Posted 01 July 2008 - 09:28 AM
I ran into a new type of spyware last night, or maybe a new variant of vundo. I have already removed it, so no logs.
It wouldn't let me run, or install any programs to help me remove it. Firefox was already installed, but I couldn't run it. Internet explorer was the only browser that would function. Naturally when you used it you would get TONS of popups. But it wouldn't let me download any of the following programs.
Hijackthis, spybot, superantispyware, firefox, combofix, sdfix, smitfraudfix, vundofix, virtumundobegone, malwarebytes setup, rogueremover, etc....
When I clicked on the download link to any of those files on any websites, nothing would happen! I had to download the above programs on another computer, burn to cd, copy programs to c: boot into safe mode. Once I got into safe mode, I couldn't run ANY of those programs. The computer was working correctly as I could run any other program, and a few lesser known scanners such as DSS. I finally figured out to rename the .exe files. I renamed hijackthis to hijackthi. I renamed combofix to combofi. etc.... and voila! I could run the programs now. FINALLY after running all the above programs the infection was gone. I just wanted to share my experience so you guys would know to rename files if you run into this problem and also hopefully gain some insight as to what malware does that? My guess would vundo as that was the majority of what I removed.