Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vundo keeps coming back when I visit certain sites...

  • Please log in to reply
1 reply to this topic

#1 latvianlightning


  • Members
  • 4 posts
  • Local time:03:52 AM

Posted 28 October 2009 - 01:56 AM

I don't go on questionable sites per se, I go on Facebook, Youtube, meebo, etc. and I'm not sure what triggers Vundo to come back. I've removed it several times with Malwarebytes, and I don't get annoying pop-ups or anything while I'm browsing. However, this has happened probably twice after I removed Vundo, I got a pop-up and had to remove Vundo via Malwarebytes. What are sites that trigger Vundo? Would it be sites with Java or Flash or something? Just not a fan of Vundo at all. Thanks :D

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,937 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 28 October 2009 - 10:43 AM

Hackers, malware writers and attackers have a variety of motives for installing malevolent software and use various methods and techniques to spread their malicious programs: Who Writes Malicious Programs and Why?

Rogue security programs are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware and is often seen with SmitFraud and Vundo infections. SmitFraud is a generic description for a family of rogue applications/trojans such as Win32.Zlob which comes disguised as a fake codec that installs other malware or rogue security products like SpySheriff. Vundo is a Trojan that infects a system with malicious Browser Helper Objects and .dll (Dynamic Link Library) modules attached to system files like Winlogon and Explorer.exe. These infections are responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Many variants typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The alerts can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary to include backdoor Trojans, Botnets, IRCBots and rootkits which make it more difficult to remove. For more specific information on how these types of rogue programs and infections install themselves, read:A large number of infections are contracted and spread via Internet Relay Chat, by visiting gaming sites, porn sites, using pirated software, cracking tools, and keygens.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Infections also spread by using peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser’s security holes and by exploiting a vulnerability in older versions of Sun Java. When you click on an infected email link or spam, Internet Explorer launches a site that stealthy installs a Trojan so that it can run every time you startup Windows and download more malicious files.

Researchers at the CA Security Advisor Research Blog have reported finding MySpace user pages carrying the dangerous Virut url. The Koobface Worm has beem found to attack both Facebook and MySpace users. YouTube users have been exploited by the Storm Worm. MSN Messenger, AIM and other instant messaging programs are also prone to malware attacks.Conficker worm's copycat Neeris spreading over IM
IM attacks get nastier
MSN Most Dangerous IM Client in 2007
IM attacks up nearly 80%
Other types of infections spread by downloading malicious applets or by visiting legitimate web sites that have been compromised through various hacking techniques used to host and deliver malware via malicious code, automated SQL Injection and exploitation of the browser/operating system vulnerabilities.

...More than 90 percent of these webpages belong to legitimate sites that have been compromised through hacking techniques such as SQL Injection...Hackers are apparently planting viruses into websites instead of attaching them to email. Users without proper security in place get infected by simply clicking on these webpages.

One webpage gets infected by virus every 5 seconds

Edited by quietman7, 28 October 2009 - 10:50 AM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users