Roddy32:
Please post your HJT logs in one of the following HJT forums:


Attention: You have to register to be able to post your HJT log !!

HijackThis download locations:

It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to ''HJT'' or ''HijackThis''. Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.

Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post the log file in any forums that offer HijackThis analysis.

- Collapse -

I had thought about including ''the big man's'' HJT link.. but thought I'd leave it up to him Grin. You saved him the work!

I too had questioned mm724's usage of both.. but now have the feeling BOTH people are all ''Vundo'd Out'' - as I am reading about it! LOL


- Collapse -
Two AV's?
So I ran Nortan AV and AVG AntiVirus, neither of them found the virus
You got an alert from NAV, but when you did a scan with NAV, it could not find Vundo?
Are you running those two AV's together in realtime by any chance?
- Collapse -
have read through most of your replies

I have 2 antivirus programs running at the same time, figuring what one doesn't catch the other will. don't know if that is helping or not. when i tried the Vundo fix from symantec, just tried a couple of the things it said to do. disabled file sharing and disconnected from the internet. will try to do some of the other things while using the fix from symantec and see if that works. if it doesn't, then i'll reluctantly have to look into reinstalling winXP.

thanks to all that have given or will give their input. I appreciate the help with this problem. mario

- Collapse -
would suggest before thinking of reformating

to visit forums suggested here about virus and all their relatives (malwares,trojan etc) there are posts about Vundo infections and if you see here technichians do not recommend two antivirus software running in one computer

- Collapse -
Mario.. as a final thought..

It is my understanding, you can't pick and choose which aspects of the fix you wish to follow. You need to do all they suggest and in the order they suggest.

Just a final thought..

- Collapse -
Reformat Probably Not Needed

Mario, if you are running two AV's they could be chasing each other!
I'm sure you will not need to reformat.
Carol is correct. The fix for Vundo must be followed in a certain sequence. It will not take long, once a helper is able to check your HijackThis log, but they need to see all the file names involved so they can tell you which ones to delete.
Give that a try. Please let us know where you post your log, and how things work out.

- Collapse -
Trojan Vundo

I fought with this trojan/virus for 2 solid no avail...I used symantecs removal tools...which informed me, that no such virus was on my computer, yet..that irritating screen popped up on my monitor, every time I rebooted...(and Norton was disabled)Symantec was telling me that it could't access, fix, repair, delete or quarantine the file it was I called their tech service...high priced, couldn't understand the tech, outsourced jobs, indeed!!they kept telling me to wait anywhere from 24/34/48 hours, then update my virus definitions, which are automatically updated, and call them if I still had a problem...They didn't seem to understand that I wanted this alert screen OFF my computer, now, not 48 hours from now....then I came here last night in frustration, and read people talking about installing the trial version of spy sweeper..
I did, ran it, and viola, Trojan Vundo is what I want Norton to explain is why the version I have didn't catch it, and why their fixes were useless...
I have never been through anything like this before, and want to thank all the people on one of your forums that suggested using caught this nasty bug as soon as it started running..AMEN!!

- Collapse -
Trojan Vundo

I had the same success with Spy Sweeper. But, you should enter safe mode and run Spy Sweeper again. My bet is it will find more files to delete.

- Collapse -
Spy Sweeper worked

Thanks windbreeze. I also tried the Symantec fix for Trojan.Vundo ... after rebooting, in safe mode, etc. It just doesn't work. I also have Norton Antivirus 2005 running to protect me from things like this, and Spybot resident to prevent unauthorized registry changes, and I still got this damn virus.

After seeing your post, I downloaded the trial version of Spy Sweeper ( and as far as I can tell the virus is gone. At least that annoying Symantec box saying they detected a virus that they can't fix is gone.

I've been a big Norton/Symantec fan for years, but now I'm thinking they're becoming more marketing than technology. Might be time to switch. Who has the best anti-virus, anti-spyware, anti-adware technology now? Free or subscription. Anyone know?


- Collapse -
Thanks Thanks Thanks

I read about your success with Spy Sweeper and gave it a try. I did what all the other vundo fixes couldn't. The Trojan Vundo is gone. The hard drive doesn't grind, and that annoying Norton message isn't popping up any more. Thanks again for the reference.

- Collapse -
Spy Sweeper (

My computer had Trojan Vundo and like some of you had Norton Internet Security, it could not remove the virus. I shared the same experience and it was extremely frustrating to see my antivirus software not potent to address it. And then one reply mentioned the Spy Sweeper software via It worked effortlessly on my computer! Thank you!!! (Spy Sweeper is free as a trial for fourteen days)

- Collapse -
Spy Sweeper got it!

Thanks for this great tip!

- Collapse -
Trojans are tough

Trojans are very difficult to remove. They hide files that reinstall themselves. One thing you need to make sure of is to turn off system restore before you try to remove a trojan. I would do another in depth search for removal tools that may be available online. You might have to try 2 or 3 or more to be successful. Don't count on Norton to be able to help here at all.

- Collapse -
new to forum

Hi. New to this forum due to contracting this virus. My question is what is gained by people creating and distributing viruses. It is almost that the industry stands to lose the most is the industry that is detering growth. I have this analogy of opening a resturant. Every time someone walked through the door I would punch them dead in the face. At some point people would not come in and I would go out of business. No?

- Collapse -

A friend of mine contracted this virus recently as "hgggd.dll" and I engaged it in an epic battle spanning about 3 days. As everyone has mentioned, the Symantec removal tool was worthless. No other scan tools worked to kill it. I downloaded a "force delete" program that runs from the command prompt and is supposed to override any windows protections and delete files no matter what. This also didn't work. As it turns out, it attaches itself to the windows logon script so it runs no matter what and can't really be removed from Windows startup. I ran a DOS boot cd to avoid even entering Windows so that the program wouldn't run, yet even Volkov Commander could not delete this pesky file. In the end (this is rather anticlimactic, I know), despite the fact that I wasn't able to DELETE the file, was able to cut and paste it out of the system32 folder and under the main hard drive directory, 'c:'. After doing this, I stll couldn't delete it, but I restarted the computer and this the standard Norton program was able to quarantine it, which it had failed doing thousands of times(literally--it found, failed to delete and failed to quarantine the file about every 5 seconds for days on end). So try moving the file in question out of your system32 directory and into another folder and see if the antivirus software is able to remove it.

- Collapse -
tried it but...

I tried the cut and paste method for moving the vundo file, but got the same windows message, can not move jkkji.dll: it is being used by another person or program..... What did you use to cut and paste?
Thanks for your help!

- Collapse -
Did you try...
- Collapse -
Spy Sweeper got it

Thanks for getting back to me. Yes I just tried Spy Sweeper and it got rid of it. Wish I had checked here DAYS AGO. Thanks for everyone's help!

- Collapse -
Trojan Vundo

I had the same problem and Norton does not remove it. I find it astounding that a major virus checker and remover cannot do the job..I finally purchased (additionally to my already purchased Norton) "Webroot Spy Sweeper."

It works great!!


CNET Forums

Forum Info