this popped up from email i believe
it seems to be malware but is installed by a trojan
it pops up windows saying "you're infected buy winweb security to fix it"
of course it does nothing
lots of other pop ups too
disables firewall and antivirus
so
i looked up winweb security found much misinformation associated with it
downloaded windows defender from microsoft and joined it's club
defender found some issues and files it could not delete. the antivirus norton found nothing
if found these files to be self starting:  wibotelo.dll and yokamuye.dll
these were in windows/system32
it found this key in HKLM/software/microsoft/windows/currentversion/run
CPMd7a7a959
i also found this suspicious key  d4949ac5

nothing would delete even with starting at command prompt.  so i loaded a copy of bart's pre-installed environment.  i used to use it as a not so good pc tech.
it loads a virtual xp from the cd
navigated to sys32 folder deleted files.

rebooted to regular xp.  viola, the antivirus finds files and deletes them.
the windows defender says good job.

there are a few more suspicious files i will delete.

files i have deleted include, all from windows/system32
wibotelo.dll
yokamuye.dll
zelokore.dll

i am now gonna delete vubebiye.dll which is associated with the key layayahinu.  there is no info on this i think this is new.  byebye to it.

i'm putting up this info for all out there.  you need barts pre installed environment and windows defender.  defender uses that crazy validation thing, so you must validate windows to get it.

good luck to anyone else who gets this.

yep that worked all clean no new weird files

You can try    this    for Vundo.

ha groovy thanks

malwarebytes anti-malware fixed it for me.  It's free and seems to fix just about everything.

Quote - malwarebytes anti-malware fixed it for me.  It's free and seems to fix just about everything.

Could you post a link please?
DPH

Attached Link: http://www.malwarebytes.org/mbam.php

big thanks! 

ah it's not quite over yet still lurking
i have the antivirus and windows defender running to find the source
added 4 new files to windows/system
damopore.dll
vupewoka.dll
zokulabo.dll
kiropevu.dll
had to delete from bart's pe again
running scans now

these files appear in windows/system as 0 byte files and oddly enough that consonant/vowel spelling

so i am waiting i will find the source

Did you try the scanner from malwarebytes?

Be sure to uninstall java from your Add/Remove Programs in Control Panel. Vundo enters through old java. If you use java, get the latest from Sun.

Also, when web surfing at least, operate as a user, not as an admin. Trojans can't self-install unless you are in admin mode.

no i did not try the scanner.  haven't heard a peep out of vundo.  think it is dead.
i'll look at it in a bit.
i did not realize that a trojan had to have admin.  i will check this out, set a new account.  it is true i never have accounts.

Just remember to switch back to yourself before you install a new program.  It won't let you unless you're the administrator.

Sounds like a nasty trojan, keeping my fingers crossed.  I use a separate old machine for the net and I can just wipe the hard drive and load up a clean system from a saved one on DVD.