Computer acting weird....

[Guest]

I keep getting a popup that says Security breach by Blackworm virus, or
Beagle virus and then it wants me to go and install a security thing from
www.Amaena.com? My MAS definitions are up to date on Beta 1 5825 178/178 as
are my Nortons virus definitions. I even did a Norton full scan that came
back clean. Has anyone got any idea what is causing this or what I can do
about it? It happened this morning when I first got on the net, I rebooted
and it stopped, and now I just got the Blackworm one, it keeps changing the
name of the virus.

My computer is a Prescio Compaq 7600 XP with SP 1 and 2, Nortons, and MAS.
It is a home computer. Thanx for any help.

 

[plun]

Hi

Removal procedures for Vundo infests.

http://forum.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=50366

or/and

http://www.bleepingcomputer.com/forums/topic18610.html
Or/and

http://wiki.castlecops.com/Malware_Removal:_Virtumundo


Can MS please include Smitfraud and Vundo removals... !!!


regards
plun

 

[Dave M]

You probably have a Vundo type infection/scam trying to get you to download
a Rogue anti-spyware product (WinFIxer, WinAntiVirus and/or
WinAntiSpyware). See this advice:

http://forum.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=50912

 

[Guest]

Also, when I get off the net and go to Nortons to do a cache cleanup, it
tells me a browser is running in the background and will have to be shutdown
in order to run this. Also noticed I am getting weird popups, from game
places. AARGGGG.

 

[Guest]

I submitted a Hijack log thing as I have no idea how to run these fixes.
Thanx to all for the help and will let U know how it goes.

 

[Randy Knobloch]

:

Can MS please include Smitfraud and Vundo removals... !!!

MS watch these groups very closely, Plun - rest assured that from
MVP feedback and what MS finds as required for Defender definitions
some of these parasites will eventually be included.

Regards,
Randy


--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[plun]

Hi Randy

Well....

About Vundo and Smitfraud both MVPs and MS must have
"eye protection" (like racing horses, don´t know the name ?)

If you count Smitfraud and Vundo infests within ASAPs forum you finds
thousends of them.

Otherwise it´s maybe better to speak out loadly and
make users to understand that these infests mostly comes
from prOn, p2p, hackz and crackz and gambling....... "loud" !

I know that authoritys knows this fact at least in my country and
probably also FTC and everyone maybe thinking that someone else should
do something. Or it´s maybe unpolite to write about it ?

Also all ISPs knows that a lot of users installs broadband just to
watch prOn,to gamble and get p2p files.

But maybe this is good that we have Vundo and Smitfraud to get users
out of Internets backyard.......... ?

I don´t believe that authoritys like FTC should have something to do
with users which installs crackz and also gets a Vundo or Smitfraud
infest or installs a PUP from a "backyard" site.

Just a thought

regards
plun

 

[Guest]

Hi Plun

" About Vundo and Smitfraud both MVPs and MS must have
"eye protection" (like racing horses, don´t know the name ?) "

Let me help you out here Plun. They are called blinkers - designed to
prevent the horse from being distracted before and during the race ! Are you
suggesting our friends at MS have the same blinkered vision when it comes to
protecting us from AS ? Shame on you

Regards

Stu

 

[plun]

Hi Stu

Aha... blinkers

Well, Smitfraud and Vundo are both special infests which mostly
is spread from "dirty sites".

Every cleaning forum just "clean and clean" and within all logs you
easily can see where this "shit" comes from.

You can also see prOn tracking cookies or Spyware cookies.

And all users writes that they don´t know where they got it

Some users explains that they applied a crack or visited
a special site.........

I have helped several in my own country and a majority of them
running pirated XP copies, all PCs filled with p2p junk/goods and
a real mess with everything.

Competing cleaning forums is also a development with this and
a lot of MVPs maybe need this ......

So maybe Vundo and Smitfraud is good.

If I was MS I called Noadfear and Atribune and bought their soulution,
Done

Thats it.......

regards
plun

 

[Guest]

Hi Plun

Yes ... I understand where you are coming from with this. As for:

"If I was MS I called Noadfear and Atribune and bought their soulution,
Done "

Do you think they would get a good price?

Regards

Stu

 

[plun]

Hi

No maybe not...........

IMHO it´s pathetic with the "subculture" which now grows with
cleaning forums everywhere.

Some of them also compets with each other probably beacuse
of Google Ads incomes.....

Strange world....... we walks against TPM and Vista.

Have a nice weekend.

regards
plun

 

[Guest]

Well I submitted a Hijack to Geeks, and they had me download a Vundo fix and
Ewido security suite, plus update my Java. It took me a few hrs. to get thru
it all, but I finally got rid of whatever it was.

