Trojan.vundo

[PsyOps]

This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA

[lam2]

I just had the same issue on my computer last week.

I ran malwarebytes' anti-malware

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

Then ran ccleaner

CCleaner - Home


Only took about an hour and now all is good!

[PsyOps]

Quote:

Originally Posted by lam2

I just had the same issue on my computer last week.

I ran malwarebytes' anti-malware

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

Then ran ccleaner

CCleaner - Home


Only took about an hour and now all is good!

Cool. We'll give that a try. Thanks.

[G1G4]

Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps.

Quote:

Originally Posted by PsyOps

This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA

Try Counter Spy / Vipre from Sunbelt Software ....

[PsyOps]

Quote:

Originally Posted by G1G4

Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps.

This is what I was looking for. I couldn't find any of this on the web. I knew there were registry entries, just didn't know what they were. Thanks.

[PsyOps]

Quote:

Originally Posted by RadioPatrol

Try Counter Spy / Vipre from Sunbelt Software ....

It's a shame you have to run 50 scanning products to remove a stinking intrusion on your PC.

Quote:

Originally Posted by PsyOps

It's a shame you have to run 50 scanning products to remove a stinking intrusion on your PC.

sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

[clevalley (Premo)]

Quote:

Originally Posted by RadioPatrol

sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff.

[GWguy]

Quote:

Originally Posted by clevalley

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff.

We just migrated AWAY from Symantec to Sophos for AV and firewall. It has caused us techs nothing but grief.