go to your C:\\WINDOWS>system32\
and check if this files are in the directory. if so, that means your PC is in big trouble. Lavasoft adaware cant detect some spywares such as .qn, and .virtumonde. try avg anti-spywares or mcafee.
winhab32.dll > trojan.dialer.qn
jkkji.dll > adware.Virtumonde
jkkll.dll > adware.Virtumonde
baejgvrx.dll > Adware.BHO
xknrcqtp.dll > Adware.BHO
Vundo Trojan - Specifics and Removal
Introduction - About Spyware
Unfortunately a large majority of computers are infected by various spyware programs today. Spyware is a general term that is frequently used to describe a large group of malicious software applications that includes adware, spyware, trojans, hijackers, keyloggers, dialers and worms. Modern malicious software applications apply numerous and often highly sophisticated tactics to hide and spread. Their tactics range from randomly-named files, mutation, and system file impersonation. Let's review the most widely spread malicious groups: Adware and Trojans.
Adware programs are software applications (not always malicious) that display advertisements on the infected computer. Advertisements can be displayed through pop-up and pop-under windows, additional bars or toolbars, underlined links or buttons that appear on a computer screen. Adware applications include additional code that delivers the ads. Adware authors earn money when users click on those ads. Occasionally, adware includes code that tracks user's site visits and passes it to third parties without the user's permission or knowledge.
Trojans are programs that install secretly, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control over the infected computer. Trojans can be distributed by unsolicited email attachments, or bundled with freeware and shareware programs. Trojans are also often bundled with computer cracks.Vundo Specifics
Vundo (also known as VirtuMonde and VirtuMundo) is a malicious software application that combines both adware and trojan characteristics. Vundo is wide spread today and is probably one of the hardest programs to get rid of. Once installed, Vundo downloads and displays pop-up advertisements that often promote questionable computer-enhancement programs or fake anti-virus or anti-spyware utilities. Lately, Vundo has been advertising several rogue programs called WinFixer2005, WinAntiVirus Pro 2006, WinAntiSpyware and RazeSpyware.
Vundo typically displays messages warning the user that their PC is infected and needs immediate attention. The messages can mimic system messages (seem as if they are generated by Windows Operating System) and they refer the user to download one of its affiliated dubious programs. Sample message below:
"If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data loss. Would you like to install WinFixer 2005 to check your computer for free?"
Once installed, the program (Winfixer, WinAntiVirus, WinAntiSyware or RazeSpyware) pretends to find numerous errors and will coerce the user into paying money to fix these alleged errors.
Sample WinFixer2005 pop-up message:
It is noticed that Vundo Trojan uses the following domains and promotes software and services that belong to these domains:
* reliablestats.com;
* winantispyware.com;
* winantivirus.com;
* winantiviruspro.com;
* winfixer.com;
* winnanny.com;
* winsoftware.com.
NOTE: Please do not visit these websites because Vundo Trojan may silently install without your permission or knowledge.
Your PC may become infected with Vundo Trojan if:
* you visit affected website;
* you open a spammed e-mail message;
* you use affected peer-to-peer network;
* you run an affected trojan application;
* you install a software crack.
If you take a look at the report generated by the HijackThis anti-hijack tool, you may see entries similar to the following:
* O2 - BHO: MSEvents O(mobiusgames rocks!)ect - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
* O2 - BHO: (no name) - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
* O20 - Winlogon Notify: - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
* O20 - Winlogon Notify: - C:\WINDOWS\system32\{RANDOM_DLL_NAME}.dll
These entries mean that the computer is affected by Vundo Trojan. {RANDOM_DLL_NAME} for example could be: "ddcya.dll", "jkkji.dll".
Please note that Vundo cannot be removed with HijackThis tool.
Vundo is able to download silently and install additional harmful files and adware components. It may noticeably decrease the amount of system virtual memory which slows down computer performance.
Vundo Trojan modifies Windows registry database which enables it to run on every Windows startup. It creates executable files with randomly generated names in the Windows or WINNT folders or subfolders. Vundo Trojan very effectively hides from the user and from spyware / virus detection software programs. Manual removal of Vundo Trojan is almost impossible for the overwhelming majority of PC users; only highly experienced professionals stand a chance.
No comments:
Post a Comment