Vundo - Virus/Trojan/Hijack etc.

Started by Hans Manhave, October 01, 2009, 09:45:35 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Hans Manhave

Besides reformat, how do I remove a Vundo infection?  This is on a home computer, it was a good lesson for a kid not to go wherever a thought leads, and a dad to install more Deepfrozen machines instead of letting some be open and trusting a virus scanning software.  But I like to get rid of it first.  I ran SuperAntiSpyware which may have gotten rid of a bunch, a virus scanner which may have gotten rid of a bunch, but instead of it becoming more subdued, it is out in greater force than yesterday.

Thanks.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Marie (Zionkowski) Gozikowski

Hans

I just cleaned up someone's laptop 2 weeks ago with this....

Download Malwarebytes' Anti-Malware, and install it on the computer - run once, and make note of the
names of the files it is deleting...   go into your registry and search/remove those, then reboot in safe mode
and run Malwarebyte again....  It was the only thing that I could get to work --- SuperAntispyware and others didn't seem to be able to remove it

Took a while, but it is possible to remove it - good luck!
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Mark

+1 for Malwarebytes -- though I am not familiar with your infection.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Marie (Zionkowski) Gozikowski

New one going around... have actually cleaned up two computers in the last month with it...

Also a REALLY nasty one out there called PCAntispyware2010... one of those things where it pops up
and says 'your computer is infected, click here to download our free on-line virus scan..."   It was a
tenacious little bas***d, and took a long time to track down the dll's and registry items....

(Good thing I'm tenancious too....)    :o
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Mark

I added HAVP to my proxy so now I am scanning http traffic for viruses using the ClamAV database.  I've already heard about some false positives some shops have experienced in the past, but I'd rather a false positive then an infection.

I am happy with this configuration so far.  Performance is decent as well.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Sheila Foss

SuperAntiSpyware which is free, was the only one that removed the prior versions easily.  Although you had to rename the file to install it, since those programs watch out for the name.

Haven't had the pleasure (!) of working on the 2010 version yet.

Marie (Zionkowski) Gozikowski

Quote from: Sheila Foss on October 02, 2009, 11:59:28 AM

Haven't had the pleasure (!) of working on the 2010 version yet.


LOL --- your friends will hit you up soon enough~    :P
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Bob



Han's what ever happened to your strong endorsement of Hit Man Pro?

Jeff Zylstra

VUndoFix.exe is a specialty program that I've used a couple of times with great success.  It is an executable that will run right off a usb memory stick without installing, and it was not blocked by VUndo.   That said, VUndo is somewhat "old" by now so I think that either Malware Bytes or Super Anti Spyware would both clean it up too.  Good luck.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Hans Manhave

SuperAntiSpyware made an attempt but by no means was succesful.  MalwareBytes did a much better job, plus, and I think this was also a big part, I deleted the other users.  Tough they lost their files, but a good lesson.

Still wondering if I should do DeepFreeze with Igloo or WinSelect.  The latter looks more interesting to me.  But I'll probably end up doing both.  The Enterprise version of each appears to be what I want.  Just wish they had it as one product.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Marie (Zionkowski) Gozikowski

I never used Deep Freeze before... I'd be interested in knowing what people think
about it...
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Dawn Shirley

I think its a cold dark place, when the lid is closed.  Remember on Desperate Housewives the old lady had her husband in it!
Dawn Shirley
GEM Insurance, Houston, TX
TAM 10.3; @fax; citrix; 40 users

Marie (Zionkowski) Gozikowski

Wow --- I'm gonna have to start watching that show   :o
Marie (Zionkowski) Gozikowski
Iddings Insurance Agency
Wyalusing, PA
WinTAM 11.1    SBS 2003 
8 users

Nick Oliver

Quote from: Marie Long on October 07, 2009, 09:40:38 AM
I never used Deep Freeze before... I'd be interested in knowing what people think
about it...
Deepfreeze is awesome, I'll fill you in more at TENCon when I see you

Hans Manhave

It is.  You just have to handle the unfrozen parts, because you'll need those.  They made an Igloo for that.  Planning ahead and scheduling in the use of DeepFreeze would greatly help.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein