is a Trojan that infects a system with malicious Browser Helper Objects
(Dynamic Link Library) modules attached to system files like Winlogonand Explorer.exe. The infection is responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Newer variants of Vundo typically use bogus warning messages
and alerts to indicate that your computer is infected with spyware or has critical errors
as a scare tactic to goad you into downloading a rogue security program
which uses social engineering
and scams to trick a user into spending money to buy a an application which claims to to fix it. The messages can mimic system messages so they appear as if they are generated by the Windows Operating System.
Vundo spreads via Internet Relay Chat, by visiting underground web pages, adult, gaming
or pirated software
sites, and by using peer-to-peer
(P2P) file sharing
programs which are a security risk that can make your computer susceptible to a smörgåsbord of malware infections
, remote attacks, exposure of personal information, and identity theft.
The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary
to include backdoor Trojans
which compromise the computer
and make the infection more difficult to remove. For more specific information on how these types of rogue programs and infections install themselves, read:
When a backdoor Trojan, IRCBot or rootkit is involved, the PC has likely been compromised
and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure
even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
is there a malware that combofix wont remove ?
sUBs, the developer of ComboFix, has asked that the inner workings of the tool not be discussed in public
ComboFix usage, Questions, Help? - Look hereSafeguarding
Questions about ComboFix and how it works:
...discussions pertaining to how Combofx works, what it can or cannot do, what the log results mean, any future plans, updates, etc is not available to the public in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. The only public information that is available can be found in this authorized guide: How to use ComboFix
ComboFix from malware writers is necessary and important
so that we can continue to use it without attackers having knowledge how to defeat it. Everything we discuss can be read by the bad guys. Yes, they read forum topics looking for clues on how to circumvent our tools. We don't want to provide any information they can use against us so we deliberately limit discussion which sometimes may appear vague or not fully address a specific question. That's the decision by the creator of ComboFix so we hope you understand and it should not be taken personal.
If you want to learn more about ComboFix you will have to enroll in the Malware Removal Training Program
here at BC (if space is available) or one of the other various Unite Schools
where such training is offered. In that environment experts will train those interested in assisting others with malware removal and how to use specialized fix tools like ComboFix.