Re: trojan.vundo.b

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/30/05 

Date: Sat, 30 Apr 2005 13:55:39 -0400

From: "ChrisB" <chis@wanadoo.co.uk>

| A friend has the same problem. We even downloaded the 'fix' from symantec
| which didn't work.
|
| Did this work for you? Will try it.
|

I have had reports from many indicating it works.
Attached is a log from one infected person indicating is was cleaned. 

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
begin 666 ScanReport.HTML
M/$A434P^/$A%040^/%1)5$Q%/E9I<G5S(%-C86X@4F5P;W)T($9I;&4\+U1)
M5$Q%/CPO2$5!1#X\0D]$62!"1T-/3$]2/2-F9F9F9F8^/$@Q($%,24=./4-%
M3E1%4CY6:7)U<R!38V%N(%)E<&]R="!&:6QE/"](,3X\2#(@04Q)1TX]0T5.
M5$52/CQ(4CY6:7)U<R!38V%N($EN9F]R;6%T:6]N/$A2/CPO2#(^/%!213X-
M"DUC069E92!6:7)U<U-C86X@9F]R(%=I;C,R('8T+C0P+C -"D-O<'ER:6=H
M=" H8RD@,3DY,BTR,# T($YE='=O<FMS($%S<V]C:6%T97,@5&5C:&YO;&]G
M>2!);F,N($%L;"!R:6=H=',@<F5S97)V960N#0HH-# X*2 Y.#@M,S@S,B @
M3$E#14Y3140@0T]062 M(%-E<" R,R R,# T#0H-"E-C86X@96YG:6YE('8T
M+C0N,# @9F]R(%=I;C,R+@T*5FER=7,@9&%T82!F:6QE('8T-#@P(&-R96%T
M960@07!R(#(Y(#(P,#4-"E-C86YN:6YG(&9O<B Q,C4P,C4@=FER=7-E<RP@
M=')O:F%N<R!A;F0@=F%R:6%N=',N#0H\+U!213X\2#(@04Q)1TX]0T5.5$52
M/CQ(4CY6:7)U<R!38V%N(%)E<W5L=',\2%(^/"](,CX\4%)%/@T*57-I;F<@
M0SI<;6-A9F5E7$585%)!+D1!5"!T;R!S8V%N(&9O<B R(&%D9&ET:6]N86P@
M=FER=7,H97,I+@T*#0H-"@T*,#0O,CDO,C P-2 @,3<Z,C<Z,#4-"@T*#0I/
M<'1I;VYS.@T*+T%$3" O54Y:25 @+U=)3DU%32 O4U5"("]!3D%,65I%("]0
M04Y!3%E:12 O4U1214%-4R O0TQ%04X@+T%,3" O1$5,("]04D]'4D%-(" O
M34E-12 O2%1-3" B0SI<34-!1D5%7%-#04Y215!/4E0N2%1-3"(-"@T*4V-A
M;FYI;F<@0SH@6TU!24XR,# P70T*0SI<,2YE>&5<,# P,#!C-S N15A%("XN
M+B!&;W5N9"!T:&4@1&]W;FQO861E<BU:32!T<F]J86X@(2$A#0H@(" @(" @
M(%1H92!F:6QE(&]R('!R;V-E<W,@:&%S(&)E96X@9&5L971E9"X-"B @(" @
M(" @5&AE(&%R8VAI=F4@:&%S(&)E96X@9&5L971E9"X-"E-C86YN:6YG($,Z
M7"HN*@T*0SI<1&]C=6UE;G1S(&%N9"!3971T:6YG<UQD<W%U:7)E<UQ!<'!L
M:6-A=&EO;B!$871A7%-U;EQ*879A7$1E<&QO>6UE;G1<8V%C:&5<:F%V87!I
M7'8Q+C!<:F%R7$EP:7A6:65W97(N:F%R+3%E83$U-6,W+3$S,&8V,V(R+GII
M<%Q"3"Y#3$%34R N+BX@1F]U;F0@<&]T96YT:6%L;'D@=6YW86YT960@<')O
M9W)A;2!!9'=A<F4M5&]P36]X:64N#0I#.EQ$;V-U;65N=',@86YD(%-E='1I
M;F=S7&1S<75I<F5S7$%P<&QI8V%T:6]N($1A=&%<4W5N7$IA=F%<1&5P;&]Y
M;65N=%QC86-H95QJ879A<&E<=C$N,%QJ87)<27!I>%9I97=E<BYJ87(M,65A
M,34U8S<M,3,P9C8S8C(N>FEP7$).+D-,05-3("XN+B!&;W5N9"!P;W1E;G1I
M86QL>2!U;G=A;G1E9"!P<F]G<F%M($%D=V%R92U4;W!-;WAI92X-"D,Z7$1O
M8W5M96YT<R!A;F0@4V5T=&EN9W-<9'-Q=6ER97-<07!P;&EC871I;VX@1&%T
M85Q3=6Y<2F%V85Q$97!L;WEM96YT7&-A8VAE7&IA=F%P:5QV,2XP7&IA<EQ)
M<&EX5FEE=V5R+FIA<BTQ96$Q-35C-RTQ,S!F-C-B,BYZ:7!<0E N0TQ!4U,@
M+BXN($9O=6YD('!O=&5N=&EA;&QY('5N=V%N=&5D('!R;V=R86T@061W87)E
M+51O<$UO>&EE+@T*0SI<1&]C=6UE;G1S(&%N9"!3971T:6YG<UQD<W%U:7)E
M<UQ!<'!L:6-A=&EO;B!$871A7%-U;EQ*879A7$1E<&QO>6UE;G1<8V%C:&5<
M:F%V87!I7'8Q+C!<:F%R7$EP:7A6:65W97(N:F%R+3(S.#DP,3DR+35C,F8V
