Create an Account
username: password:
  MemeStreams Logo

RE: Vundo/VirtuMonde removal tool


RE: Vundo/VirtuMonde removal tool
by Dagmar at 10:47 pm EST, Dec 28, 2007

DrArkaneX wrote:
Just added this up today, it's been on my skull the last few months and just decided to put it up. Bleeping computers removal is not as effective so I had to go old school on this one...

You really need to double-check your stuff on that page. let me make something clear.

Javascript isn't the mechanism for this. Javascript (at least with FireFox) can't go altering host OS files. If you find a way to do this with JavaScript and can prove it, there's people reading this site who would really like to know about it (and that's putting it mildly).

Third party browser plugins containing vulnerable code can be used, and are being used, as a avenue for infection of vulnerable PCs.

...and for that matter, Bleepingcomputer's fix worked fine here. Perhaps you downloaded an older version of it and haven't revisited the issue since it's been updated, I dunno.

If you prevent the bloody thing from loading by removing it's hooks from the registry, you'll find you don't actually have to use any special tool to bypass the file locking mechanism... It can be ripped out in Safe Mode in just one pass by running the two tools at Bleeping Computer one after the other, just like they say.

Crap cleaner is not necessary for this, and that's not it's job anyway. People should scan with a working virus scanner of their choosing to try to be sure the system's clean.

...and changing the administrator password to blank is not a useful method for reenabling the use of regedit. However, if a user boots to safe mode so they can login as Administrator, they can just go hunting for the 'DisableRegistryTools' value. If Administrator has somehow been explicitly disallowed the use of regedit due to acts of whatever, there's live CDs around that can be used to modify the registry anyway, as well as a few free third-party tools that will just kick that value out of the registry, as the policy only prevents regedit and regedit32 from being run--it doesn't actually make the registry read-only.

RE: Vundo/VirtuMonde removal tool

Powered By Industrial Memetics