Trojan, Vundo

The Gelded Geek: Any issues relating to hardware, troubleshooting computer issues for NWN1 and NWN2, building a new computer, etc
Locked
DM_Kim
Dungeon Master
Posts: 1444
Joined: Fri Jan 25, 2008 2:54 pm

Trojan, Vundo

Post by DM_Kim »

While I was down hubby used my computer and got hit with Trojan, Vundo.

How it happened was when he was searching a second browser open automatically (Firefox) when he went onto a particular web site. The second browser window was on "AntiVirusScan2009" which locks your browser open until you close it through Control Manager.

This one had a twist. When this one opened Hubby told me that there was a cartoon style convo bubble pointing to the URL stating, "Goolge says this is a Virus. GET ME OUTA HERE" and he clicked on that. Faster than you can blink he had just auto accepted and installed Trojan, Vundo, a nasty version too, that also pulled in 4 other different types of trojans.

It took:
SDFix
VundoFix
VirtumundoBeGone
Malwarebytes' Anti-Malware
HiJackThis

to catch and clean out all the garbage. All of these can be found with Google, are freeware and have instructions to follow. And the work. Once a day I now run Malwarebytes' just to be on the safe side.

Stay safe, Stay clean and hope this helps you out.
Mistress Kim
dm_kim999@hotmail.com

*************************************************
Berronar Truesilver - The Revered Mother

Image

Punjab
Noob
Posts: 7
Joined: Tue Jul 08, 2008 12:35 pm

Re: Trojan, Vundo

Post by Punjab »

I deal with this stuff every day and what DM Kim is saying is right. These new viruses now pop up and tell you that you are infected and you click on ANY button (even the close button) and you have just accepted it. Alt+F4 is the only way to close the window and not accept. What the skum-bags who wrote these viruses have done is to reprogram the Exit button and the Close button so they also "accept" just like the OK button does.

I highly recommend AVG Anti-virus, A-Squared Free and Spybot Search and Destroy to add to what DM Kim has posted here. They can be downloaded from majorgeeks.com - a great place to get freeware that is safe.

BTW, one way to clean a virus is to use an old hard drive and make it drive C (your master drive). Do a general load of your favorite OS on it and load up the anti-virus programs mentioned here. Connect your original drive (the infected one) as a slave drive and scan it from this "new" master drive. This way, you never turn on the infected drive's registry and you will be able to clean viruses off it that could not be cleaned any other way. Once your original drive is cleaned, hook it back up as master and do one more scan to make sure the registry entries are clean. PM me with any questions on this procedure.

frogofpeace
PKer
Posts: 1237
Joined: Sat Oct 28, 2006 7:14 am

Re: Trojan, Vundo

Post by frogofpeace »

aha - i got infected with a rogue antivirus program (kept popping up telling me I was infected, and I had to buy their prgram to disinfect), now I think I know how.thanks for the tip.

thanks
Three years of nursery school and you think you know it all.
- Dr. Michael Hfuhruhurr

disastro
Spamalot
Posts: 624
Joined: Fri Oct 13, 2006 5:59 pm

Re: Trojan, Vundo

Post by disastro »

in general if you get whacked with one of these nasty viruses you have to nuke the site from orbit and do a fresh reinstall of windows. it's the only way to be sure.

some viruses are pretty good at hiding themselves from just about any antivirus, and for all you know FIVE trojans got installed, 4 for "cover" and one that isnt caught by anything you have.

punjab's method is also good if you have the means, though i personally would feel better simply wiping the entire system to be sure some twisted twisted variant isnt still around.

for easier reinstalls: partition c:\ for windows only and use d:\ for everything else + regular backups.

backups: it's whats for dinner!

DM_Kim
Dungeon Master
Posts: 1444
Joined: Fri Jan 25, 2008 2:54 pm

Re: Trojan, Vundo

Post by DM_Kim »

Heads Up guys.

If it's out there I will find me. Some of you know I bough a new system because my other one would no even send a signal to the monitor when it was turned on let alone boot. Which caused me to go out and buy a new system.

This weekend I got hit again on my new system while working on the old hard drive trying to figure out what happened to lock up my old system and cause over (now the counts stands at) 20 gigs of files to be completely destroyed. These files mostly are beyond recovery.

My system acted a bit funny so I ran all my checkers to discover that I had a new one called. Pack.Generic.200 That was the only bad file on my system. Cleaned that one out ran all the checkers again and nothing but things still weren't right. This new virus apparently came on the seen Dec 31 2008 and was not detectable by most checkers until now. However, it's what it does that makes things worse. What all my checkers did not pick up was another 104 heavy spyware, torjans and some other nasty stuff.

During my research a came across SpyDoctor mareware remover which picked up on everything that was missed. How I got infected was while trying to recover scandisk CHK files I opened an exe and boom. Caught it in time so that nothing was damaged, but once I'm done going through the CHK files and recover what I can I will be reformatting all drive to eliminate all problems.

Some of what this Pack.Generic.200 loaded did the major damage. Plus it opens your system up to all kinds of back doors, messes with your your scanning and security programs by shredding the exe's for them, destroys books marks, loads pre determined web forwarding address so more gets loaded onto your system.

This was one that was missed some how when Vundo fired up in my old system.

It's been 2 months since Pack.Generic.200 has been on the scene and already it has evolved to Pack.Generic 203 and 208 each being worse than the previous..
Mistress Kim
dm_kim999@hotmail.com

*************************************************
Berronar Truesilver - The Revered Mother

Image

John
Pk Bait
Posts: 54
Joined: Mon Feb 02, 2009 11:56 am

Re: Trojan, Vundo

Post by John »

yea, i and a few friends got wacked with that one too, quite unfortunate that morons gotta be morons

Locked

Return to “General Computer Support”