Pages

Saturday, February 23, 2008

VundoFix 6.7.08

VundoFix is a removal tool for Virtumonde - aka Winfixer.

VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.

Vundofix Screenshot

http://www.atribune.org/public-beta/VundoFix.exe

To use Vundofix:
- Download the file and then double-click *VundoFix.exe* to run it.
- Put a check next to *Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click *OK*
- When VundoFix re-opens, click the *Scan for Vundo* button.
- Once it's done scanning, click the *Remove Vundo* button.
- You will receive a prompt asking if you want to remove the files, click *YES*
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click *OK*.
- Turn your computer back on.

VundoFix 6.7.08
File Size: 129KB
Language: English
OS: Win2000/XP/2003
License: Free
Homepage: http://www.atribune.org/

More Info: http://vundofix.atribune.org/



Another great Freeware tool is Multi Temp File Cleaner 'ATF-Cleaner'

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

Notes for Windows Vista users:

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.

Homepage: http://www.atribune.org/content/view/25/2/
Download: http://www.atribune.org/public-beta/ATF-Cleaner.exe

I thought it's a good object to make a small compression ratio test:
original upx 2.91 packed size: 49,50 KB
uncompressed: 292,00 KB
PE trimmed: 280,50 KB
YZPack 2.0b compressed: 52,20 KB
XComp 0.98 compressed in lzma mode: 44,67 KB ( ~ 44,42 KB is possible )
FSG v2.0 compressed: 52.82 KB
PECompact 2.80 Beta 5 compressed: 45.50 KB (max settings, longest comp time from all except upx with max comp settings)
UPX 3.02w compressed: 45.50 KB (all possible combinations, longest compression time from all)
Remark: VirtualProtect

2 comments:

VundoFixer said...

I needed to get a real vundo infection for testing purposes. It took me less than fifteen minutes of googling, downloading and installing a piece of software that contained embedded code of Trojan Vundo. It's no surprise McAfee VirusScan showed no signs of infection - yet errors started popping up, one of them being a software.php file which Windows was unable to open (that's natural - a don't have a Win32 PHP parser installed). Just
curious what Vundo can make if it executes a php code?.. Also, the parasite quickly created a folder in Program files, settled in restore point, places autorun entries in the registry, etc. No wonder this is a hard to remove trojan.

Anonymous said...

Please send a comment with your email. Can send you a few files to analyse.
I must say im very angry about Kaspersky support as I did send them a active real trojan. It was already by most scanners according to virustotal in year 2007 founded, Kasperky answer they could not found any virus inside the small armadillo packed proteckted dll file. I understand it is hard to unpack some armadillo packed files but don't they come on the idea that possible run dll as apllication will activate the trojan and inject winsock with 2 entries. Microsoft did not responce after i send them 2 viruses which i found in p2p networks include virustotal analyses where already 7 scanner detect these files meanwhile microsoft germany support asked me if the usa research lab have add them to the database.
Thants my expirience about submitting founded viruses to av labs.

Post a Comment