Trojan.Vundo

Discussion in 'OT Technology' started by gsxspeeddemon, Feb 12, 2008.

  1. gsxspeeddemon

    gsxspeeddemon New Member

    Joined:
    Apr 21, 2007
    Messages:
    28
    Likes Received:
    0
    My moms computer has the Trojan.Vundo virus. She bought Norton anti-virus and it says it removes it, however two days later it shows up again. I pretty sure its not removing. I have tried doing some searching on how to fix this but I havnt had much look. Does anyone know how to remove this virus? Anyone willing to help.
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    get rid of norton. Norton is a virus, itself.

    You can try AVG. If that doesn't work then there are ways to get it clean, but I'd recommend a format/re-install.
     
  3. Mycophiles

    Mycophiles OT Supporter

    Joined:
    Jul 18, 2002
    Messages:
    15,130
    Likes Received:
    3
    Location:
    Houston, Texas
  4. Chris

    Chris New Member

    Joined:
    Oct 27, 2003
    Messages:
    14,711
    Likes Received:
    0
    Location:
    Texas on my mind
  5. etech

    etech New Member

    Joined:
    Jun 12, 2002
    Messages:
    4,660
    Likes Received:
    0
  6. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    What etech said. It keeps coming back for one (or more) of three reasons:

    1) It's reinstalling itself from System Restore as soon as it's deleted;
    2) There's a hole in the firewall that's allowing the virus to be re-downloaded;
    3) It's in your mom's email and she keeps opening the same email for whatever reason.
     
  7. onedownfiveup

    onedownfiveup Active Member

    Joined:
    Jun 26, 2005
    Messages:
    18,222
    Likes Received:
    0
    Location:
    KC
    OMG, I just got this thing. What a nightmare. :(

    I'm trying a few things posted here, hopefully it'll get rid of it.
     
  8. aimfox

    aimfox New Member

    Joined:
    Mar 31, 2008
    Messages:
    11
    Likes Received:
    0
    I got the same thing, it came from emails.

    I got this eliminated. Download AntiVir Anti-Virus, it's free. Update the definition and scan it. Once it detects it, click quarantine and it should be gone.
     
  9. sffitzge

    sffitzge New Member

    Joined:
    Feb 4, 2008
    Messages:
    240
    Likes Received:
    0
    i have this trojan on my laptop as well, i am planning on rolling back my computer to how it was when i got it (I don't have a reformat disk). If i turn off system restore will that get rid of my ability to "roll back" my computer?

    The reason I'm rolling back my T60 is that I'm putting in a new HD, and more RAM, and getting rid of all miscellaneous things that I don't need. If I leave this trojan (it doesn't seem to be doing much) on my laptop then roll it back will this get rid of the virus then anyways?

    Also, without a reformat CD what is the best way to "reformat" my computer?
     
  10. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Rolling back won't get rid of spyware. No self-respecting spyware forgets to infect the System Restore points.

    Yes, shutting off System Restore will wipe out the restore points, but since they're already infected, they're useless anyway.
     
  11. GreyRS

    GreyRS Your ignorance cramps my conversation.

    Joined:
    Jun 8, 2000
    Messages:
    1,891
    Likes Received:
    0
    Location:
    FL
    go to bleepingcomputer.com and search for combofix.exe. I have used this on computers at work as well as on those of customers. Like etech suggested erlier though- turn off System Restore and boot into safe mode, then run combofix.
     
  12. GreyRS

    GreyRS Your ignorance cramps my conversation.

    Joined:
    Jun 8, 2000
    Messages:
    1,891
    Likes Received:
    0
    Location:
    FL
    You can not reformat a computer without an OS disc. Or at least I know of no way to do it.
     
  13. sffitzge

    sffitzge New Member

    Joined:
    Feb 4, 2008
    Messages:
    240
    Likes Received:
    0
    sorry, i guess what i said earlier was a little confusing. lenovo partitions off part of the HD so that you can perform a system restore during start up which is essentially reformatting
     
  14. sffitzge

    sffitzge New Member

    Joined:
    Feb 4, 2008
    Messages:
    240
    Likes Received:
    0
    or at least i think it is
     
  15. nsxrebel

    nsxrebel New Member

    Joined:
    May 22, 2006
    Messages:
    3,272
    Likes Received:
    0
    Sounds like quite a headache to remove this trojan. I haven't used Windows in a while, but I was over at a friend's house and he was having network problems on his Vista machine. I got that working but his computer seems a lil sluggish. I suspect he might have some malware, but not this Vundo. I plan on doing a full scan soon. What is the best way to prevent from getting Vundo? From what I am reading, most/all of you are running some kind of antivirus, and are still getting infected by this trojan.
     
  16. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    I ran into this a few days ago and that combofix didn't do shit. There was some specific vundo remover that told me I didn't have it installed yet I had the DLL and it was loading ... hmmm nice tools. I ended up booting from a boot CD (Ultimate Boot CD) and removing the load points from the registry. It was in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs key. I went thru the other standard startup keys and removed the stuff that wasn't needed from there and removed all the nasty DLLs from the system32 folder. Alot of the newer stuff is able to alter the date/time of the file so sorting that system 32 folder by date isn't cutting it anymore. You gotta go thru and look for the bad stuff now. :(

    After all that the std scans with ad-aware, spybot and hijackthis and she was up and running again. :big grin:
     
  17. GreyRS

    GreyRS Your ignorance cramps my conversation.

    Joined:
    Jun 8, 2000
    Messages:
    1,891
    Likes Received:
    0
    Location:
    FL
    There are a few different versions of Vundo and one that has Smitfraud with it. I have used a tool called Vundofix which worked if it was only vundo, but I found that the most up to date version of Combofix worked on all vundo related trojans. Sorry it did not work for you. Those bastards are making the trojans harder to get rid of.

    As for how people are getting them, some by e-mail and some by hitting sites both legit and not so legit sites.
     
  18. GreyRS

    GreyRS Your ignorance cramps my conversation.

    Joined:
    Jun 8, 2000
    Messages:
    1,891
    Likes Received:
    0
    Location:
    FL
    If they created a system restore partition when you bought it, you should be able to download and print the instructions on how to do the restore from their site. With HPs, I believe it is hit F12 during initialization and it walks you through the process. Don't quote me on that though.
     

Share This Page