Home > I Think > I Think It's Vundo.

# I Think It's Vundo.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Using the site is easy and fun. That's what we use to get rid of 99% of the viruses/trojans/malware.Here's a list of utilities that we use:01/04/2009 02:20 PM

Autoruns01/04/2009 12:13 AM Confickher virus removal (april fool's Vundo really blurs the line between virus and malware. http://lsthemes.com/i-think/i-think-i-have-vundo-and-more.html

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} deleted successfully. Gold subscriber Administrator Topic Author Posts: 46224 Joined: Tue Aug 20, 2002 10:51 pm Location: Somewhere, having a beer Frikkin' Vundo trojan Quote #1 Sat Apr 11, 2009 11:59 pm So C:\found.000 folder moved successfully. I wave, but they don't slow down.-- Steven Wilson Top Forge Lord High Gerbil Posts: 8163 Joined: Wed Dec 26, 2001 7:00 pm Location: SouthEast PA Re: Frikkin' Vundo trojan http://www.bleepingcomputer.com/forums/t/287156/i-think-its-vundo-infected/

Take me to the forums! Now that was a major bitch to remove...MBAM picked up a rootkit on one of the student PCs a while back. Several functions may not work. File delete failed.

Place a check against each of the following:O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Aaron\AppData\Local\Temp\ssqQkLDv.dll,#1O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Aaron\AppData\Local\Temp\iIbayyVn.dll,cClick on Fix Checked when finished and exit HijackThis.Restart the computer normally.*/*If still having Do to the fact it attaches itself to system processes and can add registry keys to the auto-start, this special bugger can execute itself every time Windows is rebooted.? We apologize for the delay; our helpers have been very busy.If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the We have to have Java on the school PCs for some of the online classroom software we use, and some of my students are strident rejectors of any and every update

We have observed the following variants displaying this behavior: Trojan:Win32/Vundo.AF   Trojan:Win32/Vundo.AX Trojan:Win32/Vundo.BI Trojan:Win32/Vundo.CK Trojan:Win32/Vundo.FZ TrojanDownloader:Win32/Vundo.J   We have seen the variants sending the following information: Information about Outlook Express accounts Win32/Vundo might modify the following registry entry to load the newly created DLL whenever you start your PC or Internet Explorer: In subkey: HKLM\SOFTWARE\Classes\CLSID\Sets value: "InprocServer32"With data: " by Grif Thomas Forum moderator / February 26, 2008 11:45 PM PST In reply to: VUNDO problem Has any program identified it specifically to Vundo?

and sometimes my antivirus can not detect them. http://www.geekstogo.com/forum/topic/196710-had-the-cursed-vundo-but-i-think-its-ok-now-resolved/ I get PCs in regularly for cleaning/reimage where Windows Update has been forcibly disabled and they are still on IE6 and XP SP2, even as recently as last week.FFS, XP SP3 You either like them or hate them.Gerbils unite! We have observed the following exploits detected alongside Win32/Vundo infections: CVE-2008-5353 CVE-2009-3867 CVE-2009-3869 CVE-2010-0094 CVE-2010-0188 CVE-2010-0840 CVE-2010-0842 CVE-2010-1297 CVE-2010-4452 CVE-2011-1823 CVE-2011-3521 CVE-2011-3544 CVE-2012-0056 CVE-2012-0507 CVE-2012-1723 CVE-2012-4621 CVE-2012-4681 CVE-2012-5076 CVE-2013-0422 CVE-2013-0431 CVE-2013-1493

When finished, it will produce a report for you. http://lsthemes.com/i-think/i-think-its-vundo.html What did they think was going to happen?? Explorer started successfully < End of fix log > OTScanIt by OldTimer - Version 1.0.11.11 fix logfile created on 05012008_220503 Files moved on Reboot... Modifies browser behavior Variants of the family, such as Trojan:Win32/Vundo.K, might redirect certain URLs to others of their own choosing, including search engines such as webvolta.ru.

As you can tell, this is definitely a more serious type of trojan and should not be taken lightly. This guy had done a google search for something to do with AutoCAD, just below the result he wanted was a site offering AutoCAD keygens... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(3584)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\stsystra.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\windows\system32\ZuneBusEnum.exec:\windows\ehome\mcrdsvc.exec:\windows\system32\dllhost.exec:\windows\eHome\ehmsas.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exe.**************************************************************************.Completion

## First, I'd like to cover what?exactly a?Trojan?Virtumonde?is or can look like for some of our viewers who might not be so familiar with it.?

I think it's Vundo infected Started by NekoStar , Jan 15 2010 11:24 AM This topic is locked 10 replies to this topic #1 NekoStar NekoStar Members 14 posts OFFLINE Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Kernel and Hardware Abstraction Layer deleted successfully. I wave, but they don't slow down.-- Steven Wilson Top Forge Lord High Gerbil Posts: 8163 Joined: Wed Dec 26, 2001 7:00 pm Location: SouthEast PA Re: Frikkin' Vundo trojan this Topic has been closed.

Please click here if you are not redirected within a few seconds. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your I think its the vundobut cant remove. Check This Out Thank you for helping us maintain CNET's great community.

Files Infected: C:\WINDOWS\sfrvctf.dll (Trojan.Hiloti) -> Delete on reboot. What did they think was going to happen?? HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Thanks for the response! C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.