Troj_Vundo.AAE

  • Thread starter Thread starter to jimmy s
  • Start date Start date
T

to jimmy s

I have the above troj in my pc and I have tryed everything I know to get this
F****r out does anyone know how. Please help befor I go insane.
Regards Wills
 
"to jimmy s" <tojimmys@discussions.microsoft.com> wrote in message
news:880930F3-67F6-4D75-A941-2991C8F77484@microsoft.com...
>I have the above troj in my pc and I have tryed everything I know to get
>this
> F****r out does anyone know how. Please help befor I go insane.
> Regards Wills

Search that web interface discussion group for a security group and post in
there.
OR
try Google for a solution.

http://www.google.co.uk/search?hl=en&q=trojan+vundo&btnG=Google+Search&meta=

Antioch
 
Good luck, Wills. Because of this miserable thing, I ended up having to
re-install XP. VUNDO completely ruined the OS and took over. It tried again
after the re-install, but fortunately McAfee caught it and quarantined it
this time. Hope you have better luck with those links than I did.

Paul
 
to jimmy s wrote:
> I have the above troj in my pc and I have tryed everything I know to get this
> F****r out does anyone know how. Please help befor I go insane.
> Regards Wills

Try one of these Virus Removal Tools:

Avast! One tool for any current virus
http://www.avast.com/eng/avast-virus-cleaner.html

These sites have specific tools for specific malware. Since you know
the name, you might find a tool for that particular problem.

Symantec Virus Removal Tools
http://www.symantec.com/business/security_response/removaltools.jsp

F-Secure Virus Removal Tools
http://www.f-secure.com/download-purchase/tools.shtml

Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools

--
Joe =o)
 
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L.ORG http://66.39.69.143/

to jimmy s wrote:
> I have the above troj in my pc and I have tryed everything I know to get
> this F****r out does anyone know how. Please help befor I go insane.
> Regards Wills
 
"Detlev Dreyer" <detdreyer@flashmail.com> wrote in message
news:ff7227b4a08f57168656f8d8c1a3e2c3@d-d.mvps.org...
> "to jimmy s" <tojimmys@discussions.microsoft.com> wrote:
>
> > I have the above troj in my pc and I have tryed everything I know to get
this
> > F****r out does anyone know how. Please help befor I go insane.
>
> What's your problem. "Cleaning a Compromised System"
> http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Wrong-o.

While this article indeed contains some useful information,
its final conclusion, that you need to "flatten & reinstall" is
wrong for this particular problem.

It wasn't easy, but I got rid of Vundo by doing a lot of
research, using VundoFix's ability to delete "in use" files,
and some manual Registry editing.

Wasn't easy, wasn't fun, but I did NOT have to reinstall.

BTW - it came in on a Java applet on an old version of the
SUN JRE that had "vulnerabilities". So be sure to patch
up to the latest version.

>
> --
> d-d
 
"V Green" <vanceg@nowhere.net> wrote:

>> What's your problem. "Cleaning a Compromised System"
>> http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
>
> Wrong-o.
>
> While this article indeed contains some useful information,
> its final conclusion, that you need to "flatten & reinstall" is
> wrong for this particular problem.
>
> It wasn't easy, but I got rid of Vundo by doing a lot of
> research, using VundoFix's ability to delete "in use" files,
> and some manual Registry editing.
>
> Wasn't easy, wasn't fun, but I did NOT have to reinstall.

Reinstalling Windows from scratch is faster in most cases, especially
when having a clean backup (image). Only a specialist can assure that
your system is *really* clean after physical examination within a special
environment. People catching virulent malware do not originate from a
bright planet in most cases anyway. Trying to clean their infested
systems by patchwork from afar is nothing but a bad joke.

> BTW - it came in on a Java applet on an old version of the
> SUN JRE that had "vulnerabilities". So be sure to patch
> up to the latest version.

I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
version of the "Microsoft Java VM" instead. Since I'm supposed to be
the only one doing so, nobody seems to waste time creating any virulent
code affecting this dinosaur. Just one of my systems has the latest JRE
version installed in case that some software needs that crap.

