New version of WinFixer Trojan?

[Guest]

I eliminated the Trojan.vundo per the Symantec website about 2 months ago.
Have had no issues until yesterday. The virus isn't detected by Norton.
I followed all the steps and the vundo.exe fix didn't find anything on my
computer.
I rebooted, turned the system restore back on and lo an behold, WinFixer is
back in force! Please....is this a new variant that can't be tracked? Any
new fixes out there anybody knows about?

 

[Leythos]

I eliminated the Trojan.vundo per the Symantec website about 2 months ago.
Have had no issues until yesterday. The virus isn't detected by Norton.
I followed all the steps and the vundo.exe fix didn't find anything on my
computer.
I rebooted, turned the system restore back on and lo an behold, WinFixer is
back in force! Please....is this a new variant that can't be tracked? Any
new fixes out there anybody knows about?

Load the latest virus defs by doing a live update, disable system
restore, reboot in safe mode, run a FULL SCAN using NAV again.

 

[Guest]

Thanks!! So far, following your steps appear to have eliminated Win Fixer
2005!!!

 

[Leythos]

Thanks!! So far, following your steps appear to have eliminated Win Fixer
2005!!!

That's very good to hear. When you suspect that you have malware on your
computer, if you can, run a update of your virus software, update your
spyware removal tool, then, disable System Restore, and then boot into
safe mode and run the AV and anti-spyware tools.

There are a few instances where even safe mode doesn't stop the malware
and if you can boot using recovery console mode you can get into the
folder where the malware lives and delete it, then reboot in safe mode,
and that will remove it.

 

[Bert Kinney]

Hi Leythos,

System Restore should NOT be disabled before removing virus or malware
infection.

If something goes wrong in the virus/malware removal process you will
have no way to reverse your actions. Sometimes the removal process can
be more damaging to the system than the infection. Two examples would be
if the system became unbootable, or if the ability to connect to the
internet to retrieve additional cleaning utilities is lost. So it is a
good practice to leave System Restore intact until the cleaning process
is over.

Warning: Just don't forget to purge all existing restore points after
the cleaning is complete.

 

[Leythos]

Hi Leythos,

System Restore should NOT be disabled before removing virus or malware
infection.

If something goes wrong in the virus/malware removal process you will
have no way to reverse your actions. Sometimes the removal process can
be more damaging to the system than the infection. Two examples would be
if the system became unbootable, or if the ability to connect to the
internet to retrieve additional cleaning utilities is lost. So it is a
good practice to leave System Restore intact until the cleaning process
is over.

Warning: Just don't forget to purge all existing restore points after
the cleaning is complete.

I disagree, if it's so damaged that you need one of those earlier System
Restore points then it's time to do a reinstall. System Restore points
can and DO become infected with Malware.

Until MS makes the System Restore points malware free I will continue to
suggest that System Restore be disabled before cleaning.

 

[Bert Kinney]

I disagree, if it's so damaged that you need one of those earlier
System Restore points then it's time to do a reinstall. System
Restore points can and DO become infected with Malware.

Leaving the restore points intact is a safety net. It gives one a change
to start the cleaning process over. I see no good reason to purge
restore before the system is clean.

 

[Bert Kinney]

Here are a couple more opinions:

AumHa Forums: Purging old System Restore points
http://aumha.net/viewtopic.php?t=15265&sid=f99fc4aceedff192a5242516fe78cd83

System Restore and malware removal - what is best practice?
http://msmvps.com/spywaresucks/archive/2005/09/17/66724.aspx