nasty trojan:win32/vundo.gen!bd

[wiak]

use MalwareBytes Anti-Malware, it removes all the crap and its free!
http://www.malwarebytes.org/mbam.php

 

[Mussels]

antivirus reccomendations always boil down to three.

kaspersky, nod32, malwarebytes.

Thats pretty much their order of popularity, and the order of preference i have. kaspersky is dirt cheap on ebay (2009 keys work on the latest 2010 version, so you can buy the older ones even cheaper)

 

[wiak]

anti-virus = NOD32
anti-crapware = MalwareBytes Anti-Malware
for me

 

[Mussels]

I just installed malwarebytes, and decided that i still dont like it. it may be great at detecting things, but it uses scare-monger tactics on harmless things.

On a fresh windows 7 install i've been warned i have an "infected" "bad" item - and you know what it was? a registry key mis-detected. Something about a policy for "noactivedesktopchanges" which is default in windows 7.

False positives and making small issues appear to be large ones, is the best way to get me to blacklist a program and refuse to use it. Malwarebytes is still on my shitlist.

 

[laszlo]

i once had vundo and no matter what tools used the system remain affected even if you don't have the virus anymore;only a fresh install help or a restore from back-up if available

good luck!

 

[Mussels]

i once had vundo and no matter what tools used the system remain affected even if you don't have the virus anymore;only a fresh install help or a restore from back-up if available

good luck!

vundo is nasty. i've had to clean it off other peoples machines several times, the vundo fix tool i listed is the only one that ever did the trick. Its because vundo opens the door to many other viruses, and thats the only tool designed to get not just vundo, but the crap it downloads too (which often is the cause for re-downloading vundo, and the source of reinfection)

 

[laszlo]

vundo is nasty. i've had to clean it off other peoples machines several times, the vundo fix tool i listed is the only one that ever did the trick. Its because vundo opens the door to many other viruses, and thats the only tool designed to get not just vundo, but the crap it downloads too (which often is the cause for re-downloading vundo, and the source of reinfection)

i used the same tool also but this virus is so well made.. it makes subtle changes to os and the general functionality will be degraded after removal (slower boot, programs open time even game fps decrease) that's why i preferred fresh install; of course this depend on the user decision after removal

 

[InnocentCriminal]

Malwarebytes really kicks the lama's ass.

Or something.

 

[laszlo]

Malwarebytes really kicks the lama's ass.

Or something.

i agree with you but in the hand of a novice user it may make more damage than good

it has the tendency to delete-clean more than necessary from system and program files

i used it a few times and the results wasn't the expected ones so i'm a novice also i admit;only with online assistance from the site can be used acceptably.

 

[InnocentCriminal]

That is completely weird, I've never seen Malwarebytes give a false positive. I whole heartedly disagree it uses scare tactics. We like so much at work we use it when some tardo messes their machine up by visiting dirty sites.

I don't know how I managed without Malwarebytes tbh, I love NOD32 but Malwarebytes is definitely an essential item for me now. I don't use any AV just a hardware firewall and MB.

 

[Mussels]

That is completely weird, I've never seen Malwarebytes give a false positive. I whole heartedly disagree it uses scare tactics. We like so much at work we use it when some tardo messes their machine up by visiting dirty sites.

I don't know how I managed without Malwarebytes tbh, I love NOD32 but Malwarebytes is definitely an essential item for me now. I don't use any AV just a hardware firewall and MB.

well it tells me it has found "infected" files, when its talking about the registry. to me, Infected means something has attached itself to an existing file, adding malicious code and such.

After i click show results, it tells me about this "bad" file.

well actually, no it doesnt tell me squat.

My infected, bad file is... what? from what that says, a registry key is infected and wants to hijack my display properties.

 

[InnocentCriminal]

I still wouldn't say that's scare tactics, it's obviously stating that the original registry key has been hi-jacked/modified. If it concerns you so much, why not email Malwarebytes and ask for an explanation or even tell them how they could change this.

 

[laszlo]

thanks Mussels but if you make a deep scan with different settings i'm sure will find more

 

[Mussels]

I still wouldn't say that's scare tactics, it's obviously stating that the original registry key has been hi-jacked/modified. If it concerns you so much, why not email Malwarebytes and ask for an explanation or even tell them how they could change this.

thats obviously whats happened, but its NOT what the program says. the program is saying i have an 'infection'

Infection vs. registry key not on default.... cmon. the program is just comparing reg keys to a database from a stock windows install, and crying INFECTION if it sees something thats changed. thats hardly going to work on a system if you change settings yourself.

thanks Mussels but if you make a deep scan with different settings i'm sure will find more

Why yes it did. it found a file i renamed to keygen.exe for laughs, and claimed it was infected too.