M8C,X+GII<%Q"3"Y#3$%34R N+BX@1F]U;F0@<&]T96YT:6%L;'D@=6YW86YT
M960@<')O9W)A;2!!9'=A<F4M5&]P36]X:64N#0I#.EQ$;V-U;65N=',@86YD
M(%-E='1I;F=S7&1S<75I<F5S7$%P<&QI8V%T:6]N($1A=&%<4W5N7$IA=F%<
M1&5P;&]Y;65N=%QC86-H95QJ879A<&E<=C$N,%QJ87)<27!I>%9I97=E<BYJ
M87(M,C,X.3 Q.3(M-6,R9C9B,S@N>FEP7$).+D-,05-3("XN+B!&;W5N9"!P
M;W1E;G1I86QL>2!U;G=A;G1E9"!P<F]G<F%M($%D=V%R92U4;W!-;WAI92X-
M"D,Z7$1O8W5M96YT<R!A;F0@4V5T=&EN9W-<9'-Q=6ER97-<07!P;&EC871I
M;VX@1&%T85Q3=6Y<2F%V85Q$97!L;WEM96YT7&-A8VAE7&IA=F%P:5QV,2XP
M7&IA<EQ)<&EX5FEE=V5R+FIA<BTR,S@Y,#$Y,BTU8S)F-F(S."YZ:7!<0E N
M0TQ!4U,@+BXN($9O=6YD('!O=&5N=&EA;&QY('5N=V%N=&5D('!R;V=R86T@
M061W87)E+51O<$UO>&EE+@T*0SI<1&]C=6UE;G1S(&%N9"!3971T:6YG<UQD
M<W%U:7)E<UQ!<'!L:6-A=&EO;B!$871A7%-U;EQ*879A7$1E<&QO>6UE;G1<
M8V%C:&5<:F%V87!I7'8Q+C!<:F%R7$EP:7A6:65W97(N:F%R+3,S,&$R9#<T
M+3,S9#=B-3@V+GII<%Q"3"Y#3$%34R N+BX@1F]U;F0@<&]T96YT:6%L;'D@
M=6YW86YT960@<')O9W)A;2!!9'=A<F4M5&]P36]X:64N#0I#.EQ$;V-U;65N
M=',@86YD(%-E='1I;F=S7&1S<75I<F5S7$%P<&QI8V%T:6]N($1A=&%<4W5N
M7$IA=F%<1&5P;&]Y;65N=%QC86-H95QJ879A<&E<=C$N,%QJ87)<27!I>%9I
M97=E<BYJ87(M,S,P83)D-S0M,S-D-V(U.#8N>FEP7$).+D-,05-3("XN+B!&
M;W5N9"!P;W1E;G1I86QL>2!U;G=A;G1E9"!P<F]G<F%M($%D=V%R92U4;W!-
M;WAI92X-"D,Z7$1O8W5M96YT<R!A;F0@4V5T=&EN9W-<9'-Q=6ER97-<07!P
M;&EC871I;VX@1&%T85Q3=6Y<2F%V85Q$97!L;WEM96YT7&-A8VAE7&IA=F%P
M:5QV,2XP7&IA<EQ)<&EX5FEE=V5R+FIA<BTS,S!A,F0W-"TS,V0W8C4X-BYZ
M:7!<0E N0TQ!4U,@+BXN($9O=6YD('!O=&5N=&EA;&QY('5N=V%N=&5D('!R
M;V=R86T@061W87)E+51O<$UO>&EE+@T*0SI<5TE.1$]74UQ-:6-R;W-O9G0N
M3D547&EN971V8BYD;&P@+BXN($9O=6YD('1H92!6=6YD;R!T<F]J86X@(2$A
M#0I#.EQ724Y$3U=37%-94U1%33,R7')E<2YD;&P@+BXN($9O=6YD('1H92!$
M;W=N;&]A9&5R+5I-('1R;VIA;B A(2$-"B @(" @(" @5&AE(&9I;&4@;W(@
M<')O8V5S<R!H87,@8F5E;B!D96QE=&5D+@T*#0I!(&9I;&4H<RD@<F5Q=6ER
M97,@82!R96)O;W0@=&\@8V]M<&QE=&4@=&AE(')E<&%I<BX-"EEO=2!A<F4@
M<F5C;VUM96YD960@=&\@<F5B;V]T('1H92!C;VUP=71E<BX-"@T*4W5M;6%R
M>2!R97!O<G0@;VX@0SI<*BXJ#0I&:6QE*',I#0H@(" @(" @(%1O=&%L(&9I
M;&5S.B N+BXN+BXN+BXN+B @(#@R-3 R#0H@(" @(" @($-L96%N.B N+BXN
M+BXN+BXN+BXN+BXN+B @(#<Y.3$T#0H@(" @(" @(%!O<W-I8FQY($EN9F5C
M=&5D.B N+BXN+B @(" @(" S#0H@(" @(" @($-L96%N960Z("XN+BXN+BXN
M+BXN+BXN+B @(" @(" P#0H@(" @(" @($1E;&5T960Z("XN+BXN+BXN+BXN
M+BXN+B @(" @(" R#0I.;VXM8W)I=&EC86P@17)R;W(H<RDZ(" @(" @(" @
M(" @(" @(" R#0I-87-T97(@0F]O="!296-O<F0H<RDZ("XN+BXN+BXN+B @
M(" @(" Q#0H@(" @(" @(%!O<W-I8FQY($EN9F5C=&5D.B N+BXN+B @(" @
M(" P#0I";V]T(%-E8W1O<BAS*3H@+BXN+BXN+BXN+BXN+BXN+B @(" @(" Q
M#0H@(" @(" @(%!O<W-I8FQY($EN9F5C=&5D.B N+BXN+B @(" @(" P#0H-
M"@T*5&EM93H@,# Z,C@N-3$-"@T*/"]04D4^/$A2/CQ#14Y415(^5FES:70@
M=&AE(#Q!($A2148](FAT=' Z+R]W=W<N;6-A9F5E+F-O;2(^36-!9F5E($]N
M;&EN93PO03X@5V5B(%-I=&4\0E(^3F5E9"!S;VUE(&AE;' @;W(@861V:6-E
M/R!396YD(#Q!($A2148];6%I;'1O.G1E8VAS=7!P;W)T0&UC869E92YC;VT^
M96UA:6P\+T$^('1O(%1E8VAN:6-A;"!3=7!P;W)T+CPO0T5.5$52/CPO0D]$
+63X\+TA434P^#0H`
`
end

