Re: Another blackworm?
- From: SueT <SueT@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 1 Apr 2006 18:03:01 -0800
What a day. I'm sure you are right.....but the IBM environment seems to
complicate this....So... I do have another question: why did my computer say
it doesn't have the virtumondo and can't find winzip? I tried to remove the
java. Then went to IBM and downloaded updates for the thinkpad software.
But that brought on even more problems....as it overwrote the software for my
wireless connection. (We had 128 wep key encription). So....I lost my
connection keys....right now I'm borrowing a neighbors' connection to get on.
BUT..... so I have tried to run the virtomondo....4x it told me it's clean.
Also that it couldn't even find winzip. I am fearful that I am making more
of a mess than help. If you see any hope in all this, let me know. I
appreciate your time. thanks.
"David H. Lipman" wrote:
From: "SueT" <SueT@xxxxxxxxxxxxxxxxxxxxxxxxx>.
| I'm also having the blackworm popup...followed by other popups....and am so
| frustrated. I used the Adawre last week, and removed all criticlal
| objects....and it scanned clean with Microsofts AntiSpy, Norton and Adaware,
| and Microsoft Malware scan....but kept getting the popups. Today, I updated
| my Microsoft SP2 and 9 optional updates....and still getting popups. Read
| other posts and realize this IS malware. I tried david's two step
| process....but I don't hve Java...would IBM java v1.4.2 cause this? Tried to
| run the adaware....got the blue screen.....said memory was corrupt as it
| scanned.....computer shut down....(3rd time its happened since all this fun
| started.) Tried again in adaware and it shut down on me again. So I
| removed adaware with intent of re-loading it. BUT....my computer won't let
| me download anything. I don't know if that is related to the SP2 update or
| the malware.
|
| I was able to do the virtumondo and it was clean.
| Any ideas? Should I uninstall the Microsoft products I updated this morning?
| THANKS SO MUCH!
| ~Sue
|
You asked if " IBM java v1.4.2 cause this" -- Yes. It is a vulnerable version of of an OEM
of Sun Java and was the causitive factor of you being infected with the Vundo Trojan. This
is what is responsible for the Backworm Pop-Ups (and/or WinAntivirus & WinAntispyware
Pop-Ups).
I don't know where this IBM Java is locatied on your PC but it needs to be removed !
Two phase answer...
Perform Part 1 then perform Part 2
If the first two parts don't work, perform the alternate utility.
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.
Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.
http://www.java.com/en/download/manual.jsp
Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049
Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe
Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.
It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.
ALTERNATE:
--------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4
Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Follow-Ups:
- Re: Another blackworm?
- From: David H. Lipman
- Re: Another blackworm?
- References:
- Re: Another blackworm?
- From: David H. Lipman
- Re: Another blackworm?
- Prev by Date: Re: Another blackworm?
- Next by Date: Re: Another blackworm?
- Previous by thread: Re: Another blackworm?
- Next by thread: Re: Another blackworm?
- Index(es):
Relevant Pages
|
|
