New Vundo

rcw
rcw
in Sample submission

This was undetected with Bitdefender and ClamAV. McAfee Webimmune detected it as Vundo.


I found it in c:\windows\system32 on a Windows XP SP2 system, hooked in via a Winlogin notify registry key. It originally had a .dat extension.


The usual vundo removal tricks (use proces###plorer to suspend just about everything, then use regedit to remove the key, then hard reboot, then move or delete the file) worked.

/applications/core/interface/file/attachment.php?id=2882" data-fileid="2882" rel="">__c002EBE6.txt

Comments

All Time Leaders

Categories

Defenders of the month