Good grief, aren't we safe anywhere on the net? I don't visit that many
places and run all sorts of spyware and anti virus stuff and I still get
problems, what a wacky world we live in when people have to invent things to
mess up other peoples computers. Just makes me so mad to think people have
that much time on their hands.

Enjoy your weekend, and don't forget, turn those clocks AHEAD sunday...

 

[Dave M]

Good to hear your back to healthy. Yeah that Sun Java before the current
had a hole or two in it... sigh. At least Vundo won't be able to pester
you again.

By the way, Vundo or Virtumundo has been discussed in 168
private.security.spyware newsgroup appends here since I started keeping
records back on 10/1/05, seems a common enough infection and enough time to
at least get it's signature recognized here. CounterSpy has three
Vurtumundo signatures, which must have occurred since their definition
signatures diverged from Giant/Microsoft's... not so long ago.

 

[plun]

By the way, Vundo or Virtumundo has been discussed in 168

private.security.spyware newsgroup appends here since I started keeping
records back on 10/1/05, seems a common enough infection and enough time to
at least get it's signature recognized here. CounterSpy has three Vurtumundo
signatures, which must have occurred since their definition signatures
diverged from Giant/Microsoft's... not so long ago.

Hi

Maybe it´s time for MS to do something.........

Bink posted this one:

http://www.joystiq.com/2006/03/30/sony-trounces-msft-and-nintendo-in-brand-trust-survey/

I have never seen infest from "non dirty sites" but I have seen
some IRC Java chats which uses Java exploits.

"Internet is a nice place"

regards
plun

 

[Bill Sanderson MVP]

I hear you. There are certainly MVPs in close those folks. I doubt that
there are any commercial reasons that Microsoft isn't able to remove
Vundo/smitfraud--but I'll admit to sharing your impatience--why can't we put
these guys out of business?
--

 

[Guest]

I have been infected with the stupid thing for 6 days--at first I thought it
was IE6 because it kept shutting down, then the pop ups started and I knew it
was some kind of malware, etc. In my efforts to fix it I did discover
something good though--I installed IE7 beta at some point and it removed the
problem! Of course I could not stay with it long due to some of my programs
not running (like Microsoft producer) and the inability of it to let me open
pdfs while online.
I found the Vundo fix at the Dell support site tonight and so far so good.
I also updated Java. I, like some of you, are really upset that the MS
Anitspyware did not catch this.

Shpat

 

[Guest]

My computer was acting weird for about 3 days, then when the popups started I
knew I had a problem. I have used Geeks before so I just went there right
away before I got anymore problems. I guess this stupid Vundo thing really
attacks your Java old version alot. Even though I checked it every other day
to clean it out if I needed to, guess it caught me anyway. So far the new
version I haven't seen anything in there, and hopefully I don't.

Is there a good cleaner we can use to keep some of this junk off of our
computers? I see alot of folks mention CrapCleaner, is that something U run
on your machine all the time or what? I know Geeks advised me to download
something that began with an A as a cleaner and it wasn't Ad Aware, but I
can't remember the name of it, will have to check again, as I don't know if
it is something U keep on your machine or a one time deal. Good grief, I try
so hard to keep things clean and still get nailed, VERY frustrating. Half the
time I wonder if these spyware and virus people don't put these things out
there just so U have to go buy their products. JMHO

 

[plun]

Hi JJ

Maybe, Vundo was reinfested ?

First of all, what protection are you using ?

- Antivirus ?

- Windows update OK ?

- Firewall ?

- Antispyware, probably WD, OK.

- Latest Java ? www.java.com

- Latest Macromedia ?
http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

- Clutter cleaner, Yes, CCleaner is good but uncheck Yahoos toolbar
during install ! www.ccleaner.com

- Also run Ewido, a real "state of the art" malware eater
http://www.ewido.net/en/download/

regards
plun

 

[Guest]

Hi plun..I run Nortons, which I check for updates everyday even though it is
set for automatic, do a full scan twice a week, have MAS, which I run every
morning at 11, have a firewall, Microsoft Windows with SP 1 and 2, and now
Java is updated as well as Macro, which I updated I think 2 months ago. Like
I said, as soon as anything is out, I go and get it, that is why I check here
each day also to make sure I am up to date. Thanx for the tips on the
cleaners, and best regards.....

 

[Steve Dodson [MSFT]]

If you ever run across a site which is suspect, please let us know by
sending us an e-mail to (e-mail address removed)

--
-steve

Steve Dodson [MSFT]
Windows Defender Beta Lead
MCSE, CISSP
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.