you should install microsoft antispam ...

JM

yeah, right

Norton SUX

Use AVG for virusses, that combined with zonealarm en spybot should be enough. (and FireFox of course).


Get rid of the rest.

What's bad about Norton?

It's primarily a memory hog, but it also has long intervals between updates. My work computer is running "up-to-date" on virus definitions from February 22nd

AH,

Deinstall one virusscanner please, two scanners are more likely to conflict than work well. Then try the following:

1) Is your Windows up-to-date? If not, run Windows Update.

2) Run an online virus scan: http://housecall.trendmicro.com/

3) Run adware scanners (Spybot, Ad-Aware and CWShredder) in Windows Safe Mode. The safe mode thing is very important.

I've heard about the safe mode part, but why is it important?

In safe mode, only a minimal amount of processes are running. That way, you can properly scan with most applications being inactive/idle (so they won't get in the way of being scanned).

sshhhh

JM

I agree... it has helped me a few times to get rid of stuff that adware couldn't get rid of (and search and destroy couldn't even find it)
And it wasn't MS who made it, they just bought it

...and you will need to pay for it in the future.

How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.
Credits: Attribune for VundoFix



What this program does:

Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Tools needed for this fix:
Vundo Fix
VirtumundoBegone
Note: The entries shown below may have different file names. You will though, have a 02 entry, that may contain the word "MSEvents" and a 020 entry that has the same file name as the 02 entry. For example, as you can see the following color coded sets each have a O2 and O20 entry with the same filename.

O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddaya.dll
O20 - Winlogon Notify: ddaya - C:\WINDOWS\System32\ddaya.dll


O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll


O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\ssqrs.dl
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\ssqrs.dll

Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib.

Preperation Steps:

Please do both of the following before we start:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Save these instructions in word or notepad to the desktop where they can be easily found.

At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things will help to get it back to how it was in a faster manner.


Removal Steps:

Download VundoFix.exe and save it to your desktop.
Double-click VundoFix.exe to run it.


Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.


When VundoFix reopens, click the OK button.


Click the Scan for Vundo button.


Once it's done scanning, click the Remove Vundo button.


You will receive a prompt asking if you want to remove the files, click the YES button.


Once you click yes, your desktop will go blank as it starts removing Vundo.


When completed, it will prompt that it will shutdown your computer, click the OK button.


When the computer has shutdown, turn your computer back on.


The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.
This step should only be used if the instructions in Step 2 did not remove the infection.

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished


If after attempting the instructions in this guide the infection is still present, then it is advised that you post your HijackThis log so one of our experts can help you remove the infection. You can post your HijackThis log at this forum:


From here: http://www.bleepingcomputer.com/forums/topic18610.html

In the future, probably yes, but not now

thanks for the advice guys

am I the only one who'll treat an unwanted guest on my PC like an intruder in my home?

I've spent hours hunting this one down already. I get mad with it.

The sneaky thing with this one is it keeping reinstalling itself. Bastard.

Wasn't Poly advertising this horror?