--
d-d
 
"Detlev Dreyer" <detdreyer@flashmail.com> wrote in message
news:d0e1a9fd7316b81a89dd7a7c8da5ce54@d-d.mvps.org...
> "V Green" <vanceg@nowhere.net> wrote:
>
> >> What's your problem. "Cleaning a Compromised System"
> >> http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
> >
> > Wrong-o.
> >
> > While this article indeed contains some useful information,
> > its final conclusion, that you need to "flatten & reinstall" is
> > wrong for this particular problem.
> >
> > It wasn't easy, but I got rid of Vundo by doing a lot of
> > research, using VundoFix's ability to delete "in use" files,
> > and some manual Registry editing.
> >
> > Wasn't easy, wasn't fun, but I did NOT have to reinstall.
>
> Reinstalling Windows from scratch is faster in most cases, especially
> when having a clean backup (image). Only a specialist can assure that
> your system is *really* clean after physical examination within a special
> environment. People catching virulent malware do not originate from a
> bright planet in most cases anyway. Trying to clean their infested
> systems by patchwork from afar is nothing but a bad joke.

I agree, but OP didn't say whether or not he had an image avail.,
if he doesn't, it'll be an all day project when you figure in all the
apps that'll have to be reinstalled as well

It wasn't really a "patchwork" thing for Vundo - there's a ton
of info on it out there, and as soon as I understood what the hell
it was doing, it wasn't hard to catch the self-regenerating .DLL
it creates and delete it - then track down all the .REG entries
with HJT and remove them.

Most of the time spent was in educating myself. Since Vundo
was/is such a miserable SOB, and AV programs in general can't
deal with it, I wanted to understand how it worked.

> > up to the latest version.
>
> I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
> version of the "Microsoft Java VM" instead. Since I'm supposed to be
> the only one doing so, nobody seems to waste time creating any virulent
> code affecting this dinosaur. Just one of my systems has the latest JRE
> version installed in case that some software needs that crap.

Unfortunately, I have an expensive frame-accurate .MPG editor that
I use on an almost daily basis written entirely in Java. Or I would
be with ya on this one.
 
"V Green" <vanceg@nowhere.net> wrote:

>> Reinstalling Windows from scratch is faster in most cases, especially
>> when having a clean backup (image). Only a specialist can assure that
>> your system is really clean after physical examination within a special
>> environment. People catching virulent malware do not originate from a
>> bright planet in most cases anyway. Trying to clean their infested
>> systems by patchwork from afar is nothing but a bad joke.
>
> I agree, but OP didn't say whether or not he had an image avail.,
> if he doesn't, it'll be an all day project when you figure in all the
> apps that'll have to be reinstalled as well

Well, there are two advantages at the same time. First, he will have
a system that is perfectly clean after repartition and reinstalling from
scratch and second, he will start to consider a future backup concept if
he failed to have it already.

>> I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
>> version of the "Microsoft Java VM" instead. Since I'm supposed to be
>> the only one doing so, nobody seems to waste time creating any virulent
>> code affecting this dinosaur. Just one of my systems has the latest JRE
>> version installed in case that some software needs that crap.
>
> Unfortunately, I have an expensive frame-accurate .MPG editor that
> I use on an almost daily basis written entirely in Java. Or I would
> be with ya on this one.

Well, most software that requires Java installs Sun JRE and in most cases
this is *not* the latest version. Therefore, I remove that JRE stuff any-
way after the automatic installation. In many cases, the software runs
fine with the "MS Java VM" only. There was some poor software insisting
in the existence of a particular and outdated(!) Sun JRE version and that
software was subject to be removed instantly as well.

--
d-d
 
On Dec 23, 5:47 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:
> "V Green" <van...@nowhere.net> wrote:
...
> >> I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
> >> version of the "Microsoft Java VM" instead. ..

That would be the 3810 build of the MSVM?

It still has security concerns - ones that will *never* be fixed,
given as how it is obsolete & unsupported by the manufacturer
(for sime time now). MS' latest advice on Java (I saw) was..
"Get it from Sun".