Kaspersky disagrees.

I ran the test again, making a copy of the file with a different name - what do you know, it wasnt detected. Bravo malwarebytes... you can tell its a virus by looking at the name.

I've uploaded the file (with both names) to http://www.filterbit.com i'm waiting on its results. i bet you $5 its clean.

Filterbit currently uses Metascan® antivirus engines from CA (Computer Associates), Norman Data Defense Systems, ClamAV, ESET, Microworld and VirusBuster.

edit: well the test just keeps looping on that site, but i'm willing to upload it to any others you suggest.

I'm sorry guys, at this point theres nothing you can do to convince me of anything, other than the fact this program is a piece of crap.

 

[InnocentCriminal]

^^

Fair enough, nice work Mussels.

 

[Iarwain]

Malwarebytes plus the vundo removal tool got that crap off my system. I'm sold on it.

 

[JanJan]

hey i got another problem. anytime i use internet for like 5min or so, i got a bsod.
The error code is something IRQL_....... i'm not sure about the rest of the code cuz it flashs too fast. Is there an option in bios to set it not to reboot immediately after bsod ?

Anyway, anyone have clue on that IRQL_....

 

[laszlo]

you can't fix all the vundo damage...

 

[thoughtdisorder]

VUNDO is nasty.....If you can, reformat and call it a a day..................

 

[{JNT}Raptor]

SUPERAntiSpyware cleaned VUNDO off of a rig I was working on....no issues with that rig since(6 months).....liked it so much......I bought it.

Hope it helps.

 

[Mike0409]

Vundo is a pain to remove but you can repair most of the damage that it has caused via the Recovery Console and SFC after the virus has been removed.

I've always had good luck with Combofix, the Vundo Removal Tool, (Malwarebytes is and up and down for me...sometimes it doesn't detect shit other times it gives a lot of False Positives), Avira work's well for a free AV.

SuperANTIspyware is a good final cleaning tool.

www.bleepingcomputer.com also has a ton of walkthrough's on how to kill pesky annoying virus's.

 

[DRDNA]

Download malewarebytes http://filehippo.com/download_malwarebytes_anti_malware/download/0183b13df8587a49060b35c937c73372/
install it get the updates reboot into safe mode and run full scan and remove findings reboot into safe mode again and do the same till there are no findings..If your PC will not allow malwarebytes to install you will need to remove the harddrive and scan it with a different PC then install drive back in your rig and install malwarebytes and do the first set of instructions above.GL

 

[DRDNA]

well it tells me it has found "infected" files, when its talking about the registry. to me, Infected means something has attached itself to an existing file, adding malicious code and such.

http://img.techpowerup.org/090710/Capture009439.jpg


After i click show results, it tells me about this "bad" file.

http://img.techpowerup.org/090710/Capture010705.jpg

well actually, no it doesnt tell me squat.


http://img.techpowerup.org/090710/Capture011496.jpg

My infected, bad file is... what? from what that says, a registry key is infected and wants to hijack my display properties.

I want my scans to report all keygens too some people don't but they use to be an issue with keygens being infected ,not so much now days though...also I believe the display reading is because of some setting that that is keeping your display options from a hijack and that is the same as a highjack...yes a true false positive for sure but if it wasn't a policy you wanted on your PC I would think you would like to be notified that it was there and then you are able to decide if it real or not.

 

[Mussels]

I want my scans to report all keygens too some people don't but they use to be an issue with keygens being infected ,not so much now days though...also I believe the display reading is because of some setting that that is keeping your display options from a hijack and that is the same as a highjack...yes a true false positive for sure but if it wasn't a policy you wanted on your PC I would think you would like to be notified that it was there and then you are able to decide if it real or not.

both reports are false positives. why would i want to be notified about something thats a default setting in windows, and told its an INFECTION. Same again with the keygen.exe... no matter what you say, this program is assuming its a virus by name alone - renaming it makes it no longer an "infection" so does that mean viruses can slip by this program by changing their names too?