Vundo-trojan Not Totally Cleared

gustaaf.cuyvers

Dear,

We went to Bitdefender as anti-malware solution because we didn't get good support from another programm. Before our business will switch, we just installed a 2Y3PC version of Internet security as defence against virusses, spyware and spam.

I installed it on 2 machines, one infected, one clear.

The clear PC installation went without problems, but after a day of use, the Outlook express refused to start. I noticed that it was stopped by the firewall. I changed the refusal into an approvement, but still no Outlook express possible. Then I removed the line into the firewall-settings. Still refusement to open the application. Never the last I restarted the computer after closing all open applications : finally Outlook Express opens again on the XP-machine.

The infected PC : The scan after installation detected the Vundo-trojan multiple times on the computer and deleted the male except for 2 entries. (Bitdefender said)

Two entries couldn't be removed nor quarantained. Then I tried the linux boot directly from disk. Alltrough there were still multiple infections and related keys into the register, pointing to the Vundo(Virtumod)-virus, the knoppix based scan on the windows drive could find any infection, and didn't remove anything.

At last I went for other applications and found a thirdparty and free Vundo remover tool that removed all entries (.dll's) related to this trojan. After a reboot and a manual removal of a registery key, the files and infection were gone.

It is a pretty old virus, why has bitdefender no solution for this issue?

I hope that all issues mentioned in this forum are solved by now. If the problems are still there, I can never convince my management to update the whole plant to Bitdefender.

Cd-MaN

Hello.

First of all I'm sorry that you had these problems. About the Outlook express issue you should probably contact the live support (I'm just a virus researcher). With regards to the Vundo infection: the Vundo family is a continuously changing target (ie there are many, many versions out there). When dealing with such nasty infection it's always the best to do the cleaning from an off-line media (as you correctly did).

My question would be: have you updated the BD on the CD before scanning? Because after the CD is burned many updates are released (in fact around 12 / day) to keep up with the latest threats. The solution is that you have to update the BD on your CD (these updates will be placed in a temporary disk) before scanning.

An other possibility is that BD only found the files in DeepScan (manual) mode. Is this what happened? DeepScan is a special mode which scans the executables in their execution environment and only works for processes which are currently running in the memory.