>>> ..Since I'm supposed to be
> >> the only one doing so, nobody seems to waste time creating any virulent
> >> code affecting this dinosaur. Just one of my systems has the latest JRE
> >> version installed in case that some software needs that crap.
>
> > Unfortunately, I have an expensive frame-accurate .MPG editor that
> > I use on an almost daily basis written entirely in Java.  Or I would
> > be with ya on this one.
>
> Well, most software that requires Java installs Sun JRE ..

If Java software is launched(/installed) using Java Web Start,
it will use any suitable JRE found. Here are some examples.
<http://www.physci.org/jws/>
(Note that JWS is Java 1.2+ - no 1.1 VM understood the
JNLP launch files)

>..and in most cases
> this is *not* the latest version. ..

That sounds more like a Java app. wrapped up as a Win.
installer, with a JRE co-bundled. That is not the preferred
way to distribute Java software, JWS is. Any developer
that appears on the comp.lang.java.* usenet groups asking
how to 'make an exe' is strongly encouraged to try JWS
first.

>..Therefore, I remove that JRE stuff any-
> way after the automatic installation. In many cases, the software runs
> fine with the "MS Java VM" only.

I find that hard to believe. There has been very little
AWT GUI work done in the last few years, most of
the Java GUIs of recent times are coded using Swing
(Java 1.2+).

>..There was some poor software insisting
> in the existence of a particular and outdated(!) Sun JRE version ..

That is suspicious. Sometimes a Java app. will require
reliance on earlier buggy behaviour that has been fixed,
for quite innocuous reasons, but that indicates poor design
or maintenance of their own code. Even if the reasons for
using an earlier JRE are innocent, it limits the ability of the
end-user to use the JRE with the latest security updates.

>..and that
> software was subject to be removed instantly as well.

That sounds a good plan. I would not tolerate any Java
app. that requires a specific earlier version.

--
Andrew T.
PhySci.org
 
"Andrew Thompson" <andrewthommo@gmail.com> wrote:

> On Dec 23, 5:47 am, "Detlev Dreyer" <detdre...@flashmail.com> wrote:
>> "V Green" <van...@nowhere.net> wrote:
> ...
>>>> I'm tired of this lousy Sun JRE crapware. I prefer to use the latest
>>>> version of the "Microsoft Java VM" instead. ..
>
> That would be the 3810 build of the MSVM?

That's correct. Version 5.00.3810 to be more specific.

> It still has security concerns - ones that will never be fixed,
> given as how it is obsolete & unsupported by the manufacturer
> (for sime time now). MS' latest advice on Java (I saw) was..
> "Get it from Sun".

ACK. I'm aware of these security gaps and this is the whole story:
http://groups.google.com/groups?selm=8cfd17710da0e218875cda9f1d324122@d-d.mvps.org

Meanwhile, that test had been finished and Sun JRE (the latest version)
is presently installed on one of my machines only.

>> ..and in most cases this is not the latest version. ..
>
> That sounds more like a Java app. wrapped up as a Win.
> installer, with a JRE co-bundled.

Yes and unfortunately, this is not an exception. Some of them have the
*option* to install Sun JRE during setup while others install Sun JRE
automatically.

>> ..Therefore, I remove that JRE stuff any-
>> way after the automatic installation. In many cases, the software runs
>> fine with the "MS Java VM" only.
>
> I find that hard to believe. There has been very little
> AWT GUI work done in the last few years, most of
> the Java GUIs of recent times are coded using Swing
> (Java 1.2+).

There is an increasing number of exceptions and as already posted, one
of my machines has the latest Sun JRE version installed for these cases.

>> ..There was some poor software insisting
>> in the existence of a particular and outdated(!) Sun JRE version ..
>
> That is suspicious.

Not really. This has been original software, eg. for income tax state-
ments and home banking - confirmed in local newsgroups as well.

> Sometimes a Java app. will require reliance on earlier buggy behaviour that has been fixed,
> for quite innocuous reasons, but that indicates poor design
> or maintenance of their own code. Even if the reasons for
> using an earlier JRE are innocent, it limits the ability of the
> end-user to use the JRE with the latest security updates.

ACK.

>> ..and that software was subject to be removed instantly as well.
>
> That sounds a good plan. I would not tolerate any Java
> app. that requires a specific earlier version.

Yep.

--
d-d
 
Back
Top