Vundo virus

[xsoft]

Greting,
before 3 days Ive got again Vundo virus.

This virus is there from 05/2008. Its a nasty one - it copy themself to \system32 as dandom dll, running from startup, register themself as IE7 plugin .. and showing some popups like "Buy new Antivirus 2009".

I have last version of ESET NOD 32 (updated to 8.8.2008), but still this virus gote me. I have send sample to virustotal.com (online virus test) and 13 antiviruses found it (from 36). NOD was NOT one of them. Neither Symantec antivirs or AVG. Thats a bit shame. Ive trusted those antiviruses and stilll they cant detect it. Ive send a sample before 2 months to NOD32 submit site, but still NOD cant detect this virus. Norman antivirus e.g. can, but this antivirus just cant run separately with NOD (tested on XP adn Vista). It look like every one want to "take control" over system and they freeze each other (=you can move mouse, but no reaction for click on keypress. If you wait 2-20 minutes, then you click will be proceed, but still you are at 99% lag. Nope, CPU is not at 100, its just look like frozen PC, but it isnt, If you play a movie, then player will fluently show movie and soub, but if you click on stop, (mouse/keyboard), then you need to wait 5 minutes).


Anyway. Can I please ask ESET about add Vundo virus detection into NOD32? Its 3 months old virus. Im not sure now if I will have some examples (Im glad that I deleted all of them).

Btw, Norman maybe detect and delete this virus, but their Vundo remove tool dont work (maybe there is a new mutation of virus) http://www.norman.com/Virus/Virus_removal_tools/en-us

[nonoise]

Read more about Virtumonde here:

http://www.eset.com/threat-center/ca..._July_2008.pdf

it really looks like a nasty little bugger. you can get rid of it with Malwarebytes' Anti-Malware and superantispyware home, both are free.

[xsoft]

Oh, thanks for suggestion.
I will try those antimalwares.

PS: Malwarebytes' Anti-Malware 1.24
Free to try; $24.95 to buy

[PaulB2005]

Quote:

Can I please ask ESET about add Vundo virus detection into NOD32? Its 3 months old virus

This virus has many variants. Some are 3 months old, but some maybe only 3 weeks, 3 days or even 3 hours old... The virus creators are constantly changing the files to evade detection. If you can identify the files submit them so Eset can update the detection of the variant you have.

[Marcos]

Quote:

Originally Posted by xsoft

Greting,
before 3 days Ive got again Vundo virus.

This virus is there from 05/2008. Its a nasty one - it copy themself to \system32 as dandom dll, running from startup, register themself as IE7 plugin .. and showing some popups like "Buy new Antivirus 2009".

I have last version of ESET NOD 32 (updated to 8.8.200, but still this virus gote me. I have send sample to virustotal.com (online virus test) and 13 antiviruses found it (from 36). NOD was NOT one of them. Neither Symantec antivirs or AVG. Thats a bit shame. Ive trusted those antiviruses and stilll they cant detect it. Ive send a sample before 2 months to NOD32 submit site, but still NOD cant detect this virus. Norman antivirus e.g. can, but this antivirus just cant run separately with NOD (tested on XP adn Vista). It look like every one want to "take control" over system and they freeze each other (=you can move mouse, but no reaction for click on keypress. If you wait 2-20 minutes, then you click will be proceed, but still you are at 99% lag. Nope, CPU is not at 100, its just look like frozen PC, but it isnt, If you play a movie, then player will fluently show movie and soub, but if you click on stop, (mouse/keyboard), then you need to wait 5 minutes).


Anyway. Can I please ask ESET about add Vundo virus detection into NOD32? Its 3 months old virus. Im not sure now if I will have some examples (Im glad that I deleted all of them).

Btw, Norman maybe detect and delete this virus, but their Vundo remove tool dont work (maybe there is a new mutation of virus) http://www.norman.com/Virus/Virus_removal_tools/en-us

Hello,
Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed.

Also, please PM me your email address so that I can check the status of your samples.

[xsoft]

Hi,
email sent. (it look that PM messages doesnt work - my mail was xsoft at seznam.cz).

Virus samples and log attached.
Thanks.

[hex_614]

use superantispyware it will do the job. and install a behaviour base anti malware. like threat fire or norton antibot. it will further protect u.

[Dark Shadow]

Quote:

Originally Posted by xsoft

Oh, thanks for suggestion.
I will try those antimalwares.

PS: Malwarebytes' Anti-Malware 1.24
Free to try; $24.95 to buy

They Have a free version as well.