SoCalCreations  >>  Articles  >>  Computer
 
 
 Vundo Trojan: a good lesson, Malwarebytes
 
 
Vundo Trojan: a good lesson, Malwarebytes
Published: January 8, 2009

By: william
Views: 639
Comments: 0

Print Print

Vundo Trojan: a good Malware lesson

Greetings Visitor or potential customer,

I want to talk to you about my recent experience with a very tough malware (see the wiki definition of malware) application to get rid of, Vundo. Before I get a head of myself and perhaps bore you with some technical terms about malware I want to describe what happened to my system, how I discovered it and what steps I did pulling my hair out to get rid of something so vicious I didn’t understand it.

This little monster (Vundo) comes in many variants, but ultimately does pretty much the same thing. Vundo (wiki article on Vundo) appears to be a morphing virus, that is, a virus that alters it’s symptom or location of its files that it infects. However this is not the case it is simply a very nasty Trojan (webopedia definition), no not the condom, the fabled Trojan horse story in which the Greeks hidden inside a large wooden horse convincing their enemies, the Trojans, that the horse was a gift, but inside were lots of Greek soldiers that came out after dusk to take over the city of Troy. You’ll see in a minute why this historic reference is very significant.

On with my experience…well actually this is my second experience, the first came from my home computer, which ran assorted antivirus, windows defender and other packages to fend off malware. Some how this little bugger GETS PAST ALL of it, in my first experience it took me a week to figure out what the hell was going on with my computer. My second experience was much better as I recognized the tall tale signs before it wrecked havoc on my new system.

This second experience was a shock, as I was very curious as to how it got there, read on and I'll explain. So I built a brand new Core Duo system on the new EGVA nForce 730i board (this is a great mother board for midlevel performance computing!), installed Windows XP SP3 media [slipstreamed] (this mother board requires at least XP service pack 2 media to install) and proceeded with the next 3 hours of my life installing even more updates from Microsoft.

Now just to be sure you are following me I installed XP Service Pack3 (SP3), then the Motherboard drivers that came with the motherboard, since the network was working now I went to Microsoft to do the many updates after SP3 . I then installed my CORPORATE AntiVirus from Symantec (yes the latest version), I then installed Windows Defender (a nice little anti-malware program that catches stuff Symantec's product doesn't, HELLO SYMANTEC are you listening, Microsoft ONE upped YOU!) BTW if you download Windows Defender, you must use Internet Explorer 5.5+ as no other browser will be allowed to interface with Microsoft.

WEEEE isn't this fun? Okay so now my system has the latest of everything to help keep it relatively secure, WRONG! Please if your system has anything less on it than what I have described and you use the Internet quite a lot, or visit the social pages like MySpace, you need to look at my MALWARE ARTICLE and DO AN ONLINE SCAN on your system NOW! Chances are good you have something you don't know about....the worst is a key logger, something that logs all your typing, you know your credit card numbers, bank account passwords, etc.. and sends them off to be sold and you get stuck holding the bag....BTW BEFORE this happens, please take a look at PrePaid Legal's Identity Theft protection services, much better than Life Guard, Life Lock, and various others by the simple reason they won't charge you up front or AT ALL for their services other than your normal monthly fee oh and you don't have the support of a large law firm to assist with possible legal battles resulting from your identity being stolen..

Okay where was I...oh yea all "security" updates done for XP, Symantec and Defender. I now start installing all my software from the media CD's and doing their updates...another fun 4 hours.

After all of that one of my employees came to me to ask if I can order something from our web vendor, I figured since my computer was running why not (BTW it hadn't YET joined the Domain or accessed any files from the Domain). I went to our vendors website and it stated that I needed to install the Java Virtual Client so that I can access their interface (which is true), however in doing this I got this bug, one I did not even know about until the next morning.

The next morning I am excited to use my new power house PC (compared to the last one) and noticed something odd the moment I went to Microsoft's update site (it was after patch Tuesday after all), which didn't come up, something on the screen said I didn't have Internet access. Well thats when I noticed something was wrong...pop-ups started left and right and I was using Firefox (yea I know I said I went to Microsoft's site, but out of habit I launched Firefox 3.0.5 by mistake). I thought Firefox doesn't allow this type of action and that's when I noticed it was Internet Explorer windows being opened with ads to all sorts of fun things to do on the Internet. I realized I had the Vundo virus when the Microsoft Update site failed to come up even in IE7, parts of Symantec's site failed to come up and the online scanner sites, well they just would't pop up.

The first thing this little sucker, Vundo Trojan does is go to the Web and start downloading spyware and malicious files, then makes unwanted shortcuts on your desktop and nixes your access to system resources and privileged areas like the command prompt, Control Panel, and editing the Registry. See why I lost my mind on my first experience and why it took a week for me to figure out? It kept downloading "buddies" for which my A/V software and Defender promptly got, but missed the Vundo soul.

So let me list off some of the possible symptoms so you can be educated as well.

