This content has been marked as final. Show 7 replies
Without mentioning specific details it's hard to say anything what is wrong or has happened with the computer. Hopefully all is well now. For a 2nd opinion you can always try to do an online scan as here, and see what they say.
Any suspicious looking files can be submitted to sites like VirusTotal, Jotti or MS Malware Protection Center
I have the same Trojan on one of my pc's and running McAfee scans does noting for me. Occansionally it tells me it blocked and removed but as you stated this is really not ture. I was reading a Vundo article on Wiki and it suggested that you use PCTools Spy Doctor for removal. I down loaded a free copy and ran a scan. It found many incidents of the Trojon but of course would not let me remove it unless I purchased a registerd copy of their software. It costs $50 to download. I am thinking of asking McAfee for my money back for "Total Protection" and then purchasing Spy Dpctor and see if it really works.
There isn't an anti-virus on the market that can catch everything, especially Vundo, whose makers issue new variants thereof on a daily basis.
There are, however, many anti-spyware tools which are specialised and can remove Vundo, and are FREE.
SuperAntiSpyware and MalwareBytes, to name just two, both of which are listed on our forum here: http://community.mcafee.com/showthread.php?t=136913
You wasted your money buying Spy Doctor. It isn't even recommended. Hope they have a money-back guarantee (PC Tools usually do I believe).
Thanks for the link....i will try that. MTW....I didn't purchase Spy Dr, only was going to consider it since it sounded as if it would remove the Trojan.
We are getting hit with Vundo variants. It's nice and easy for an average home user to use the free spyware tools, but in an environment with 7,200 machines it's a pain in the butt when 20 of them end up getting Vundo in one day. 20 out of 7,200 doesn't seem bad, but when you have say 10 desktop personnel working on reimaging or repairing 20 infected machines, other helpdesk calls start to build up.
I am getting a LOT of questions from Managers about why this is happening. They come to me as I run the EPO server, looking for help or trying to understand why an up to date machine would get infected by something like this. I understand a new variant comes out and blah blah blah, but it does seem like McAfee could step up efforts to fight this menace to society.
You'd be well advised to post this in the Corporate area.
You are probably getting this virus from an exploit in a 3rd party plugin like older versions of Flash, Acrobat, and/or Java. Also, the end user must take action (visiting questionable/exploited web sites) for infection.
As the epo admin, you may want to implement a policy to filter traffic or use VSE's application rules to block the registry entries for IE addons, winlogon, userinit, appinit_dlls, and kernel driver installation.
This could break the installation of some new programs but most will not add or change those entries. You may want to try setting VSE to only report so you can test to see what would be affected.
By blocking those entries, you can stop most all unknown kernel and usermode rootkits/malware from installing. Of course if you ever needed to do a software install, you could turn the rules off and continue normally.