Common symptoms that your PC is infected with this trojan are:
● After booting up your PC, the following error message gets displayed:
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0×28f, Baud rate 192000)
● On next reboot, the following error message gets displayed:
Important : Potential errors found in the system.
During a scan of files at system startup, potential errors in the system registry were found.
p-07-0100 irql: 1f SYSVER 0xff0024During a scan of files at system startup, potential errors in the system registry were found.
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED
● Many pos*.tmp files are created in your hard drive.
● Two new shortcuts are created on your Desktop:
Windows Update (http://storageprotector.com/clean/p=60&gai….) and
Help an Support Center (http://storageprotector.com/clean/p=61&gai….) , both pointing to some suspicious links (not the authentic Windows Update Server).
How to fix this problem:
Download Combofix at http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Download VundoFix at http://www.atribune.org/public-beta/VundoFix.exe
Disable (or uninstall) all other anti-spyware and anti-trojan programs running on your PC.
Double click combofix.exe and follow the prompts. Reboot your PC after the scanning is done.
Double click VundoFix.exe and reboot your PC after the scanning is done.
Combofix and VundoFix utilities are able to detect several malicious files and sucessfully remove them from your machine. Follow @_pcoptimize
Tried, 100% working cleaning and protection way of vundo.
http://vundo.givemesolution.com