Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan Found.


  • Please log in to reply
5 replies to this topic

#1 figgis41

figgis41

  • Members
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hull England
  • Local time:03:12 PM

Posted 26 May 2008 - 12:14 PM

hi all,,, i ran a scan with MB and it found the Vundo Trojan,,, i dont know how i got it but MB seams to have removed it,,, my question is,,, is there anything else i need to do or check to be sure its gone,,,, its just that when i ran a scan with SAS it did not find anything,,, then i ran a scan with MB and there it was,,, after removeing the Trojan i booted in safe mode and ran another scan and came up clean,,,, i may be getting a bit paranoid here but i cant understand how SAS missed it,,,, i have had previous experiance with Trojans on my wife's xp machine and its not something i take lightly as it totally nackerd up the HDD and the os,,, and i had to buy a new hdd and reinstall the os,,, off corse there were no backups and she lost everything.
Thanks all,,,,,, Ian
p/s here's the log of the scan.

Malwarebytes' Anti-Malware 1.12
Database version: 781

Scan type: Full Scan (C:\|)
Objects scanned: 113578
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Figgis,,,, LUFC

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 26 May 2008 - 02:16 PM

i may be getting a bit paranoid here but i cant understand how SAS missed it

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

How is your computer running now? Any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 figgis41

figgis41
  • Topic Starter

  • Members
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hull England
  • Local time:03:12 PM

Posted 27 May 2008 - 10:12 AM

hi quietman,,,, thanks for the reply,,, i have run several scan's in safe and normal mode and moniterd processes in task manager and have not had anything strange happening since i deleted the trojan with MB,,, i have also run scan's with my other security programs and all come up clean,,, i think MB got it,,, thanks for your help,,,,Ian
Figgis,,,, LUFC

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 27 May 2008 - 10:45 AM

Good job.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings".
"How to Set Security Options in the Firefox Browser".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 figgis41

figgis41
  • Topic Starter

  • Members
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hull England
  • Local time:03:12 PM

Posted 28 May 2008 - 12:34 PM

Thanks again quietman,,,,, i ran it ok for a couple of days then switched sys restore off then back on again to empty it just incase,,,, i also scanned my external hdd in safe and came up clean,,,, i am now told by my wife that she downloaded a game last week and it prompted her to install a codec to play it,,,, we alredy have K-LITE codec pack in mine and her machine's,,,,, so did she ignore the prompt ???????
answers on email to,,,, i will not mess with my husbands computer anymore@because he has now changed the password on my crappy XP machine. com
Figgis,,,, LUFC

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:12 AM

Posted 28 May 2008 - 01:40 PM

i will not mess with my husbands computer anymore@because he has now changed the password on my crappy XP machine. com

Drastic times call for drastic measures. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users