Vundo Trojan Virus! WTF?

[Mr.Herbert]

Can anyone help? I thought I had great protection.... I went on Hidemyass.com to enter a 911 Conspiracy site and I started getting pop ups.

My Mcaffee starts up every 5 mins and pop ups every two minutes. It is called Vundo!grb

I ran a complete system check and nothing was found. Can anyone help? (work laptop!) I.T. guy is going to be pissed.

Thanks in advance!

 

[Doubt]

I have experience with that one.

First, you want a copy of this program: http://vundofix.atribune.org/

Vundo is more malware than virus. It either is a downloader or the result of a downloader, so you probably have other problems.

Vundo fix works quite well and is free. But both Vundo and Vundofix are updated regularly. The fix is normal no more than a week behind the malware in development.

 

[drainbread]

Can anyone help? I thought I had great protection.... I went on Hidemyass.com to enter a 911 Conspiracy site and I started getting pop ups.

My Mcaffee starts up every 5 mins and pop ups every two minutes. It is called Vundo!grb

I ran a complete system check and nothing was found. Can anyone help? (work laptop!) I.T. guy is going to be pissed.

Thanks in advance!

 

[Mr.Herbert]

Hi Doubt~

Thank you for the information. WOW it took 5 different programs and almost 2 hours of scanning. So far so good....no pop ups, no alerts.... No visit to the I.T. manager!!

 

[GreNME]

And this is why none of my users run with any more than basic user privs on any company computer.

 

[Aerik]

This is why I make sure to use a program that updates and protects the hosts file (spybot search & destroy, spywareblaster from javacoolsoftware.com). And I looked for other anti-malware and anti-advertisement, and even a huge anti-porn host files to merge into it (>80% of all malware is hidden in an ad or porn), I back it up, and I sandbox the web browser (no, this doesn't slow you down).

 

[Dancing David]

And this is why none of my users run with any more than basic user privs on any company computer.

And why IT guys hate labs tops! They get all sorts of crud loaded on them, people take them home, hook them into all sorts of networks, all sorts of places.

In my school district the big issue is we don't limit privileges, too much complaining about it.

Then even more when we uninstall all the stuff they aren't supposed to have.

"But why can't I stream audio, use Rhapsody, bid on E-bay, have my Bluetooth synchronised !?!"

"Why doesn't my machine work any more?"

 

[Dancing David]

This is why I make sure to use a program that updates and protects the hosts file (spybot search & destroy, spywareblaster from javacoolsoftware.com). And I looked for other anti-malware and anti-advertisement, and even a huge anti-porn host files to merge into it (>80% of all malware is hidden in an ad or porn), I back it up, and I sandbox the web browser (no, this doesn't slow you down).

How do you sandbox, I know the basic idea, what software?

 

[joobz]

I've relied on forums.Majorgeeks.com maleware removal thread for updates on best PC practices.

 

[GreNME]

And why IT guys hate labs tops! They get all sorts of crud loaded on them, people take them home, hook them into all sorts of networks, all sorts of places.

In my school district the big issue is we don't limit privileges, too much complaining about it.

My company laptops are just fine.

I'll see if I can't find the document I used to convince my bosses that least privileges cost the company less than having me concentrate on cleaning the bugger once I get it back. This was during a time of growth, though, so they needed my time on other things like planning and getting the systems to scale, but in today's economic environment it might prove an even stronger argument. I tended to boil it down to catchy business-talk memes, like explaining the difference between a process and a procedure to get their focus on the idea of efficiency and then pointing out how standards will produce more consistent results (and contribute to efficiency when refined).

Another idea would be to install Microsoft's SteadyState (formerly Shared Computer Toolkit) on the laptops and tell them that they must save to an external (USB flash) drive in order to save work.

 

[Aerik]

I use a program called "sandboxie," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

 

[thrombus29]

I got rid of Vundo with a combination of the Malwarebytes Anti malware, CCcleaner, and Hijack this.

Had to do it in safe mode too, it's a real PITA.

 

[Furcifer]

I got it about 3 weeks ago, the only thing that worked was Malwarebytes anti malware. Even the vundo fix wouldn't work. I guess there are newer variants. Now I've got double-click...

 

[GreNME]

I use a program called "sandboxie," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

Nice, I didn't know about sandboxie. I wonder if there are any programs out there to make doing the same to other programs easy.

ETA: ... and is free. I understand this program has limited abilities with other programs, but I'm wondering about something more general and open source. Windows' almost-sandboxed nature has been something that can get on my nerves quite often.

 

[Aerik]

You can make sandboxie work on anything.

 

[Skeptic Ginger]

[Makes note of thread....puts away in future file just in case.]

 

[GreNME]

You can make sandboxie work on anything.

I'm sure it can work at least nominally, but the interface seems complicated and it's not free. I was looking at it as a possibility for users, not for myself. I can sandbox stuff to the degree I need using different computers for some stuff, and using my MacBook Pro and Crossover for other things. But I can't recommend this as a simpler option for the two aforementioned reasons.

 

[Doubt]

I got it about 3 weeks ago, the only thing that worked was Malwarebytes anti malware. Even the vundo fix wouldn't work. I guess there are newer variants. Now I've got double-click...

You probably got hit with the latest version. Like I stated before, Vundofix is about a week behind. The jerks that make Vundo keep changing it to counter various fixes.

 

[Dancing David]

My company laptops are just fine.

I'll see if I can't find the document I used to convince my bosses that least privileges cost the company less than having me concentrate on cleaning the bugger once I get it back. This was during a time of growth, though, so they needed my time on other things like planning and getting the systems to scale, but in today's economic environment it might prove an even stronger argument. I tended to boil it down to catchy business-talk memes, like explaining the difference between a process and a procedure to get their focus on the idea of efficiency and then pointing out how standards will produce more consistent results (and contribute to efficiency when refined).

Another idea would be to install Microsoft's SteadyState (formerly Shared Computer Toolkit) on the laptops and tell them that they must save to an external (USB flash) drive in order to save work.

Yeah, we are considering the Steady State on the desktops, it has some issues (like having to install printers everyday), the issue is that staff don't want IT to limit the scope of what they can do. (It is a school distrcit which is very different from a private company), heck the pricipals got all pissy when they had the thumb locks onthe new machines diabled (Duh, it we need your thumb to unlock the machine it makes maintainence very hard.)

Also we only have seven techs in a large district, they don't want to be bothered with all the minutia of installing software for each class room.

 

[Dancing David]

I use a program called "sandboxie," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

Thanks.