Vundo Sux!

Whoever is responsible for Vundo needs to DIE! This is the most annoying little piece of shit I have ever seen in my life.

Norton is useless against it. When my user caught Vundo, Norton Internet Securiy decided to remind him about this virus every 5 seconds popping big warning dialog, and happily explaining that it cannot fix the problem. Annoying as shit! The virus scan is totally useless too – even in Safe Mode!

Sure, it finds the geedd.dll file but it refuses to repair it. It also refuses to quarantine it and makes a half assed attempt to remove it. By that I mean it claims to have removed it, but once you reboot the fire is still there.

Apparently Vundo, that little sucker, somehow manages to hang onto explorer.exe, winlogon.exe and rundll32.exe – so unless you suspend these processes there is no way to touch the actual payload.

If you really want to get it off your system, you should head to tomcoyote forums. The method they suggested worked for me – they have a nice little script that will suspend the windows processes, delete the offending files and then launch HijackThis for you (remember – explorer must be dead to delete that dll file) so that you can remove all the nasty registry entires. It’s a little convoluted but it works. You just need to know the 2 Vundo files that need to be deleted.

Symantec actually has an automated tool that does pretty much the same – but scans for the offending files. Why couldn’t this be included in their “Internet Security” suite is beyond me though. I guess this would make to much sense.

I’m always amazed that people are willing to pay me for doing shit like this. All I did was to use google, and then follow instructions on a website.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: