Trojan.vundo

PsyOps

PsyOps

Pixelated
This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA
 
G1G4

G1G4

Find em Hot, Leave em Wet
Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps. :buddies:
 
R

RadioPatrol

Guest
PsyOps said:
This is an old piece of malware and my daughter got it on her PC. It adware causes a cascading problem with pop-ups. Symantec claims they have a fix (FixVundo.exe) that doesn't work. There are a couple other fixes that out there that also didn't work. She also ran a full scan (in safe mode) with Symantec AV, Adaware, AVG and Spybot and none of them seem to clean the problem.

Do any of you techies have any info on a fix for this? Any specific registry entries that need to be cleared out; any programs that would have installed as a result?

TIA
Click to expand...


Try Counter Spy / Vipre from Sunbelt Software ....
 
PsyOps

PsyOps

Pixelated
G1G4 said:
Malwarebytes should fix it. However, scan through the registry and look for any entries containing the word(s) 'MS Juan.' Also, make sure any and all programs you don't know are deleted. Common entries in the registry are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Hope it helps. :buddies:
Click to expand...

This is what I was looking for. I couldn't find any of this on the web. I knew there were registry entries, just didn't know what they were. Thanks.

:buddies:
 
R

RadioPatrol

Guest
PsyOps said:
It's a shame you have to run 50 scanning products to remove a stinking intrusion on your PC. :jameo:
Click to expand...

:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...
 
clevalley

clevalley

...
RadioPatrol said:
:lmao:


sorry that was funny .... I know what your talking about, I only use the one, now ... since Sunbelt upgraded CS to include Viruses .... I only need the one app ...
Click to expand...

We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff. :yay:
 
PsyOps

PsyOps

Pixelated
clevalley said:
We are migrating to Symantec Endpoint Protection (11) as we redo machines. It seems like REALLY good stuff. :yay:
Click to expand...

I with the DoD and they haven't authorized it yet. Still stuck on 10. But I'm not convinced anything they put would be a reliable, all-encompassing product.
 
clevalley

clevalley

...
GWguy said:
We just migrated AWAY from Symantec to Sophos for AV and firewall. It has caused us techs nothing but grief.
Click to expand...

Wow, we have deployed the Enterprise Server and push the clients and updates all day long... it is slicker' than snot. :yay:

PsyOps said:
I with the DoD and they haven't authorized it yet. Still stuck on 10. But I'm not convinced anything they put would be a reliable, all-encompassing product.
Click to expand...

I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...
 
GWguy

GWguy

*
clevalley said:
Wow, we have deployed the Enterprise Server and push the clients and updates all day long... it is slicker' than snot. :yay:



I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...
Click to expand...
I liked Symantec, not sure why the company decided to move away from it. We had been using Proventia for the firewall in conjunction, all was right with the world. From teh first push of Sophos, we've been in fire alert mode. Everything was broken, IE connections, VPN would hang or not connect, and on and on...... I'd go back to SAV in a second, but not my choice.
 
PsyOps

PsyOps

Pixelated
clevalley said:
I work under Office of Naval Research (ONR) and we are authorized under a Navy Volume Enterprise License. :shrug:

10 is good, but 11 goes WAY beyond providing AV and Spyware Protection / Proactive Threat Protection / Network Threat Protection.

I have hit the trigger a couple of times on the Network Threat Protection port scanning my own box (testing), and have triggered the Proactive Threat Protection downloading a shareware tool which was tainted with Spyware - it picked it up before I installed it...
Click to expand...

Perhaps it's just an AF thing then. I thought 10 was DoD wide. I manage our Symantec platform and feel it's a bit of a pain. I have yet to get the remote client install to work. I was able to get it to work in our lab but on the live network the server will not authenticate with the client PCs. So I have to do local installs on our machines. Thankfully we don't have very many.
 
clevalley

clevalley

...
PsyOps said:
Perhaps it's just an AF thing then. I thought 10 was DoD wide. I manage our Symantec platform and feel it's a bit of a pain. I have yet to get the remote client install to work. I was able to get it to work in our lab but on the live network the server will not authenticate with the client PCs. So I have to do local installs on our machines. Thankfully we don't have very many.
Click to expand...

I remember the 10 server, but normally I installed the client locally and told the software it was managed, and gave it the name of the AV server... I never did a push from 10.

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:

I would be the AF has not yet "approved" the Symantec 11 platform yet - by the time they are done with that they will be over-budgeted and version 12 will be out. :lmao:
 
PsyOps

PsyOps

Pixelated
clevalley said:
I remember the 10 server, but normally I installed the client locally and told the software it was managed, and gave it the name of the AV server... I never did a push from 10.

11 you do not have a choice, you must deploy from the AV server even on a new install - it is not bad once you get use to it.... you can install the client separately, but it is unmanaged. And we're not running Active Directory. We have a rather archaic setup until we can get approved to set up our own domain. Hard to explain.

11 hooks itself into your Active Directory Domain and you can search for a single computer, groups of computers or all computers - based on machine name, partial name, IP or IP range. It is really kewl :yay:
Click to expand...

Well, I figured out the problem with remote install. There was a computer security policy setting that was wrong. I manage a fairly small local network so there aren't that many workstations to deal with that I couldn't do a local install. It was just nice to do be able to a remote and hit 10 workstations at the same time rather than go to each individually to load Symantec. We're currently not on an Active Directory. We have a bit of an archaic setup until we can get approved to be on our own domain. It's a political thing that's kind of hard to explain.

clevalley said:
I would be the AF has not yet "approved" the Symantec 11 platform yet - by the time they are done with that they will be over-budgeted and version 12 will be out. :lmao:
Click to expand...

You probably already know how right you are about that. Very frustrating.
 
Last edited:
You must log in or register to reply here.
Top