Vundo Trojan Characteristics

Vundo Trojan Characteristics

Discovered: November 20, 2004

Updated: May 9, 2006 5:50:26 AM

Type: Trojan

Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000

CVE References: CVE-2004-1050

Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Protection

• Initial Rapid Release version May 9, 2006
• Latest Rapid Release version September 6, 2008 revision 016
• Initial Daily Certified version May 9, 2006
• Latest Daily Certified version September 6, 2008 revision 009
• Initial Weekly Certified release date May 10, 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium
• Payload: May download potentially malicious files on to the compromised computer.

Distribution

• Distribution Level: Low

Trojan-Downloader.Win32.Banload.dcd

This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It allows worse trojans to access your computer.

Follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the Trojan process.
2. Delete the following system registry key parameter:
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "lsass" = "%Program Files%\Microsoft Studio Files\lsass.exe"
3. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
4. Delete the following directory and its contents:
   %Program Files%\Microsoft Studio Files
5. Delete all files from %Temporary Internet Files%.
6. Update your antivirus databases and perform a full scan of the computer

For a 1 easy click removal, try this. http://www.spywaretrojanremover.com/compare

Back Door Trojans

Backdoors

Today backdoors are the most dangerous type of Trojans and the most widespread. These Trojans are remote administration utilities that open infected machines to external control via a LAN or the Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect.

The only difference between a legal administration tool and a backdoor is that backdoors are installed and launched without the knowledge or consent of the user of the victim machine. Once the backdoor is launched, it monitors the local system without the user's knowledge; often the backdoor will not be visible in the log of active programs.

Once a remote administration utilitiy has been successfully installed and launched, the victim machine is wide open. Backdoor functions can include:

• Sending/ receiving files
• Launching/ deleting files
• Executing files
• Displaying notification
• Deleting data
• Rebooting the machine

In other words, backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. In short, backdoors combine the functionality of most other types of Trojans in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms. The only difference is that worms are programmed to propagate constantly, whereas these 'mobile' backdoors spread only after a specific command from the 'master'.

Trojan Vundo Removal

Trojan Vundo Problems

"A week ago my Norton Antivirus started popping up saying C:\windows\system32\hggebay.dll had a virus in it called trojan.vundo. Since then, I've tried deleting the file NUMEROUS ways, including in safe mode, using the task manager/DOS prompt method where you end the EXPLORER.EXE process and try to delete the file with DOS. Norton can't delete it, it just keeps saying that it can't be deleteing because a running process if using it. I just bought this computer and really don't want it to break so if anyone knows how to fix this problem please post it."

Give VundoFix a try...... It may not work for all variants of Trojan Vundo.

Download VundoFix.exe to your Desktop.

# Double-click VundoFix.exe to run it.
# Click the Scan for Vundo button.
# Once it's done scanning, click the Remove Vundo button.
# You will receive a prompt asking if you want to remove the files, click YES.
# Once you click yes, your desktop will go blank as it starts removing Vundo.
# When completed, it will prompt that it will reboot your computer, click OK.

Best Trojan Vundo Remover for all types

Trojan Proxy

Trojan Proxy is a trojan which allows a remote hacker to utilize your computer's IP address to connect to the internet. This way, the hacker will be able to cover his internet footprints using a series of compromised computers.

Trojan proxy is quickly removed with this

Best Spyware Removal

Having spyware on your computer can intercept your personal information, secretly install malicious software, and even take control of your PC without your knowledge.

If your computer is behaving strangely, such as opening files randomly, automatically visiting web pages, hi-jacking your default browser page, or loading annoying tool-bars - then there's a good chance you're infected with Spyware.

Thankfully, help is at hand. There's now many anti-spyware solutions available, which can automatically detect and eliminate spyware from your PC. Many of these programs are also very intuitive and easy-to-use.

XoftSpySE is a popular anti-spyware product made by ParetoLogic. It claims to be the most advanced spyware detection and removal application on the entire internet. But does it really live up to these claims?

In this review, we will examine the positives and negatives of XoftSpySE, and find out if it really is the best spyware remover.

Let's get started:

Features:
XoftSpySE features everything you would expect from an anti-spyware application, and few nice extras which you may not expect. Firstly, you have the option of changing your "home page" setting, in case you have been the victim of "browser hi-jacking" spyware.

The comprehensive scan settings allow you to scan your files, system registry, active processes, system folders, or selected folders. The scan provided by XoftSpySE is very unlikely to miss anything out.

You can also use the "schedule" feature to make XoftSpySE run at certain times of the day (or night) so your PC always remains free of spyware.

The final two main features are the ignore list and backup list. These options allow you to ignore certain files which show up as spyware, but you know aren't. The backup list lets you back up your files before you delete them - just in case you still need them for some reason.

Ease of Installation:
XoftSpySE is a small 2.8mb download. Once you've downloaded it, you simply open the file, accept a license agreement - and then it will automatically install itself onto your computer. Once it has finished, you can choose to run the program straight away.

Support:
The support for XoftSpySE is equally impressive as everything else about XoftSpySE. The program features its own help system which will guide you through the program features. You can also visit the ParetoLogic website, where you will have pre-sales questions, FAQ's, and comprehensive support for licensed users.

Click Here For A Free Scan With XoftSpySE Today

How To Remove Trojan Vundo

Has your computer ever got infected by a trojan? Read on to find out how you can solve this problem using the best spyware remover online.

Trojans are usually disguised as .exe programs. It is different from a virus because trojans do not self-duplicate. They are spread manually, and most often then not under the disguise that they are beneficial to the user. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. Upon executing these files, your computer will be infected with a virus that causes various symptoms including multiple popups on your internet explorer tool bar. When you try to close the pop up tabs, every new window you open or site you surf activates the symptoms again.

Trojan Vundo is one such virus that I came across. My computer has Norton Antivirus protection. It was able to detect the trojan, however, for some reason was unable to quarantine or remove the trojan. The latest variants of this trojan are observed to display fake error messages and asks the user to download security software programs.

Certain variants of the Trojan Vundo are especially difficult to remove except by the best spyware removers. Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory. However, a combination of manual and DAT/Engine removal methods does allow for successful removal of this threat.

It manual removal is not your thing and tinkering around with log files baffles you, a solution is to use a trojan spyware remover. Its easy to use and requires you to run a scan for the trojan, then click the clean button which automatically clears out the problem. Then just reboot your computer and this should do the trick. Its important to use only a good spyware remover that is constantly updated to monitor against new variants.

Listing of Best Spyware Remover in the market.