A Case of the Vundo

Status
Not open for further replies.
A computer for the company I work for just got this nasty bugger on one of our computers.

I followed the steps here:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

And I had initially found you guys from this thread:
https://www.techspot.com/vb/topic119190.html

I downloaded ComboFix, but have not ran it yet and I won't until its required.

I had seen many other posts about this trojan and how to get rid of it. Tried a few. But to no avail. My logs are attached.

Note that, the McAfee VirusScan log I copied and created from the results of the scan. Looks the exact same. Also, the program "VirtumundoBeGone.exe" is a program I had found on another forum to use (I'm sure y'all have heard of it). I didn't try it yet. So, let me know if its worthless.

We didn't want to do any registry deletions/changes ourselves without a going through y'all first. We did manage to delete some files via FileAssassin and renaming.

Also, at one point, we thought it was just the sdra64.exe virus. But I'm guessing it all comes back to Vundo. If there's any other info you need, just let me know in reply.

(Btw, I work in IT at a company. I understand that this is y'alls specialty. I don't mind consulting with experts.) ;-)

Thanks in advance,
FO4R
 
You need to "take action" on the nasty stuff found in the Malwarebytes and superantispyware logs...
 
Understandable. Both Malwarebytes and SuperAntiSpyware do take action. But because of the registry entries, Vundo creates another randomly named and generated file in the C:\windows\system32 folder. I wanted to make sure and run this through here before we continued.

Thanks for the reply ;-)
 
I realize that you are IT specialists. We usually recommend free programs like CCleaner and Advanced SystemCare to help keep malware infections down. Programs like McAfee and Symantecs Norton are bloatware and useless for most home PC users. You in IT Services have need for more computer security. I recommend that you re-evaluate your security in wake of this infection. Good luck
 
I agree with you totally. Being that I just started here as Assistant Database Manager/ IT guy, all I can do is recommend. And my fellow associate now agrees I believe.

We work for the University of Michigan, but are far from there. Actually we are based in Corpus Christi, TX. So paper trails and recommendations from elsewhere and higher up interfere. I believe after this, we can definitely make a case for serious changes and a more tiered approach to protection. I had actually used CCleaner before this on my own computer here and made that reccomendation.

A different computer of our's went down to what we believe was very possibly a virus as well and we ended up using a BartPe boot disc to retrieve files and just reformat.

But I digress, and to the matter at hand. What should be the next step? Rerun the scans as per the steps in the forum? Or rerun and then ComboFix? Edit Reg ourselves? Any insights on this would be greatly appreciated by moderators, helpers, etc. And thank you Tmagic650 for your quick replies.

Thanks in advance,
FO4R
 
Status
Not open for further replies.
Back