"Detlev Dreyer" <detdreyer@flashmail.com> wrote in message
news:d0e1a9fd7316b81a89dd7a7c8da5ce54@d-d.mvps.org...
> "V Green" <vanceg@nowhere.net> wrote:
>
> >> What's your problem. "Cleaning a Compromised System"
> >> http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
> >
> > Wrong-o.
> >
> > While this article indeed contains some useful information,
> > its final conclusion, that you need to "flatten & reinstall" is
> > wrong for this particular problem.
> >
> > It wasn't easy, but I got rid of Vundo by doing a lot of
> > research, using VundoFix's ability to delete "in use" files,
> > and some manual Registry editing.
> >
> > Wasn't easy, wasn't fun, but I did NOT have to reinstall.
>
> Reinstalling Windows from scratch is faster in most cases, especially
> when having a clean backup (image). Only a specialist can assure that
> your system is *really* clean after physical examination within a special
> environment. People catching virulent malware do not originate from a
> bright planet in most cases anyway. Trying to clean their infested
> systems by patchwork from afar is nothing but a bad joke.
I agree, but OP didn't say whether or not he had an image avail.,
if he doesn't, it'll be an all day project when you figure in all the
apps that'll have to be reinstalled as well
It wasn't really a "patchwork" thing for Vundo - there's a ton
of info on it out there, and as soon as I understood what the hell
it was doing, it wasn't hard to catch the self-regenerating .DLL
it creates and delete it - then track down all the .REG entries
with HJT and remove them.
Most of the time spent was in educating myself. Since Vundo
was/is such a miserable SOB, and AV programs in general can't
deal with it, I wanted to understand how it worked.
> > up to the latest version.
>
> I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
> version of the "Microsoft Java VM" instead. Since I'm supposed to be
> the only one doing so, nobody seems to waste time creating any virulent
> code affecting this dinosaur. Just one of my systems has the latest JRE
> version installed in case that some software needs that crap.
Unfortunately, I have an expensive frame-accurate .MPG editor that
I use on an almost daily basis written entirely in Java. Or I would
be with ya on this one.