Vundo

A little bit update
I'm telling you that VundoFix can fix my laptop. Actually not quite true. The trojan hide for a while. Luckily I didn't access any online banking using my laptop. They appeared back for a while. I run VundoFix for a second time then I saw an unrecognized dll appeared in VundoFix. Try to remove but failed. So, I reboot my PC to remove it during boot time but also failed. I used HijackThis to delete key from registry file. I stop iexplore.exe and explorer.exe but it seems the trojans is tied to my winlogon.exe. So, I'm still working for a way to remove this bastard from my laptop. Stay tuned. Maybe I will find the way.

Original Post
This morning I encounter a type of worm or keylogger or password stealer or whatever you want to call it in my laptop. It is so frustrating when I start my laptop, suddenly two programs (which I didn't installed) appeared on my desktop. I wondered when I installed those two programs.

After Windows finished loading, suddenly a popup message appeared telling me that the laptop is infected with keyloggers, trojans, backdoor programs and etc. I really shocked because the day before I already scan my laptop. When it was infected? Then, I searched from the internet. They said I has been infected by program. Unless you download the software 'offered' by the programs, it will not go away. Shit!

So, go to the task manager and delete whichever process that I know didn't appear before. Since my PC and laptop configuration almost the same, so, I can know which process is a rogue process. But it cannot be stop. What are other solutions? I type msconfig. Luckily the worm didn't disable the run function on the Windows. That's good. I checked startup process. Nothing. Only 3 programs. Avast!, ctfmon and one other program I forgot. So, what else. Oh, comparing from the registry. Some worms and trojans are really good at hiding themselves. But they will appear in registry. So, I opened once again the task manager and type the 'rogue' program's name into the find function. Then, I deleted all of it. Hahaha..Good? Rebooting the system.

To my dismayed, the worms or trojans still there. Double shit! Herm, what else. Oh, I know. Use Ad-Adware Removal. Good, it detected all adware and worms and trojans that using my laptop as their breeding place. Finish scanning. Good. Hahaha..So long worms! I clicked "Next" and the prompt asked me whether I want to remove all those adware and worms and trojans. Of course I want to. Suddenly, it reboot itself. I almost want to throw the notebook. Calm down. Calm down.

They are still there. Shit! Shit! Shit! What else to do? Oh, I know. I have Spybot Search and Destroy in my laptop. So, I launch Spybot to fight the trojans. Spybot found their lair. Spybot launched its most damaging move towardss the trojan's lair. Unfortunately only the childs are in the lair. The parents still roaming in my laptop. Arrgghhh!!!!

What else. What else. Oh, I know. Use Spybot in Safe Mode. The trojans will not function in Safe Mode. Reboot. Press F8 repeatedly. Ah, Safe Mode is there. Go Safe Mode!

Entered my password. Safe Mode loading the Windows. Damn! The trojans working fine in the Safe Mode. Double Arrrgghhh!!!

It must be the Services. Yes? Like I said, my configuration for both PC and laptop almost comparable. So, I compare what are the process in the services. Found one. Domain services? Whats that. Search the internet. Not found. I click it, and see the dll that the service use. kmimkogh.dll? Search from the internet. The forum said something bad about it. Hahahaha! I found it. Stop the services, delete from registry. So long sucker! Rebooting....

Triple Arrrggghhhhhhhhhhhhh!!!!!!! It still there. What else..What else..Oh, I remember, Internet Explorer add-ons. Disable all add-ons except that I know. Rebooting..Still there. Search all unauthorized add-ons in the registry. Delete all. But to no avail. It must be hiding somewhere. But where. Read from the forum. It said I've been infected by Vondo. And it listed all files that are suspected carrying Vondo's symptoms. Try to delete but to no avail.

Search some more from the Internet. Finally, I found a program that can remove vondo. It's name is VundoFix. Run the program once and the trojans were gone. Na! Na! Na! Na! Na!

Haha..I win again.

Virus+Worms+Trojans+Backdoor - 0, rzmie - 1