Vundo virus

Discussion in 'ESET NOD32 Antivirus' started by xsoft, Aug 11, 2008.

Thread Status:
Not open for further replies.
  1. xsoft

    xsoft Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    3
    Greting,
    before 3 days Ive got again Vundo virus.

    This virus is there from 05/2008. Its a nasty one - it copy themself to \system32 as dandom dll, running from startup, register themself as IE7 plugin .. and showing some popups like "Buy new Antivirus 2009".

    I have last version of ESET NOD 32 (updated to 8.8.200:cool:, but still this virus gote me. I have send sample to virustotal.com (online virus test) and 13 antiviruses found it (from 36). NOD was NOT one of them. Neither Symantec antivirs or AVG. Thats a bit shame. Ive trusted those antiviruses and stilll they cant detect it. Ive send a sample before 2 months to NOD32 submit site, but still NOD cant detect this virus. Norman antivirus e.g. can, but this antivirus just cant run separately with NOD (tested on XP adn Vista). It look like every one want to "take control" over system and they freeze each other (=you can move mouse, but no reaction for click on keypress. If you wait 2-20 minutes, then you click will be proceed, but still you are at 99% lag. Nope, CPU is not at 100, its just look like frozen PC, but it isnt, If you play a movie, then player will fluently show movie and soub, but if you click on stop, (mouse/keyboard), then you need to wait 5 minutes).


    Anyway. Can I please ask ESET about add Vundo virus detection into NOD32? Its 3 months old virus. Im not sure now if I will have some examples (Im glad that I deleted all of them).

    Btw, Norman maybe detect and delete this virus, but their Vundo remove tool dont work (maybe there is a new mutation of virus) http://www.norman.com/Virus/Virus_removal_tools/en-us
     
  2. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
  3. xsoft

    xsoft Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    3
    Oh, thanks for suggestion.
    I will try those antimalwares.

    PS: Malwarebytes' Anti-Malware 1.24
    Free to try; $24.95 to buy
     
  4. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    This virus has many variants. Some are 3 months old, but some maybe only 3 weeks, 3 days or even 3 hours old... The virus creators are constantly changing the files to evade detection. If you can identify the files submit them so Eset can update the detection of the variant you have.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed.

    Also, please PM me your email address so that I can check the status of your samples.
     
  6. xsoft

    xsoft Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    3
    Hi,
    email sent. (it look that PM messages doesnt work - my mail was xsoft at seznam.cz).

    Virus samples and log attached.
    Thanks.
     
  7. hex_614

    hex_614 Registered Member

    Joined:
    Jul 17, 2008
    Posts:
    155
    Location:
    Manila, Philippines
    use superantispyware it will do the job. and install a behaviour base anti malware. like threat fire or norton antibot. it will further protect u.
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    They Have a free version as well.
     
Thread Status:
Not open for further replies.