Relevant Pages

  • Re: Symantec vs McAfee
    ... Corporate versions are not exactly readily available thru CompUSA, BestBuy or Office Depot, and with respect to Symantec, not that I consider that they are due for any, if they can make a decent corporate version, then maybe they should use funds received to improve the abysmal home version.. ... I had to pay McAfee extra $$$ for a fix, ... I had to have a friend download the fix ... I should add that the virus was in an E-mail attachment from what I thought ...
    (microsoft.public.windowsxp.newusers)
  • Re: Israels Iron Dome intercepts Gaza rocket
    ... I just forwarded Alien Ducks header information to an Israeli friend ... of mine, who works in some intelligence agency or another, indicating ... http://en.wikipedia.org/wiki/Conspiracy_ (crime) ... Repeat the lie as many times as possible ...
    (alt.machines.cnc)
  • Re: System File Checker ?
    ... message came up upon boot, indicating that "user32.dll was ... The error message you're seeing may be the result of having ... it probably will not fix your ...
    (microsoft.public.windowsxp.basics)
  • Re: Rotate causes complaint about graphics extensions...
    ... to have been causing me problems, and switching hasn't fixed anything. ... Are you indicating here that \usepackageincludes its own ... would the fix be to move the ...
    (comp.text.tex)
  • Re: [PATCH 1/2] sysfs: allow the group is_visible() method to return a mode and add an update API
    ... not only the visibility of the attributes, ... this by making the is_visiblecallback return a mode, ... indicating is not visible. ... need this to fix up the SPI transport class. ...
    (Linux-Kernel)