Go Down
-
Watch out for Vundo (MS Juan) trojan!!!!!! by THier on 06 Mar, 2009 04:06
-
I run pretty darn good firewalls, anti viruses, and spyware programs. BUT Vundo!GB nailed me good. I got a warning from McAffe about the trojan, and it was reported to be cleaned, so I let it go,,, a couple of days later all hell broke loose, Boot up problems,, system slow downs and all and all crappy machine. So I ran Malwarebytes, it said Vundo was still there, and it was remove by MB. Then things got worse, Blue screen of death on boot up, I was able to Safe mode the machine, ran anti virus, all seemed ok. I was able to reboot, and reran anti virus, Vundo was gone,,, or so I thought. I tried to run MB and it wouldn't run, I loaded MB on a thumb drive, (from a clean machine) and tried to run it,,, it wouldn't run. Tried some other maleware programs, they would run once, but never again. Then I started to get PCI.sys errors on startup. Damn. I decide I had had enough,, what better time to upgrade the HD. I bought a new drive, installed it tried to install windows XP Pro. Got the PCI.sys error again. WTH?
? I did some searches on google with the exact error codes, and it seems XP Pro SP 1 and SP2 won't recognize SATA drives. DAMN DAMN DAMN DAMN. It seems that somehow Vundo removed or corrupted my SP3!!! I dug through my box of OSs' and found a copy of XP Media center SP3,, I am rebuilding the machine now.
Here is the kicker,, I have Ghost images of 3 of my machines, ("big" laptop,( Inspiron 9300), wifes laptop, and desktop) but not this machine. Latitude D620. I got a great deal on this laptop,, and didn't really know how nice this machine was, until I started to search for drivers. This laptop was to be used as a "throw away" as I got it for around $100, to use as a tuning laptop for my car. When I get it done, all important software loaded and updated, you can bet your sweet bippy I will be making a Ghost of it. Oh when I got it, it had a 60gig drive and 1 gig of ram. I got a 250gig SATA drive for $80 (Seagate) and 4gig of RAM $48 (Kingston) for it so now it s a pretty potent machine. It has the nVidia mother bd in it as well.
I have no idea how the trojan got me, I don't open attachments unless I am expecting them, or trust who they come from, I don't fall for the "you computer is infected click here" popups that make it past my blocker. The only funny thing that I question is about a year ago, while on my cardomain page my machine came under attack, but I thought it was blocked. I wonder if Vundo sat dormant for a year.
Basically watchout, If you think something has atacked your machine, run all anti viruses immediately, run malware programs IMMEDIATELY, and if you want an easy restore,, run something like Norton Ghost, which is a great program, if you set it up right, you can replace a bad harddrive, and be restored in 45 - 60mins, instead of days of rebuilding.
Tom
PS any want a 60gig SATA drive, I can't guarantee it is clean
-
#1 by Alexander215 on 06 Mar, 2009 20:27
-
Bro I've never seen a xp with sp1 or sp2 not recognize a sata harddrive. Thats a strange one.
As for Vundo, personally I LOVE it because it keeps coming back on unwary [uneducated really] peoples machines, and then they come to me to fix it
The trojan that was propagating through MSN messenger was a real money maker too. -
#2 by THier on 07 Mar, 2009 03:55
-
Bro I've never seen a xp with sp1 or sp2 not recognize a sata harddrive. Thats a strange one.
While I was doing research on my problem, this info came to light. When I tried my XP ME it loaded up right away.As for Vundo, personally I LOVE it because it keeps coming back on unwary [uneducated really] peoples machines, and then they come to me to fix it
The trojan that was propagating through MSN messenger was a real money maker too.
So what is the repair for it?
When my wifes machine was infected with Winfixer, I had that cleaned up pretty quick with mbam. Vundo!GB was another story. When I tried to run a defense against it, it would allow it to run one time only, then it would disable it. Oh well,, got a bigger drive out of it, so all is not too terrible,, I guess.
Tom -
#3 by Alexander215 on 07 Mar, 2009 12:17
-
Bro I've never seen a xp with sp1 or sp2 not recognize a sata harddrive. Thats a strange one.
While I was doing research on my problem, this info came to light. When I tried my XP ME it loaded up right away.As for Vundo, personally I LOVE it because it keeps coming back on unwary [uneducated really] peoples machines, and then they come to me to fix it
The trojan that was propagating through MSN messenger was a real money maker too.
So what is the repair for it?
When my wifes machine was infected with Winfixer, I had that cleaned up pretty quick with mbam. Vundo!GB was another story. When I tried to run a defense against it, it would allow it to run one time only, then it would disable it. Oh well,, got a bigger drive out of it, so all is not too terrible,, I guess.
Tom
The problem with Vundo is it's dynamic nature. When cleaning Vundo I use Vundofix by Attribune, it's freeware. Then I use HijackThis to scan for any suspicious files related to it, reboot, run VundoFix in safemode just to be sure. If that fails, I backup their pertinent information free (rarely do I have to do this) extract their Windows serial and format and do a fresh install. Often times they prefer this just because their machine will be faster after anyway.
-
#4 by Hook'Em on 07 Mar, 2009 12:53
-
Quick fix for all those PC viruses:
wait for it........
wait for it........
MAC! lol