- VundoFix by Atribune
»www.atribune.org/ccount/click.php?id=4
and save it to your desktop
•Double-click VundoFix.exe to run it.
•Click the Scan for Vundo button.
•Once it's done scanning, click the Remove Vundo button.
•You will receive a prompt asking if you want to remove the files,
click YES
•Once you click yes, your desktop will go blank as it starts removing
Vundo.
•When completed, it will prompt that it will reboot your computer,
click OK.
•Please post the contents of C:\vundofix.txt and a new
HiJackThis log.
•Please post the contents of C:\vundofix.txt into a New Topic in the Security Cleanup Forum
Go to this link:
»Security Cleanup
Start your own thread by pressing the *New Topic* button. Do not interrupt other similar threads with your problem. Include the vundofix.txt contents and a fresh HijackThis log(instructions below) Please put in the Title of your topic: Vundo Removal.
We will also need to see a diagnostic log from the free tool HijackThis
- Create a Diagnostic log using HijackThis
See here for specific instructions and screen shots to help:
»russelltexas.com/malware/createhjtfolder.htm
•Download HijackThis here
»www.trendsecure.com/portal/en-US···this.php
• Unzip the file to the new folder you made and doubleclick on HijackThis.exe to open the program. On the newusers quickstart page, Choose *Do a system scan and save a log*
• When the scan finishes, you will get a popup to Save the logfile. Please make note of the location you will be saving it to and click *save*. This should save the file and open the log in Notepad. Copy the contents and post the results into your New Topic when you are ready to post for help.
Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.
...................................................................................
Important Note: Possible Vulnerability in Sun Java versions may be responsible for Vundo/Winfixer infections
Check your installed Sun Java versions
We have noticed a large number of Winfixer/ Vundo / Virutmonde Victims have an older version of Sun Java installed in Add/Remove Programs in the Control Panel. Other older or newer versions may also be installed
Please see this topic:
»Potential Vulnerability with Sun Java auto update
Important Note: Autoupdate of Sun Java does not uninstall previous (vulnerable) versions of the program.
Therefore all users are encouraged to please check in your Control Panel, under Add/Remove programs and uninstall any older versions of Sun Java.
To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:
»www.java.com/en/download/windows···atic.jsp
You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software
Or you can get the manual download here:
»www.java.com/en/download/manual.jsp
And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.
Update: From the SANS Handler's Diary at the Internet Storm Center posted Handler's Diary January 13th 2006
CERTs warn about java bug being exploited
»isc.sans.org/diary.php?storyid=1039
AND you still need to manually uninstall old verisons of Sun Java after updating!
very good guide
ReplyDeleteVery very good guide. Are you a computer genius or are you a computer genius?
ReplyDeleteHad a vundo a few months ago, wish i'd had this guide back then.
ReplyDeletethank you for the guide.
ReplyDeleteI will definitely try this out if I run into that problem
ReplyDeletelol been playin with computers for far too long is all
ReplyDeleteGood information there... Thanks allot
ReplyDeleteHey bro, showing some love ;) Show me some love back plx ;)
ReplyDeleteI'll do it daily.
hey thanks for the info bro
ReplyDeletedaily lurvs
Thanks for the tut bro! I'll have to check it out :)
ReplyDeletegood tut :) daily love!
ReplyDeleteGreat post, will be looking into this a lot more!
ReplyDeleteStewart Higgins
Intranet Expert
Intranet Software
Helped me thanks:) following
ReplyDelete