|
|
Post by phoney on Mar 5, 2009 17:42:20 GMT
Just did a Malwarebytes system check and it threw up this:
Files Infected:
C:\Toshiba\Drivers\DVDPlayer\VCRedist\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
I don't know from where or when it arrived. All I can think of is that Toshiba Tempro driver update I mentioned in the 'Best Zip software' thread.
Is it bad and is there anything else I need to do?
Cheers.
|
|
|
|
Post by ken on Mar 5, 2009 18:28:50 GMT
Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.
Malwarebytes will get rid of it, leaving nothing else to do. Super AntiSpyware Pro which runs in the background, will stop it dead while trying to get on.
KC
|
|
|
|
Post by phoney on Mar 5, 2009 19:19:46 GMT
Cheers Ken, I haven't had any popups or anything to suggest a problem. I have never even used the Toshiba DVD player. I wonder if it came with the laptop in the first place. It was only beacuse I decided to do a full scan with Malwarebytes (which took forever) that it showed up. Could it be falsely identifying a genuine file as a trojan?The only disc that's been in the drive is the CD that came with last months Windows Vista magazine. I should download Super AntiSpyware Pro and give that a run. Wonder why McAfee or Defender didn't show it up. added to this post at 21:04 5th MarchI posted the prob on toshiba forum and no reply as yet, but browsing I see someone else reported malwarebytes as showing a Trojan.Vundo and the reply suggests it may be a false positive. forums.computers.toshiba-europe.com/forums/thread.jspa?threadID=40837&tstart=0I won't relax until I get a definate answer. |
|
|
|
Post by ken on Mar 5, 2009 21:04:48 GMT
Defender is a 5th rate Microsoft product and McAfee is not much better. SAS Pro is a paid for version, well worth the money in my book. I have never known anything else get mistaken for Vundo, its the bug that produces all the phony anti-spyware scanners. It will try and sneak in along with Windows Updates, if theres nothing running to stop it.
KC
|
|
|
|
Post by phoney on Mar 5, 2009 21:07:27 GMT
Ken I modified above at the same time as your post
|
|
|
|
Post by phoney on Mar 5, 2009 22:42:10 GMT
After more googling I discover malwarebytes.org has a help forum (You knew that I know) and they list loads of False Positives.
I posted the log.
Within 2 minutes a reply:
Quote:
This was a confirmed F/P that has been revised in more recent DB update.
Please update to most recent DB 1821 and rescan
I was using 1820 off the Vista mag CD.
|
|
|
|
Post by ken on Mar 6, 2009 0:53:03 GMT
I have never used a Toshiba Phoney. I very seldom run Malwarebytes, Avast and SAS Pro handle things very well. Mainly its a Trojan that SAS stops and quarantines, but cant remove. Then I update and run MBAM to remove it. If its trying to get on, its not anything to do with the installed software. I don't have system restore and I don't have any hidden files, theres nowhere on my machine for anything to hide. Its never showed me a false positive as long as I've used it. I know people say they have lost files, but I have no idea what machines they have been using. All my stuff is home built and my laptops have always been Acer. I don't run any Acer software, on my laptops. When I hear that people have lost files from manufacturer's software, I don't know if its a bad thing.
KC
|
|
|
|
Post by computing50yrs on Mar 6, 2009 9:52:38 GMT
I have run Malwarebytes and it came up with trojan.vundo
When I tried to fix it , the file went into the quarantine but then I got message to say I had removed a windows file to load my XP C D to reload the file.
I restored the file from the vault and googled trojan vundo and got a link to
download a fixvundo.exe program from symantec corporation which I ran to correct the problem, but after scanning all my hard drives it locked the PC so I had to reboot.
I have now rescanned using malwarebytes
logged
Files Infected:
C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
The file found is different to that found yesterday and this time I did not get the load XP Cd.
smething a little odd, so may be a false positive
|
|
|
|
Post by phoney on Mar 6, 2009 10:07:48 GMT
|
|
|
|
Post by computing50yrs on Mar 6, 2009 11:06:36 GMT
Thanks Phoney - updated my malware then recoverd the file from quarantine and rescanned did not report the file so my system OK again
|
|
|
|
Post by ken on Mar 6, 2009 19:02:51 GMT
The Updater should be run every time before using MBAM, it can update 3 or 4 times a day. Sometimes the whole thing updates, but mostly its just the definitions.
KC
|
|
