TR/Vundo.GEN and other viruses help

[Ryder77]

I downloaded a song today on Limewire. Well, it appears that this song was just a virus in disguise. Now, I have this annoying virus called TR/Vundo.GEN and some other ones. I think I may have gotten rid of some but when I start windows up I get this message, I took a picture of it and I will post it at the end of the description. I have no clue on how to get rid of these things I have scanned with Norton, AVG, and Avira AntiVir PE and still that message comes up. Please help me get rid of these. Oh, and I deleted the "song"

Here is the Avira report:
AntiVir PersonalEdition Classic
Report file date: Thursday, March 27, 2008 21:38

Scanning for 1168633 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: RON-PC

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 01:35:20
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 3/27/2008 01:35:20
ANTIVIR3.VDF : 7.0.3.86 2048 Bytes 3/27/2008 01:35:20
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 3/28/2008 01:35:20
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 18:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 3/28/2008 01:35:20
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 14:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, March 27, 2008 21:38

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SLVoice.exe' - '1' Module(s) have been scanned
Scan process 'aim.exe' - '1' Module(s) have been scanned
Scan process 'SecondLife.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil9e.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'LimeWire.exe' - '1' Module(s) have been scanned
Scan process 'SnapfishMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'ZuneLauncher.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'schtasks.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ccApp.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'avgrssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'avgrssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgupsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgamsvr.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
103 processes with 103 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGQESYWU\media_codecs[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Stration.Gen
[INFO] The file was moved to '485057b6.qua'!
C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA9C8JHO\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485f57ca.qua'!
C:\Users\Ron\AppData\Local\Temp\opnmMcyY.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\' <FACTORY_IMAGE>


End of the scan: Thursday, March 27, 2008 23:37
Used time: 1:59:10 min

The scan has been done completely.

17535 Scanning directories
452344 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
452341 Files not concerned
4626 Archives were scanned
4 Warnings
10 Notes

EDIT:The forums won't let me post the picture yet.

 

[Ryder77]

Ok, well I mainly got rid of it except that message that pops up when I start up my computer. I put the program Run up and found the item it says:

Startup Item:cmds
Manufacturer:Unknown
Command:runddl32.exe C:\Users\Ron\AppData\Local\Temp\opnmMcyY.dll,C Location:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Well, as I was writting this another file popped up but I deleted it. But the one that I just explained seems to be my biggest problem.

 

[Ryder77]

For some reason a new virus keeps popping up every once in a while.

 

[Blues]

Vundo is not new its just common and there are many variations I would look into VundoFix it is a utility that should help you.

 

[geekhelp4u]

Have you tried Avast! Every time I download a song or movie infected it grabs it on the real time scan! Additionally, if you do get infected, you can run a boot time scan and find and delete them before the operating system even loads up! This is in my opinion why Avast! is better than the rest... especially if you use torrents and/or limewire!

If you are interested in the pro version for as little as $5 for a 3 year license, send me a private message and tell you where you can get it!

otherwise, you can find the FREE non pro version here http://www.avast.com/eng/download-avast-home.html

 

[Ryder77]

Vundo is not new its just common and there are many variations I would look into VundoFix it is a utility that should help you.

I don't mean that Vundo is new but I have Avira and it pops up some message saying that there is a virus found and its always a new one. It was some stupid codec that was downloaded that did this to me. I have some Vundo finder and it doesn't locate it so that may be gone but I'm not sure. I tried searching for some of them on Run and I'm not sure if I should delete them they may be linked to my computer now.

 

[Ryder77]

When I startup Internet Explorer a message pops up saying something about viruses and malware then it takes me to some site for "virus protection". I don't know how to get rid of this. I don't think its the TR/Vundo.GEN anymore I think its a bunch of other ones that was with it.

 

[MHCG]

You've just described every Vundo/Virtumonde infection that I've seen. If you've already ran VundoFix and you're still infected, install HijackThis and post the log here.

 

[MHCG]

BTW, you can also paste your hijackthis log here for an instant online analysis.

 

[gunslinger]

Or you could just download the hijackthis log reader on this site

http://www.technibble.com/repair-tool-of-the-week-hijack-reader/#more-1122