|
proudsub -> RE: Vundo virus (7/28/2007 2:36:21 PM)
|
I have no idea how i picked it up. Here's a description and the site with the removal program. At first it was just annoying but then yesterday it became a real problem
http://www.spynomore.com/articles/vundo-trojan-specifics-and-removal.php
Vundo Specifics
Vundo (also known as VirtuMonde and VirtuMundo) is a malicious software application that combines both adware and trojan characteristics. Vundo is wide spread today and is probably one of the hardest programs to get rid of. Once installed, Vundo downloads and displays pop-up advertisements that often promote questionable computer-enhancement programs or fake anti-virus or anti-spyware utilities. Lately, Vundo has been advertising several rogue programs called WinFixer2005, WinAntiVirus Pro 2006, WinAntiSpyware and RazeSpyware.
Vundo typically displays messages warning the user that their PC is infected and needs immediate attention. The messages can mimic system messages (seem as if they are generated by Windows Operating System) and they refer the user to download one of its affiliated dubious programs. Sample message below:
"If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data loss. Would you like to install WinFixer 2005 to check your computer for free?"
Once installed, the program (Winfixer, WinAntiVirus, WinAntiSyware or RazeSpyware) pretends to find numerous errors and will coerce the user into paying money to fix these alleged errors.
It is noticed that Vundo Trojan uses the following domains and promotes software and services that belong to these domains:
reliablestats.com;
winantispyware.com;
winantivirus.com;
winantiviruspro.com;
winfixer.com;
winnanny.com;
winsoftware.com.
NOTE: Please do not visit these websites because Vundo Trojan may silently install without your permission or knowledge.
Your PC may become infected with Vundo Trojan if:
you visit affected website;
you open a spammed e-mail message;
you use affected peer-to-peer network;
you run an affected trojan application;
you install a software crack.
If you take a look at the report generated by the HijackThis anti-hijack tool, you may see entries similar to the following:
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
O2 - BHO: (no name) - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
O20 - Winlogon Notify: - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
O20 - Winlogon Notify: - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
These entries mean that the computer is affected by Vundo Trojan. {RANDOM_DLL_NAME} for example could be: "ddcya.dll", "jkkji.dll".
Please note that Vundo cannot be removed with HijackThis tool.
Vundo is able to download silently and install additional harmful files and adware components. It may noticeably decrease the amount of system virtual memory which slows down computer performance.
Vundo Trojan modifies Windows registry database which enables it to run on every Windows startup. It creates executable files with randomly generated names in the Windows or WINNT folders or subfolders. Vundo Trojan very effectively hides from the user and from spyware / virus detection software programs. Manual removal of Vundo Trojan is almost impossible for the overwhelming majority of PC users; only highly experienced professionals stand a chance.
|
|
|
|
