Hi! I'm Allen and I welcome you to my blog. I blog mainly about my blogging experiences where I get to learn how to earn money online through blogging and have fun doing so. To learn more about my blog, you may want to subscribe to my RSS feed. If you have some questions, feel free to ask me by using my contact form. Thank and have a nice day.

For the past two days, I have been having a hard time with my computer because I got infected with a virus. Here is a pic that shows Kaspersky Antivirus detecting it.

After spending a lot of time researching on how to remove it, I finally found the solution so I would like to share with you all my solution on how to remove Monder Trojan Virus effectively and permanently.

Note: When reading this guide, I suggest you read this from another computer or you print it as it is suggested that you have no other open programs while trying to remove the Monder Trojan from your computer.

About Monder Trojan Virus

Monder Trojan virus is something I got when I tried to install pirated software on my laptop. It is not easy to remove as it attaches itself to the winlogon.exe and explorer.exe, two essential files that are needed to make your pc run. I tried deleting the files via Safe Mode but I wasn’t able to as they say the file is locked. The virus usually creates a lot of garbage dll files in the c:\windows\system32 folder. It is easy to spot as the letters are not readable, looks like random typing like asdadauiobg.dll. If you manage to delete one, more will be created in its place so a special procedure is needed to remove these pests from your computer.

Initial ComboFix

First thing you should do is to download the program ComboFix [download link] [Alternative download link] and save it to your desktop. This is a program that will try to clean your system automatically and it usually takes about 10 minutes.

After downloading Combofix, go to Start->Run then type this in the box, “%userprofile%\desktop\combofix.exe” /killall

then execute. Combofix will now run. Here are the things that combofix will do so that you will not be alarmed.

1. First it will change your time and date (it will return it back later)
2. it will kill all other running processes
3. it will do a series of tests and permanently deleting those bad files (just trust the program ok? )
4. it will reboot your computer
5. it will do a secondary scan
6. it will generate a log file of what it has deleted, what it has found .. more like a report

Combofix and HijackThis

Now that you have ComboFix’s log, you will have to download HijackThis [download link], run a scan and generate a log report. I would assume that you now have two logs, Combofix’s log and Hijackthis’ log.

You can opt to go to forums specializing in analyzing these logs to seek for more help because they can really understand these logs. This is the safest option but not the quickest.

However, if you are adventurous like me, you can read the logs yourself and try to remove the Monder Trojan Virus yourself. This is the riskier option but the faster one. At this point, I’m going to share what I did to remove the Monder Trojan Virus.

Disclaimer: The file names will be different as they are randomly generated by the virus. Please do not blame me if it worsens your computers condition. This is for those who want to take the risk only. If you can wait, seek help in forums as they have more experience than me.

Removing Monder Trojan manually

Continue reading if you want to take the risk. It’s a bit technical but I’ll try to make it easy.

The first thing you should do is to create a file named CFScript on your desktop and write these stuffs. [use notepad to create the file]

KILLALL::

File::

Registry::

Then the next thing you should do is to read the ComboFix log that can be found on C:\.

Now look for the section that reads, “Files Created from date to date“. Then you should look at those and look for files that look suspicious, like asd97agdasd.dll or something. Monder creates it’s files in the \system32\ folder so make sure the suspicious looking dlls are there. All the files that you see should be placed on the CFScript file under File::

(example)

KILLALL::

File::
suspicious.dll
suspicious2.dll

Registry::

Next step is to look for the section of the report that reads, “Reg Loading Points“. Here are the places where you can see the virus infects in your Registry.

• [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
• [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

You will know if its the virus because the next line after the [hkey blah blah] is the filename and location of the virus file. So what you have to do is to copy that part of the log under the Registry:: section in your CFScript.

(example)

KILLALL::

File::
suspicious.dll
suspicious2.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{blah blah blah}”= “C:\windows\system32\blahblah.dll”

After finding all the suspicious files and registry entries, it’s time to run Combofix again. However, this time you have to run it in a different way. You will have to drag the CFScript file and drop it into Combofix (both should be located on your desktop)

After running combofix with cfscript

Combofix will run again and you will have to wait again. After running, it will once again show it’s log and you have to check it again. Are the suspicious files still there?

• If yes, then you have to add them to a new cfscript file then drop it again to combofix
• if no, I suggest that you run combofix again just like before ,”"%userprofile%\desktop\combofix.exe” /killall” in the run command just to be sure. This is optional though.

If you don’t want to run cfscript again, then it’s time to clean-up the changes made by combofix (remember it changed your time settings)

Post Combofix Clean-up

Go to start-> and run this, combofix /u . It will start deleting all traces of combofix, reset your time and hopefully, you pc will be virus free.

This is what I did to my laptop and it got rid of the Monder Trojan Virus. If there are things that you want to ask or things that are unclear, just leave a comment and I’ll reply to them. Thanks for reading and take care of your computers.

Popularity: 4% [?]