tag:blogger.com,1999:blog-8371275769923656244.post5998932132406962578..comments2023-10-30T05:16:21.233-11:00Comments on Leecher Mods: Trojan:Win32/Vundo.gen!IReconhttp://www.blogger.com/profile/06503028238011791604noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-8371275769923656244.post-89367040995558365482008-06-07T06:42:00.000-11:002008-06-07T06:42:00.000-11:00try now:Definition Update for Windows Defender - K...try now:<BR/>Definition Update for Windows Defender - KB915597 (Definition 1.35.118.0) <BR/>Install this update to revise the definition files used to detect spyware and other potentially unwanted software.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-1545829732143482972008-06-06T19:58:00.000-11:002008-06-06T19:58:00.000-11:00I try online scan withhttp://www.kaspersky.com/vir...I try online scan with<BR/>http://www.kaspersky.com/virusscanner<BR/>But I get this errors:<BR/><A HREF="http://www.bildhoster.de/uploads/07.06.2008_08:56:31_onlinescannererror.jpg" REL="nofollow">OnlineScann Error Screenshot</A>Reconhttps://www.blogger.com/profile/06503028238011791604noreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-29666422562396882752008-06-06T18:27:00.000-11:002008-06-06T18:27:00.000-11:00Ho to join Kaspersky or NOD Betatester in German, ...Ho to join Kaspersky or NOD Betatester in German, English (imperfect) or Russian Language???<BR/><BR/>It is possible to improve them products by scanning inside zip password protected archives such as done with autorun studio (used by ALL-In-One makers and some other install maker which use zip passwords) can read by all Versions unpack extract password from file, most autorun studio use always the same zip pass.<BR/><BR/>Please comment here to site author, internal will not published as comment!!!Reconhttps://www.blogger.com/profile/06503028238011791604noreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-16414946538930661652008-06-06T16:29:00.000-11:002008-06-06T16:29:00.000-11:00Thanks a lot.Virtumonde.yee Virtumonde.yed add to ...Thanks a lot.<BR/>Virtumonde.yee <BR/>Virtumonde.yed <BR/>add to detection<BR/><BR/>Windows Defender updates june find it now tooAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-63341459879551336692008-06-06T04:14:00.000-11:002008-06-06T04:14:00.000-11:00Alrighty, after posting this on Kaspersky forums i...Alrighty, after posting this on Kaspersky forums it seems it can detect it with the proper safe settings. Having your settings in Interactive mode and using the application filter should pick up any undetected and 0day Vundo variants out there. Hope that helps folks :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-22273202827694265562008-05-30T16:45:00.000-11:002008-05-30T16:45:00.000-11:00Seems to be a new kind of Vundo "I" remove instruc...Seems to be a new kind of Vundo "I" remove instruction for vundo a,b,c,d,e,f,g,h does not work. I'm afraid to unpack it from Themida and Armadilled. Looks like some fake signatures added and the Packer used the older version for the dll's. Freez system32 folder for changes and new added files.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-16890414188614492012008-05-30T02:42:00.000-11:002008-05-30T02:42:00.000-11:00it was the fulll pack of virii I think as i sudden...it was the fulll pack of virii I think as i suddenly found here:<BR/>http://forums.majorgeeks.com/forumdisplay.php?s=f27341e88f78d3a78f9d929ed368711f&f=35<BR/><BR/>ctfmonb blue screen infection <BR/><BR/>http://forums.majorgeeks.com/showthread.php?t=160679<BR/><BR/>the screensaver and background but ctmonb and some more ctfmon(anyletter).exe<BR/>Avast killed already.<BR/>Make bootdisk remove files from dos with ntfs driver must work.<BR/>It might be that in this torrents the real program is embedded to the virus packs but runs togetherAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-17646953924128359832008-05-29T05:14:00.000-11:002008-05-29T05:14:00.000-11:00I have unrecoverble delete these files from Quaran...I have unrecoverble delete these files from Quarantiane/system restore. Can not submite them. it was much more files. the half of them the AV have found. the Vundo wasn't found by the AV. It will be not found in NOD > see analyses all sites files results on virustotal.com with Win32/Vundo.gen! Need to make custom search on the domain virustotal.com<BR/><BR/>I suggest to use process explorer as replacment to task man. see detail in all running instances. It's not possible that there run something hidden. The right tool diag shows all.Reconhttps://www.blogger.com/profile/06503028238011791604noreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-13112751059846092632008-05-29T02:29:00.000-11:002008-05-29T02:29:00.000-11:00Try this:Go to windows\system32 folderlist newer f...Try this:<BR/>Go to windows\system32 folder<BR/>list newer files by smallest size first.<BR/>write unknown files names in <BR/><BR/>process explorer<BR/>http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx<BR/><BR/>search (Find handle or dll)<BR/>Check if they attached in running processes ( mostly winlogon.exe , explorer.exe , iexplorer.exe ). The files are in use and can not delete if windows run.Reconhttps://www.blogger.com/profile/06503028238011791604noreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-91979528735978040322008-05-29T02:08:00.000-11:002008-05-29T02:08:00.000-11:00Virustotal normally give out infected files to Ant...Virustotal normally give out infected files to AntiVirus companies.<BR/><BR/><BR/>http://www.2oak.com/search?hl=en&q=virustotal.com%2BWin32%2FVundo.gen%21I<BR/><BR/><BR/>http://www.2oak.com/search?hl=en&q=Trojan%3AWin32%2FVundo.gen%21I+intext%3Avirustotal.com%2F&btnG=SearchReconhttps://www.blogger.com/profile/06503028238011791604noreply@blogger.comtag:blogger.com,1999:blog-8371275769923656244.post-52941097120948009332008-05-28T23:28:00.000-11:002008-05-28T23:28:00.000-11:00Interesting read my friend. You should at least su...Interesting read my friend. You should at least submit this virus infected file to NOD/Kaspersky so they can update there databases or something so it can be detected after. I know that you mention that these AV firms don't allow deep scans in order to protect the rights of retail commercial products which also use same methods of protection against unpacking etc. but I dunno... just a suggestion. Again I liked the read :) Thanks for the news and I personally myself use ESET Smart Security even with .tors I've never seen this virus before nor have been infected by it. Might want to stay away from public tor sites ;)<BR/><BR/>Also, I wonder if Vundofix.exe can fix this perhaps? I know I had vundo virus long ago and it saved me.Anonymousnoreply@blogger.com