Infected Windows PC at work. Some clueless user “caught” the VUndo.F variant leading to NTdetect not found and eternal reboot cycle.
First locate copy of WinXP cd, then boot from cd and repair the installation. This will at least lead to a bootable PC which is still infected with the Trojan VUndo.
Usually files Rundll32.exe, iExplore.exe are infected. An infected dll (in my case named “nohiyizi.dll”) was present in \system32\. VUndo does not allow other processes to create directories; it will delete these right after creation. Thus installation of anti virus software fails as does any attempt to run the MS Malicious Software removal tool. Below is what worked for me:
0. Perform a free online scan (e.g., http://security.symantec.com/sscv6/DownloadInstructions.asp, use Internet-Explorer in this phase). Once you know the name of the infected dlls and executables do this
1. Copy known good version of RunDll.exe, iExplore.exe into c:\. Get these files from another PC.
2. Insert WinXP cd and boot from it.
3. Press “R” to enter the recovery console. cd to system32 and delete the offending dll using “del dllname”, then copy the known good version of rundll32.exe from c:\ to c:\windows\system32, overwriting the infected one.
4. reboot normally and verify that infection has been removed.
It took me 3 hours to come up with this, damn waste of precious time. ‘hope it helps some other poor soul.