  • Vundo will cause the infected web browser to pop up advertisements; many of which claim a need for software to fix system "deterioration".
  • The desktop background is changed to the image of an installation window saying there is adware on the computer.
  • The screensaver is changed to the Blue Screen.
  • In the Display Properties Control Panel, the background and screensaver tabs are missing because their "Hide" values in the Registry were changed to 1.
  • Both the background and screensaver are in the System32 folder, however the screensaver cannot be deleted.
  • Windows Automatic Updates (and other web-based services) may also be disabled and it is not possible to turn them back on.
  • Infected DLLs (with randomized names such as "__c00369AB.dat") will be present in the Windows/System32 folder and references to the DLLs will be found in the user's start up (viewable in MSConfig), registry, and as browser add ons in Internet Explorer.
  • Vundo may attempt to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager or Windows registry editor.
  • Some firewalls or antivirus software may also be disabled by the virus leaving the system even more vulnerable.
  • Another symptom of Vundo may be the desktop icons and taskbar will disappear and reappear after a short period. This becomes very frustrating for the user, as starting processes are automatically aborted.
  • In addition, popular anti-malware programs such as Spybot or malwarebytes' Anti-malware (wiki article on malwarebytes) may be deleted or immediately closed upon loading, on one recently infected machine the "TeaTimer" component of Spybot Search and Destroy was deleted between reboots. A workaround is to copy or rename the executable, giving it a random name, this bypasses the automatic shutdown defenses of Vundo, allowing the scan to run.
  • Web access may also be negatively affected. Vundo may cause many websites to be inaccessible.
  • The hard drive may start to be constantly accessed by the winlogon process, thus periodic freezes may be experienced.

Are you saying to your self "Hey those symptoms seem familar?"

I might have the vundo, HOW in the HELL do I get rid of this?

Many sites will point you to a file called "vundofix.exe", which will work for some of the vaiants out there, others will even say get a copy of "HijackThis" as it will tell you everything running on your computer and you can find the infected files that way. Yea, Okay, you can do this and WASTE a WEEK like I did with my first experience. Just above two programs were listed, Spybot and malwarebytes. I can tell you from experience as a computer consultant chasing viruses and other malware from dozens of client machines, that Spybot has SO MANY infected copies including the Vundo Trojan, I would caution you to stay away from that solution.

Malwarebytes

Malwarebyte's is your SOLUTION!

They give this sucker away for free, why? because many other companies purchase their solutions, big anti-malware companies AND if you want TOTAL PROTECTION you would purchase it, because while the free one scans and gets rid of ALL not some, but ALL of its findings, it's not as powerful as the paid version. Whats the difference? Simple ACTIVE PARTICIPATION. The paid version actively runs on your computer and PREVENTS bugs like Vundo from actually rooting on your PC....you know that thing you like to play on and are reading right now.

Cool, this article helped, but how do I best protect myself from stuff like this in the future?

STEPS After you are Clean

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to disable and re-enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
    Better YET use FIREFOX Get FireFox3 (click on the image)
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Malwarebytes - if you haven't, then you should (get it HERE) and DO NOT INSTALL Ad-Aware, unless it is the Professional Paid program that you download from their site, many Free versions I have seen come with some Trojan attached. AND for GOD's SAKE for ANY REASON install Spybot Search and Destroy, this is a free program and while they have made good strides over the years, it's still a big risk. IF MONEY is tight, make your options for the Free products, but put Malwarebytes bytes at the TOP of your list or Ad-Aware (only from their site) and NEVER Spybot.

    Get ANTI-MALWARE Software TODAY!

    Malwarebytes

Follow this list and your potential for being infected again will reduce dramatically.

I certainly hoped that you have gained some knowledge from this rather lengthy article, but it's better to be safe than sorry, or an ounce of prevention is worth a pound of cure....or fit what ever analogy you wish....just do something to protect your computer, your data and hopefully your Identity.

Best Wishes

William

Article References: Wiki (malware), Wiki (vundo), Webopedia (Trojan Horse), HowToHaven (Slipstreaming), Microsoft Security Encyclopedia, Wiki(Malwarebytes), BleepingComputer.com, malware Removal Forum

Read More

View Comments (0)

 

 
 
Malwarebytes

Destroying malware, one byte at a time

Read this Vundo Trojan: a good lesson, Malwarebytes STORY about Malware and why you should take it seriously.
 


Optimize your System

Uniblue RegistryBooster
Clean, repair and optimize your system with the industry leading and award-winning Registry Booster 2009

Utilities to help speed up your PC!


Maximize system performance

Uniblue SpeedUpMyPC
Turbo charge your systems performance. Increase internet speed and improve privacy with SpeedUpMyPC 2009

Utilities to help speed up your PC!


How outdated are your PC's drivers?

Uniblue DriverScanner
Scan, backup and update your PC's drivers with DriverScanner 2009

Utilities to help speed up your PC!

 
AdAware
Read this Vundo Trojan: a good lesson, STORY about Malware and why you should take it seriously.
 
 
SoCalCreations Services

Articles


Company
Graphics
Resources
Training Center
Site Design
Web Services

  • Computer
  • Marketing
  • Motivational
  • SEO Articles
  • Web Design

  • About Us
  • Info/Contact Us
  • Web Portfolio
  • Services
  • Link To Us

  • Graphics
  • Graphic Design
  • Custom Buttons
  • Website Banners
  • Custom Graphics

  • Site Map
  • SEO Feeds
  • Website Tools
  • Anti-Malware
  • FREE Software!

  • SEO Tutorials
  • SEO Techniques
  • Website Marketing
  • Web Development

  • Site Design
  • Investment cost
  • Small Business
  • Motorcycle Sites
  • Brochure Website

  • SEO Consulting
  • Website Review
  • Business Planning
  • Internet Marketing
  • Stock Photography

PrePaid Legal Services: The Product | The Opportunity | Testimonials | Facts and Proof | We're Growing! | Protect and Grow your Small Business

Site Information:
Privacy Policy | Terms & Conditions
 
Created and Maintained by ©2007-2009 SoCalCreationsTM. All Rights Reserved. Website powered by Subdreamer CMS | Skin by SDDepot.com | SEO by SoCalCreations
    View William Burdine's profile on LinkedIn    SoCalCreations profile on AboutUs    SoCalCreations profile on MeetUp.com    SoCalCreations profile on Squidoo.com    Williams PrePaid Legal Page    seo software    Get Firefox and explore the Internet Faster!         
Site optimized for 1024x768
Cookie set for UniBlue purchase if they found it through our site.