Re: DomainService, fotomoto, vundo: Still Infected?

From: PA Bear, MS MVP <PABearMSMVP@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Nov 2007 15:39:00 -0800

cf. http://aumha.net/viewtopic.php?t=30282
--
~Robear Dyer (PA Bear); posting via web-interface
MS MVP-Windows (IE/OE, Security, Shell/User)
AH VSOP & Admin; DTSL-ORG

"AreWeThereYet" wrote:

Thanks, I'll give this a try tonight/tomorrow!

"Malke" wrote:

AreWeThereYet wrote:

System:
- Intel 32-bit x86
- Win-XP-Pro SP2 (all updates)

Security Software (before):
- Windows Defender (up to date, daily scans, real-time protection)
- Norton 2006 AV (up to date, daily scans, real-time protection)

Security Software (current):
- Bitdefender Total Security 2008 (full-trial)
- Webroot SpySweeper (full-trial)

Primary Threats:
- Trojan.Vundo / Virtumundo
- Trojan.WinFixer
- Trojan.Fotomoto.E, Trojan.Fotomoto.F

(snippage)

Recent variants of Vundo are extremely difficult to remove. Register at
one of the following specialty forums, read the posting FAQ, and post
your HijackThis log there (not here please) for guided help.

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

References:
- Re: DomainService, fotomoto, vundo: Still Infected?
  - From: Malke

Prev by Date: Re: UNC and authentication
Next by Date: Re: now that i created a new local group
Previous by thread: Re: DomainService, fotomoto, vundo: Still Infected?
Next by thread: Re: Basic Q - how to get rid of unwanted program file!
Index(es):
- Date
- Thread

Relevant Pages

Re: userenv and NETLOGON errors
... > You can go on asking for an IPCONFIG if you wish, but I'd still ask you to ... > the lifetime of the network I wouldn't ... > I don't agree at all with the old saw you mis-quote "Security by Obscurity ... > everyone should have no problem posting their Driver's License and Social ...
(microsoft.public.windows.server.sbs)
Re: Diebold Voting Machines - Security Hole
... Thank you for posting the expanded info, ... Critical Security Hole Found in Diebold Machines Posted by Zonk on Friday ... Diebold voting systems and a standard component available at any computer ...
(comp.os.linux.security)
Re: userenv and NETLOGON errors
... From an ipconfig? ... I never knew doing that from my SBS server would ... Keep posting, I'll keep pointing out that it's FUD. ... security by obsecurity is no security at all. ...
(microsoft.public.windows.server.sbs)
Re: Security Toolbar 7.1
... Post your HijackThis log to one of the forums, ... This is a really nasty one and chances are that the machine's still infected. ... MS MVP-Windows (IE, OE, Security, Shell/User) ...
(microsoft.public.security)
RE: What is the point here?
... what is the point of posting a "second version" of a sample exploit or POC? ... We've seen several POCs posted to this list with absolutely no attempt made ... then we need to be contacting vendors of systems we breech, ... "updated" POCs unless they serve some security _improvement_ purpose. ...
(Bugtraq)