WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via WL/MSN Messenger banner ads

TheMSsForum.com: The Microsoft Software Forum

WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via MSN
Messenger banner advertisements
http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx

<QP>
I strongly recommend that all users of MSN Messenger ensure that their
anti-virus and anti-spyware applications are up to date. Do not click on
any buttons in pop-up windows that you may see, and do not believe Web sites
that report that they have found a problem on your computer - seriously, how
the hell would they be able to tell?

Do not click on OK or Cancel buttons in the pop-up windows. Close the
window using the red x close button.

I also strongly recommend that MSN Messenger users download and install Mike
Burgess's HOSTS file to help block winfixer and other bad guys. You can
find Mike's famous HOSTS file here:
http://www.mvps.org/winhelp2002/hosts.htm
</QP>

How To Remove Winfixer (Vundo) variants
http://www.bleepingcomputer.com/forums/topic18610.html

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
Top

RE: WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via by MarioP

MarioP
Tue May 08 03:55:00 CDT 2007

I have been infected with vundo.trojan. I use McAfee anti-virus and it
sometimes detect it. I also use Windows Defender, but it always says the
computer is running normally...
It also chages IE Privacy to the lower level, allowing everything to get in.

I think this could be an IE /Windows Defender weakness, couldn't it?

Mario


"PA Bear" wrote:

> WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via MSN
> Messenger banner advertisements
> http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx
>
> <QP>
> I strongly recommend that all users of MSN Messenger ensure that their
> anti-virus and anti-spyware applications are up to date. Do not click on
> any buttons in pop-up windows that you may see, and do not believe Web sites
> that report that they have found a problem on your computer - seriously, how
> the hell would they be able to tell?
>
> Do not click on OK or Cancel buttons in the pop-up windows. Close the
> window using the red x close button.
>
> I also strongly recommend that MSN Messenger users download and install Mike
> Burgess's HOSTS file to help block winfixer and other bad guys. You can
> find Mike's famous HOSTS file here:
> http://www.mvps.org/winhelp2002/hosts.htm
> </QP>
>
> How To Remove Winfixer (Vundo) variants
> http://www.bleepingcomputer.com/forums/topic18610.html
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
> analysis, not here.**
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
>
>
Top

Re: WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed by Malke

Malke
Tue May 08 07:57:59 CDT 2007

MarioP wrote:
> I have been infected with vundo.trojan. I use McAfee anti-virus and it
> sometimes detect it. I also use Windows Defender, but it always says the
> computer is running normally...
> It also chages IE Privacy to the lower level, allowing everything to get in.
>
> I think this could be an IE /Windows Defender weakness, couldn't it?

You responded to an ancient thread. Next time make a new post.

To remove the Vundo trojan, go through the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Then do the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Winfixer

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigStoreUSA). Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed
up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Top