http://vundofix.atribune.org/

Try the tool. For me it got most of it, but I had to manually
remove a bogus .DLL (see the forums on how to
do this-drag n' drop a vundofix.vft file onto vundofix
after stopping all processes related to it).

HijackThis is also needed to tell you where the SOB
is hiding in the Registry. If you know what you're doing,
you won't need to send the log to anyone, just interpret
it yourself. You already know what you're looking for.

You might like this forum entry:

http://www.atribune.org/forums/index.php?showtopic=3660

BTW, I got infected through an exploitable version of
the Sun Java Runtime after running one of those applets that
Ebay uses to show pictures of an item.

"stand_58" hotmail.com> wrote in message
news:Onj8kt7WIHA.748@TK2MSFTNGP04.phx.gbl...

Mr. G. Thank you so very much for your reply. I've tried the tool, it's
really good....and ultimately it didn't do the job.

But the article you pointed out is amazingly good. Shedrick really has
teased out all the issues that likely beset my machine, and better than that
he intelligently walked the paths that I found myself blindly stumbling
around in when I spent a day failing to bet this bugger.

If I find anything different from what he found, I'll post it. (my junk is
called ddayv.dll and ddayv.exe, and I also get vyadd.ini readily created.
Other than that.......I have to print out his article and follow his lead.

And again, thanks to you.
"V Green" nowhere.net> wrote in message
news:uGaR1HLXIHA.4140@TK2MSFTNGP04.phx.gbl...

OK, great.

Basically what remember doing (was a while ago) was to kill
all bogus processes with Task Manager. Then look for
suspect entries with the same name in the Registry and delete those.

Then look for recently created files with nonsense names
in the usual places in \WINDOWS and \Documents and Settings.

If they won't delete in regular or Safe Mode, write a script
in Notepad with the pathname of the files that you want to
delete that are locked, example:

C:\Windows\system32\khffddc.dll

Save this to your desktop as vundofix.vft - type "All Files".

Then start VundoFix and drag vundofix.vft onto it. Click
the Remove Vundo button.

VundoFix will "unlock" the files and delete them. Screen may go
blank and you might have to reboot.

Run HijackThis and look for anything else (you can use HJT
to take the place of the manual Registry search above - it found
all the same entries that took me much longer to find with
Search).

On Jan 27, 6:09 am, "V Green" nowhere.net> wrote: