Saturday, November 8, 2008

Vundo Trojan

How To Remove Vundo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Vundo is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Vundo It also known as:

[Kaspersky]AdWare.Win32.Virtumonde.fp,AdWare.Win32.Virtumonde.jp,AdWare.Win32.SecToolBar.h,AdWare.Win32.Virtumonde.aju,AdWare.Win32.Virtumonde.aqi,Trojan.Win32.Agent.ctk;
[McAfee]Vundo;
[Panda]Spyware/Virtumonde,Adware/Gator;
[Computer Associates]Win32.Vundo,Win32.Vundo.H,Win32/Vundo!Trojan,Win32/Vundo.DLL!Trojan,Win32.Vundo.O,Win32/Vundo.522752!Trojan;
[Other]Win32/Vundo,Mal/Behav-099,Trojan.Vundo,Win32/Vundo!generic,Win32/Vundo.CI,Win32/Vundo.CM,TROJ_VUNDO.AWA,Vundo.gen32,Win32/Vundo.GT,Vundo.gen49,Trojan.Awax,Win32/Darksma.GU,Troj/BHO-DZ,Win32/Vundo.GW,Win32/Vundo.GX,Win32/Vundo.HL,Vundo.gen4l

Vundo Symptoms:

Files:
[%PROFILE_TEMP%]\ipatnu.dat
[%PROFILE_TEMP%]\patch302.exe
[%PROFILE_TEMP%]\tenbv.dat
[%PROFILE_TEMP%]\tmp1.tmp.exe
[%PROFILE_TEMP%]\tmp13C.tmp.exe
[%PROFILE_TEMP%]\tmp183.tmp.exe
[%PROFILE_TEMP%]\tmp19.tmp.exe
[%PROFILE_TEMP%]\tmp1A0.tmp.exe
[%PROFILE_TEMP%]\tmp1E7.tmp.exe
[%PROFILE_TEMP%]\tmp2A.tmp.exe
[%PROFILE_TEMP%]\tmp3D.tmp.exe
[%PROFILE_TEMP%]\tmp3E0.tmp.exe
[%PROFILE_TEMP%]\tmp3E6.tmp.exe
[%PROFILE_TEMP%]\tmp3EE.tmp.exe
[%PROFILE_TEMP%]\tmp68.tmp.exe
[%PROFILE_TEMP%]\tmp6A.tmp.exe
[%PROFILE_TEMP%]\tmp89.tmp.exe
[%PROFILE_TEMP%]\tmp8C.tmp.exe
[%PROFILE_TEMP%]\tmpBE.tmp.exe
[%PROFILE_TEMP%]\tmpC3.tmp.exe
[%PROFILE_TEMP%]\tmpD0.tmp.exe
[%PROFILE_TEMP%]\tmpE0.tmp.exe
[%SYSTEM%]\awvtu.dll
[%SYSTEM%]\hjllm.bak1
[%SYSTEM%]\hjllm.ini
[%SYSTEM%]\MC2O3MVV.F2B
[%SYSTEM%]\mlljh.dll
[%SYSTEM%]\pmkhe.dll
[%WINDOWS%]\awtuut.dll
[%WINDOWS%]\cbxxvw.dll
[%WINDOWS%]\ddbawv.dll
[%WINDOWS%]\effcyv.dll
[%WINDOWS%]\gebxxx.dll
[%WINDOWS%]\geeebc.dll
[%WINDOWS%]\hggdcb.dll
[%WINDOWS%]\iihife.dll
[%WINDOWS%]\iiihec.dll
[%WINDOWS%]\khgedb.dll
[%WINDOWS%]\ljijkk.dll
[%WINDOWS%]\mlifgh.dll
[%WINDOWS%]\nnmmnk.dll
[%WINDOWS%]\opmmlk.dll
[%WINDOWS%]\opmmmk.dll
[%WINDOWS%]\oponll.dll
[%WINDOWS%]\qonkll.dll
[%WINDOWS%]\rqommn.dll
[%WINDOWS%]\rqrsrr.dll
[%WINDOWS%]\tutuvw.dll
[%WINDOWS%]\urssss.dll
[%WINDOWS%]\vtuuro.dll
[%WINDOWS%]\xxxyyy.dll
[%WINDOWS%]\yaabxw.dll
[%WINDOWS%]\yabbca.dll
[%WINDOWS%]\yaxyab.dll
[%PROFILE_TEMP%]\nursar.dat
[%PROFILE_TEMP%]\patch321.exe
[%PROFILE_TEMP%]\svci.exe
[%PROFILE_TEMP%]\VMTEMP.TMP
[%SYSTEM%]\cidrules.dll
[%SYSTEM%]\jiijyilm.dll
[%SYSTEM%]\khfecdb.dll
[%SYSTEM%]\svci.exe
[%WINDOWS%]\inf\psdrv.exe
[%WINDOWS%]\inf\vrdsp.ini
[%PROFILE_TEMP%]\ipatnu.dat
[%PROFILE_TEMP%]\patch302.exe
[%PROFILE_TEMP%]\tenbv.dat
[%PROFILE_TEMP%]\tmp1.tmp.exe
[%PROFILE_TEMP%]\tmp13C.tmp.exe
[%PROFILE_TEMP%]\tmp183.tmp.exe
[%PROFILE_TEMP%]\tmp19.tmp.exe
[%PROFILE_TEMP%]\tmp1A0.tmp.exe
