Malware talk

Malware talk

Vundo-trojan Not Totally Cleared

Dear,


We went to Bitdefender as anti-malware solution because we didn't get good support from another programm. Before our business will switch, we just installed a 2Y3PC version of Internet security as defence against virusses, spyware and spam.


I installed it on 2 machines, one infected, one clear.


The clear PC installation went without problems, but after a day of use, the Outlook express refused to start. I noticed that it was stopped by the firewall. I changed the refusal into an approvement, but still no Outlook express possible. Then I removed the line into the firewall-settings. Still refusement to open the application. Never the last I restarted the computer after closing all open applications : finally Outlook Express opens again on the XP-machine.


The infected PC : The scan after installation detected the Vundo-trojan multiple times on the computer and deleted the male except for 2 entries. (Bitdefender said)


Two entries couldn't be removed nor quarantained. Then I tried the linux boot directly from disk. Alltrough there were still multiple infections and related keys into the register, pointing to the Vundo(Virtumod)-virus, the knoppix based scan on the windows drive could find any infection, and didn't remove anything.


At last I went for other applications and found a thirdparty and free Vundo remover tool that removed all entries (.dll's) related to this trojan. After a reboot and a manual removal of a registery key, the files and infection were gone.


It is a pretty old virus, why has bitdefender no solution for this issue?


I hope that all issues mentioned in this forum are solved by now. If the problems are still there, I can never convince my management to update the whole plant to Bitdefender.

Comments

  • Hello.


    First of all I'm sorry that you had these problems. About the Outlook express issue you should probably contact the live support (I'm just a virus researcher). With regards to the Vundo infection: the Vundo family is a continuously changing target (ie there are many, many versions out there). When dealing with such nasty infection it's always the best to do the cleaning from an off-line media (as you correctly did).


    My question would be: have you updated the BD on the CD before scanning? Because after the CD is burned many updates are released (in fact around 12 / day) to keep up with the latest threats. The solution is that you have to update the BD on your CD (these updates will be placed in a temporary disk) before scanning.


    An other possibility is that BD only found the files in DeepScan (manual) mode. Is this what happened? DeepScan is a special mode which scans the executables in their execution environment and only works for processes which are currently running in the memory.

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.