On 3/5/09 using malwarebytes, I picked up Trojan.Vundo too.
Logs below in red:
Logs from 3/5/09:
C:\Documents and Settings\Steve\My Documents\BackUp Files\Downloads\HPPSE1.12.0.46ENU.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\My Documents\BackUp Files\Downloads\MP10Setup.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\My Documents\Downloads\HPPSE1.12.0.46ENU.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\My Documents\Downloads\MP10Setup.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
I haven’t noticed anything particularly weird going on with my machine, but they’re making a huge fuss over that at their forums, and I noticed a few here too http://www.malwarebytes.org/forums/i...2BTrojan.Vundo
I quarantined it for weeks and removed it a couple of days ago.
It hasn’t reappeared since then and I scan several times daily when I’m surfing a lot.
If you google that dang thing, there are supposedly some removal tools at symantec.
I printed the removal instructions (4 pages) from majorgeeks (Great site!).....and it's fairly complicated.
It is a big thing. Follow all the following instructions to get rid of it. It can be very difficult to deal with.
Print these instructions out.
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner4.exe
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked): - Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again. - Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program. Post SUPERAntiSpyware log. NOTE: Tracking cookies can be omitted from the log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop. (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
3. Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
Yahoo !
(the only time I’ll ever use that phrase with glee….they’re involved with ATT as my (cra* dsl) ISP
Looks like I’m Vundo free…..attached in a screen print.
All I can do is state the facts with my stuff.
The last thing anyone in this Community needs is some duma**like me) telling anyone I found a solution.
Here is what I know from experience about Trojan Vundo: malwarebytes version 1.34
found it first, when no other protective programs I use did: including Kaspersky…..shame on them, for $70 per year. (and they're telling me an adobe update is a critical threat)
Microsoft Windows Malicious Software Removal Tool, version 2.7, article/update kb890830-v2.7 would have and did not find it and there was no evidence of it when it was quarantined in the 1st (free) program.
If you check the list of malware in that version, vundo’s on there as
w32/vundo.
It was an optional update, the second edition that I posted after 2.5 was introduced....now gone from the update forum. (which does need frequent cleaning)
So….evidently it was a false positive, for me, or I never had it anyway.
All I can say is:
If you think you haveit, you may use the Symantec removal tool as suggested, or use either one of mine.
They allseem to work.
My episode was just caught routinely.
Malwarebytes scans fast and updates 3-6 times per day.
Trojan.Vundo....is this any BIG deal (or) Not?
Reply With Quote
Confirmed Broni
Yahoo! Vundo free.......
