This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA

I just had the same issue on my computer last week.

I ran malwarebytes' anti-malware

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html)

Then ran ccleaner

CCleaner - Home (http://www.ccleaner.com/)


Only took about an hour and now all is good!

I just had the same issue on my computer last week.

I ran malwarebytes' anti-malware

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html)

Then ran ccleaner

CCleaner - Home (http://www.ccleaner.com/)


Only took about an hour and now all is good!

Cool. We'll give that a try. Thanks.

Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps. :buddies:

This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA


Try Counter Spy / Vipre from Sunbelt Software ....

Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps. :buddies:

This is what I was looking for. I couldn't find any of this on the web. I knew there were registry entries, just didn't know what they were. Thanks.

:buddies:

Try Counter Spy / Vipre from Sunbelt Software ....

It's a shame you have to run 50 scanning products to remove a stinking intrusion on your PC. :jameo:

It's a shame you have to run 50 scanning products to remove a stinking intrusion on your PC. :jameo:

:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff. :yay:

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff. :yay:

We just migrated AWAY from Symantec to Sophos for AV and firewall. It has caused us techs nothing but grief.

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff. :yay:

I with the DoD and they haven't authorized it yet. Still stuck on 10. But I'm not convinced anything they put would be a reliable, all-encompassing product.

:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

Sunbelt? Haven't heard of it. I'll have to check it out.

:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

Are you using Vipre?

We just migrated AWAY from Symantec to Sophos for AV and firewall. It has caused us techs nothing but grief.

Wow, we have deployed the Enterprise Server and push the clients and updates all day long... it is slicker' than snot. :yay:

I with the DoD and they haven't authorized it yet. Still stuck on 10. But I'm not convinced anything they put would be a reliable, all-encompassing product.

I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...

Sunbelt? Haven't heard of it. I'll have to check it out.

Sunbelt Software (http://www.sunbeltsoftware.com/)has a lot of nice tools and utilities - great stuff. :yay:

Even the freebie's are worth a download and look at.

Wow, we have deployed the Enterprise Server and push the clients and updates all day long... it is slicker' than snot. :yay:



I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...
I liked Symantec, not sure why the company decided to move away from it. We had been using Proventia for the firewall in conjunction, all was right with the world. From teh first push of Sophos, we've been in fire alert mode. Everything was broken, IE connections, VPN would hang or not connect, and on and on...... I'd go back to SAV in a second, but not my choice.

I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...

Perhaps it's just an AF thing then. I thought 10 was DoD wide. I manage our Symantec platform and feel it's a bit of a pain. I have yet to get the remote client install to work. I was able to get it to work in our lab but on the live network the server will not authenticate with the client PCs. So I have to do local installs on our machines. Thankfully we don't have very many.

Perhaps it's just an AF thing then. I thought 10 was DoD wide. I manage our Symantec platform and feel it's a bit of a pain. I have yet to get the remote client install to work. I was able to get it to work in our lab but on the live network the server will not authenticate with the client PCs. So I have to do local installs on our machines. Thankfully we don't have very many.

I remember the 10 server, but normally I installed the client locally and told the software it was managed, and gave it the name of the AV server... I never did a push from 10.

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:

I would be the AF has not yet "approved" the Symantec 11 platform yet - by the time they are done with that they will be over-budgeted and version 12 will be out. :lmao:

I remember the 10 server, but normally I installed the client locally and told the software it was managed, and gave it the name of the AV server... I never did a push from 10.

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged. And we're not running Active Directory. We have a rather archaic setup until we can get approved to set up our own domain. Hard to explain.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:

Well, I figured out the problem with remote install. There was a computer security policy setting that was wrong. I manage a fairly small local network so there aren't that many workstations to deal with that I couldn't do a local install. It was just nice to do be able to a remote and hit 10 workstations at the same time rather than go to each individually to load Symantec. We're currently not on an Active Directory. We have a bit of an archaic setup until we can get approved to be on our own domain. It's a political thing that's kind of hard to explain.

I would be the AF has not yet "approved" the Symantec 11 platform yet - by the time they are done with that they will be over-budgeted and version 12 will be out. :lmao:

You probably already know how right you are about that. Very frustrating.

Are you using Vipre?

Yes ...

Wow, we have deployed the Enterprise Server and push the clients and updates all day long... it is slicker' than snot. :yay:



Sunbelt has an enterprise version of Vipre .... wanna Quote ?

:whistle:

I remember the 10 server, but normally I installed the client locally and told the software it was managed, and gave it the name of the AV server... I never did a push from 10.

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:

I would be the AF has not yet "approved" the Symantec 11 platform yet - by the time they are done with that they will be over-budgeted and version 12 will be out. :lmao:


IMHO - Ok that is dumb as a box of Rocks

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:

Unless you're running sort of quarantine tool that puts workstations into that quarantine (can't access the network until it has all proper patches, updates, etc...) area until Symantec installs the client I think it's pretty dangerous to put a workstation on a network without AV protection on it. You must have a very controlled network. Why would Symantec remove the option to install a client locally and have it managed?

I agree with Radio, that's pretty dumb.

IMHO - Ok that is dumb as a box of Rocks

Unless you're running sort of quarantine tool that puts workstations into that quarantine (can't access the network until it has all proper patches, updates, etc...) area until Symantec installs the client I think it's pretty dangerous to put a workstation on a network without AV protection on it. You must have a very controlled network. Why would Symantec remove the option to install a client locally and have it managed?

I agree with Radio, that's pretty dumb.

:lol: I do agree, it is pretty stupid as we install machines then lay in the utilities and we see NAV as a utility... now, we just log into the AV server and push the client.

From an Enterprise point of view it makes sense, but when you are deploying onesie-twosie machines it is a PITA.

They should have left the option to pick managed or unmanaged like they did in v10. :yay:

Sunbelt has an enterprise version of Vipre .... wanna Quote ?

:whistle:

We get SAV/NAV McAffee corporate under Navy Volume Licensing - we are good to go. :buddies:

Sunbelt Software (http://www.sunbeltsoftware.com/)has a lot of nice tools and utilities - great stuff. :yay:

Even the freebie's are worth a download and look at.

Well, I'm about to give up on Vipre. It wont download. Not a good sign for me.

Well, I'm about to give up on Vipre. It wont download. Not a good sign for me.



Hmm do you have neighbor or close by friend with a computer you can download it to a thumb drive ?


link problems maybe:


Vipre (http://go.sunbeltsoftware.com/?linkid=411)

Hmm do you have neighbor or close by friend with a computer you can download it to a thumb drive ?


link problems maybe:


Vipre (http://go.sunbeltsoftware.com/?linkid=411)

I was able to get it from another PC. Not sure what the deal is with mine. I'm on Comcast and downloading shouldn't be a problem. Now I hope I can the latest definitions without a problem.

Thanks.

I was able to get it from another PC. Not sure what the deal is with mine. I'm on Comcast and downloading shouldn't be a problem. Now I hope I can the latest definitions without a problem.

Thanks.

email or call tech support for the direct download of the updates I had to do that for a Customer PC once

Well, I tried Vipre, AVG, Spybot, SAV, Symantec's fixVundo, Vundofix, Adaware, and a couple of others, that I can't think of now, and nothing would remove this virus except Malwarebyte's Anti-Malware (http://www.malwarebytes.org/mbam.php).

So, if anyone gets this trojan that's what I recommend.