Jump to content
BrendanAdams

Adware.Vundo/Variant

Recommended Posts

Of course I cannot assert this is a false positive, but some elements make me doubt. Here is the Scan Log :

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/27/2009 at 04:46 PM

Application Version : 4.25.1012

Core Rules Database Version : 3730

Trace Rules Database Version: 1700

Scan type : Complete Scan

Total Scan Time : 00:55:09

Memory items scanned : 549

Memory threats detected : 0

Registry items scanned : 5347

Registry threats detected : 0

File items scanned : 69819

File threats detected : 1

Adware.Vundo/Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A5740467-EE62-4655-B9D9-14B2812FC30B}\RP68\A0030040.DLL

1) I scan my computer with SAS everyday, and it's the first time it detects this ;

2) SAS pro's realtime protection is enabled, and didn't detect anything ;

3) I also have Outpost, Malwarebytes and Prevx Edge, and none of them detects it (realtime or on-demand scanner) ;

4) My browser (Opera) is always sandboxed.

So there are 2 possibilities :

1) That's actually a malware, and it had been on my system before SAS pro's latest update enabled it to detect it ;

2) It's a false positive.

Now it's quarantined, but I'll decide what to do with it once I'm confirmed what it is, lol. Thanks :)

Share this post


Link to post
Share on other sites

A few hours ago today I did a complete scan and also came up with two adware.vundo/variant that I did not have before. I'm not sure exactly what the path was. I use comodo hips on paranoid, avast!, sandboxie, and have never gotten any viruses. I went through the process and SAS said it needed to restart to complete removal. It blinked blue screen during shutdown and now it goes through the vista loading bar and then blinks another blue screen and restarts. It does the same thing trying to get into safe mode. What do you recommend I do? I trusted SAS and now my only hope is the vista recovery cd or a reformat.

Share this post


Link to post
Share on other sites

Sorry for bumping an old thread, but I to have received this after installing SAS. Here's my log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 02/12/2009 at 03:45 PM

Application Version : 4.25.1012

Core Rules Database Version : 3754

Trace Rules Database Version: 1718

Scan type : Quick Scan

Total Scan Time : 00:11:18

Memory items scanned : 468

Memory threats detected : 0

Registry items scanned : 323

Registry threats detected : 0

File items scanned : 10444

File threats detected : 1

Adware.Vundo/Variant

E:\SYSTEM VOLUME INFORMATION\_RESTORE{AF94C97E-8893-463C-90AD-F08D77A08F79}\RP4\A0000248.DLL

The E:\ is my data drive, I don't quite understand how that has been infected.

All help appreciated.

Share this post


Link to post
Share on other sites

Jahn, I've one question regarding this. I've recently formatted my c:\ (windows xp), my e:\ was unplugged during the installation. ZoneAlarm and AVG free were installed prior to connecting my e:\ -- so ultimately I'd like to know (if this weren't a false positive) what the chances of this threat having had spread any further. Ad-aware, AVG, ComboFix, MBAM and SAS haven't shown any signs of a threat what-so-ever after the deletion of the original detection. Thanks!

Share this post


Link to post
Share on other sites

You're welcome. Pretty likely, unfortunately. Vundo is an older malware with many new variants and means of propagation. However, I do believe that at some point AVG resident protection would have warned you (had this been a real infection).

You already have quite a bit of A/S protection. If you don't already use a hosts file, I would recommend the one at MVPS. If you use Internet Explorer, I would also recommend adding SpywareBlaster. Neither uses any system resources, but are very effective at preventing infection in a layered defense strategy.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×