?

Log in

No account? Create an account

Tue, Oct. 9th, 2007, 01:21 pm
Cure for the Itch

For future reference, for the intellectual embetterment of others and for troubled souls searching for answers I commit this to digital bits.

I did a friend a favour the other day and helped him install some software on a phone using a SD card. Unfortunately his SD card had a virus on it (my first since, ooh, about 1993 I think) that my AV software didn't know about.

I first started noticing that things were a bit sluggish although this was Windows so ... then I did what actually turned out to be the dumb thing and rebooted.

At this point I started noticing that I was getting pop ups for WinSysProtect or similar. "Hmm," I thought. Then I started getting Error 216 dialogs everywhere. I disconnected the machine from the network immediately and went searching for answers using a handy Mac.

It appeared I had picked up a trojan called Vundo which seemed to be fairly well known. Most sites on the matter recommended a piece of software called VundoFix which I transferred using a USB key (which I promptly burnt, encased in molten glass and then dumped in a cave somewhere at sea) and sure enough it found the infected files.

The only problem was that this variant of Vundo had attached itself to the winlogon process which meant I couldn't delete it since it was "In Use". Unfortunately winlogon is practically the first thing to start up and therefore booting into SafeMode or similar doesn't help.

At this point I was facing either reformatting or risking using a Knoppix Live cd with Captive NTFS or NTFS-3G both of which made me nervous.

However I found a bit of software called Avenger which allows you to write a small script and then reboot. The script is then executed before winlogon.

This worked a treat and a subsequent thorough scan with every bit AV and Anti-Malware software I could lay my hands on indicated I was now squeaky clean.

So, if you end up in the same situation then I can recommend the above.
(Deleted comment)

Tue, Oct. 9th, 2007 10:44 pm (UTC)
deflatermouse

>Cock on toast.

Well, quite.

It does sound like a piece of Malware to be honest - the slowness is probably because it's intercepting HD read and writes or similar.