[%PROFILE_TEMP%]\tmp1E7.tmp.exe
[%PROFILE_TEMP%]\tmp2A.tmp.exe
[%PROFILE_TEMP%]\tmp3D.tmp.exe
[%PROFILE_TEMP%]\tmp3E0.tmp.exe
[%PROFILE_TEMP%]\tmp3E6.tmp.exe
[%PROFILE_TEMP%]\tmp3EE.tmp.exe
[%PROFILE_TEMP%]\tmp68.tmp.exe
[%PROFILE_TEMP%]\tmp6A.tmp.exe
[%PROFILE_TEMP%]\tmp89.tmp.exe
[%PROFILE_TEMP%]\tmp8C.tmp.exe
[%PROFILE_TEMP%]\tmpBE.tmp.exe
[%PROFILE_TEMP%]\tmpC3.tmp.exe
[%PROFILE_TEMP%]\tmpD0.tmp.exe
[%PROFILE_TEMP%]\tmpE0.tmp.exe
[%SYSTEM%]\awvtu.dll
[%SYSTEM%]\hjllm.bak1
[%SYSTEM%]\hjllm.ini
[%SYSTEM%]\MC2O3MVV.F2B
[%SYSTEM%]\mlljh.dll
[%SYSTEM%]\pmkhe.dll
[%WINDOWS%]\awtuut.dll
[%WINDOWS%]\cbxxvw.dll
[%WINDOWS%]\ddbawv.dll
[%WINDOWS%]\effcyv.dll
[%WINDOWS%]\gebxxx.dll
[%WINDOWS%]\geeebc.dll
[%WINDOWS%]\hggdcb.dll
[%WINDOWS%]\iihife.dll
[%WINDOWS%]\iiihec.dll
[%WINDOWS%]\khgedb.dll
[%WINDOWS%]\ljijkk.dll
[%WINDOWS%]\mlifgh.dll
[%WINDOWS%]\nnmmnk.dll
[%WINDOWS%]\opmmlk.dll
[%WINDOWS%]\opmmmk.dll
[%WINDOWS%]\oponll.dll
[%WINDOWS%]\qonkll.dll
[%WINDOWS%]\rqommn.dll
[%WINDOWS%]\rqrsrr.dll
[%WINDOWS%]\tutuvw.dll
[%WINDOWS%]\urssss.dll
[%WINDOWS%]\vtuuro.dll
[%WINDOWS%]\xxxyyy.dll
[%WINDOWS%]\yaabxw.dll
[%WINDOWS%]\yabbca.dll
[%WINDOWS%]\yaxyab.dll
[%PROFILE_TEMP%]\nursar.dat
[%PROFILE_TEMP%]\patch321.exe
[%PROFILE_TEMP%]\svci.exe
[%PROFILE_TEMP%]\VMTEMP.TMP
[%SYSTEM%]\cidrules.dll
[%SYSTEM%]\jiijyilm.dll
[%SYSTEM%]\khfecdb.dll
[%SYSTEM%]\svci.exe
[%WINDOWS%]\inf\psdrv.exe
[%WINDOWS%]\inf\vrdsp.ini

Folders:
[%PROGRAM_FILES%]\earn

Registry Keys:
HKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_CLASSES_ROOT\atlevents.atlevents.1
HKEY_CLASSES_ROOT\CLSID\{1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2}
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2}
HKEY_CLASSES_ROOT\clsid\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\clsid\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_CLASSES_ROOT\clsid\{2316230a-c89c-4bcc-95c2-66659ac7a775}
HKEY_CLASSES_ROOT\clsid\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_CLASSES_ROOT\clsid\{2c80ead3-74cd-4700-83a4-aa878cd1c03c}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_CLASSES_ROOT\clsid\{bb54de33-e539-4749-bfac-cc49617e8f2a}
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_CURRENT_USER\software\microsoft\sysupd
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windku32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2316230a-c89c-4bcc-95c2-66659ac7a775}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_LOCAL_MACHINE\software\targetsoft

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\clsid\{5ac8b218-35b8-4923-9887-2f52657f8d5c}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{849b9523-785f-4014-9caf-079fb4a74c61}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)