e-card virus issue

[The Hammer]

Quote:

Originally Posted by GrammatonCleric

I don't know if Symantec Online Scanner allows you to delete the infection or if it just ID's it.

BitDefender assuming they detect it, is one that will delete unless you change the setting to tell it not to. Fine for a single computer but 1800! But I'm sure Eset will rectify the situation soon enough.

[bsilva]

Luckily we were able to contain using GW to setup rules to prevent forwarding of the e-card email.

I think we've cleaned up most computers. It wasn't all 1800 of them but it was a good amount (over 50). I saw some more updates so I hope it detects it now. I have a test computer that is infected.

[BedreAntivirus]

use MalwareBytes Anti-Malware mate for vundo removal!
http://www.malwarebytes.org/mbam.php

[funkydude]

Quote:

Originally Posted by GrammatonCleric

That's true, but I think they fixed it with 2009, since 2009 seemed to uninstall correctly from my VM.

Another thought would be to run the free Symantec Online Scanner and at least ID the files and their locations, I don't know if Symantec Online Scanner allows you to delete the infection or if it just ID's it.

No, they didn't. Whether it's a folder or a registry entry. I wouldn't recommend Symantec's online cleaner either, if I were to recommend a free cleaner it would be Dr. Web's cure it, no install, easy update, simple clean. It's one of my cleanup tools I take with me when fixing someones machine.

[GrammatonCleric]

Quote:

Originally Posted by bsilva

Luckily we were able to contain using GW to setup rules to prevent forwarding of the e-card email.

I think we've cleaned up most computers. It wasn't all 1800 of them but it was a good amount (over 50). I saw some more updates so I hope it detects it now. I have a test computer that is infected.

There was a new update released few min ago...does it detect it now?


Oh and reason why I kept saying Norton is that it's been proven to detect this strain, so it was logical to use a tool that has allready shown a positive detection.

And yes Malwarebytes and SuperAntiSpyware are both very good and nuking Vundo, however they are not server managed...and I forgot that the user had 50 machines to clean.

Also a good tool is SCOTTY aka WinPatrol...it's a freebie or if you so inclined you can pay the author for making it and get the PLUS version.

[elavoie]

Quote:

Originally Posted by GrammatonCleric

There was a new update released few min ago...does it detect it now?


Oh and reason why I kept saying Norton is that it's been proven to detect this strain, so it was logical to use a tool that has allready shown a positive detection.

And yes Malwarebytes and SuperAntiSpyware are both very good and nuking Vundo, however they are not server managed...and I forgot that the user had 50 machines to clean.

Also a good tool is SCOTTY aka WinPatrol...it's a freebie or if you so inclined you can pay the author for making it and get the PLUS version.

Alas the new update does not work, and for removal of vundo i must admit malwarebytes is quite thourough in removing it, i have encounterred this virtumonde crap for the last 5 years. From inception it has been one of the nastiest piece of $%$ every time i encounterred it, this current one is pretty impressive, it hooks itself in so many corner. As for not using norton, nothing religious about it, i find most AV are not great at cleaning virtumonde, spybot only cleans it a partially, malwarebytes was pretty spot on. Now i hope we get an update that detects it.

[GrammatonCleric]

Please let us know when it's detected.
Welcome to the submission to definition addition lag.
I don't know what determines when they add the files, but many times the lag is horrid and then on occasion it's few hours.

Of course that does not help the fact that if you are the one who is infected and waiting for the solution has to be kept waiting for 3+ days and counting.

[bsilva]

I got an update for it and Eset sees it as Win32/Merond.G.

[elavoie]

Quote:

Originally Posted by bsilva

I got an update for it and Eset sees it as Win32/Merond.G.

Same here, problem solved

[jimwillsher]

I do find ESET to be sometimes slow in detecting.

If ever I have to download from Usenet and I'm unsure of the file, I always use Kaspersky's free online virus scanner. On at least a dozen occasions it has detected a virus when ESET hasn't; I've then sent the file to ESET, and the next update has detected it.

Seems like Kaspersky are proactive and ESET are reactive.


Jim