Can anyone help? I thought I had great protection.... I went on Hidemyass.com to enter a 911 Conspiracy site and I started getting pop ups.

My Mcaffee starts up every 5 mins and pop ups every two minutes. It is called Vundo!grb

I ran a complete system check and nothing was found. Can anyone help? (work laptop!) I.T. guy is going to be pissed.

Thanks in advance!

I have experience with that one.

First, you want a copy of this program: http://vundofix.atribune.org/

Vundo is more malware than virus. It either is a downloader or the result of a downloader, so you probably have other problems.

Vundo fix works quite well and is free. But both Vundo and Vundofix are updated regularly. The fix is normal no more than a week behind the malware in development.

Can anyone help? I thought I had great protection.... I went on Hidemyass.com to enter a 911 Conspiracy site and I started getting pop ups.

My Mcaffee starts up every 5 mins and pop ups every two minutes. It is called Vundo!grb

I ran a complete system check and nothing was found. Can anyone help? (work laptop!) I.T. guy is going to be pissed.

Thanks in advance!

:eusa_boohoo:

Hi Doubt~

Thank you for the information. WOW it took 5 different programs and almost 2 hours of scanning. So far so good....no pop ups, no alerts.... No visit to the I.T. manager!!

:relieved:

And this is why none of my users run with any more than basic user privs on any company computer.

This is why I make sure to use a program that updates and protects the hosts file (spybot search & destroy, spywareblaster from javacoolsoftware.com). And I looked for other anti-malware and anti-advertisement, and even a huge anti-porn host files to merge into it (>80% of all malware is hidden in an ad or porn), I back it up, and I sandbox the web browser (no, this doesn't slow you down).

And this is why none of my users run with any more than basic user privs on any company computer.


And why IT guys hate labs tops! They get all sorts of crud loaded on them, people take them home, hook them into all sorts of networks, all sorts of places.

In my school district the big issue is we don't limit privileges, too much complaining about it.

Then even more when we uninstall all the stuff they aren't supposed to have.

"But why can't I stream audio, use Rhapsody, bid on E-bay, have my Bluetooth synchronised !?!"

"Why doesn't my machine work any more?"

This is why I make sure to use a program that updates and protects the hosts file (spybot search & destroy, spywareblaster from javacoolsoftware.com). And I looked for other anti-malware and anti-advertisement, and even a huge anti-porn host files to merge into it (>80% of all malware is hidden in an ad or porn), I back it up, and I sandbox the web browser (no, this doesn't slow you down).

How do you sandbox, I know the basic idea, what software?

I've relied on forums.Majorgeeks.com maleware removal thread for updates on best PC practices.

And why IT guys hate labs tops! They get all sorts of crud loaded on them, people take them home, hook them into all sorts of networks, all sorts of places.

In my school district the big issue is we don't limit privileges, too much complaining about it.

My company laptops are just fine. :)

I'll see if I can't find the document I used to convince my bosses that least privileges cost the company less than having me concentrate on cleaning the bugger once I get it back. This was during a time of growth, though, so they needed my time on other things like planning and getting the systems to scale, but in today's economic environment it might prove an even stronger argument. I tended to boil it down to catchy business-talk memes, like explaining the difference between a process and a procedure to get their focus on the idea of efficiency and then pointing out how standards will produce more consistent results (and contribute to efficiency when refined).

Another idea would be to install Microsoft's SteadyState (formerly Shared Computer Toolkit) on the laptops and tell them that they must save to an external (USB flash) drive in order to save work.

I use a program called "sandboxie (http://www.sandboxie.com/)," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

I got rid of Vundo with a combination of the Malwarebytes Anti malware, CCcleaner, and Hijack this.

Had to do it in safe mode too, it's a real PITA.

I got it about 3 weeks ago, the only thing that worked was Malwarebytes anti malware. Even the vundo fix wouldn't work. I guess there are newer variants. Now I've got double-click...

I use a program called "sandboxie (http://www.sandboxie.com/)," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

Nice, I didn't know about sandboxie. I wonder if there are any programs out there to make doing the same to other programs easy.

ETA: ... and is free. I understand this program has limited abilities with other programs, but I'm wondering about something more general and open source. Windows' almost-sandboxed nature has been something that can get on my nerves quite often.

You can make sandboxie work on anything.

[Makes note of thread....puts away in future file just in case.]

You can make sandboxie work on anything.

I'm sure it can work at least nominally, but the interface seems complicated and it's not free. I was looking at it as a possibility for users, not for myself. I can sandbox stuff to the degree I need using different computers for some stuff, and using my MacBook Pro and Crossover for other things. But I can't recommend this as a simpler option for the two aforementioned reasons.

I got it about 3 weeks ago, the only thing that worked was Malwarebytes anti malware. Even the vundo fix wouldn't work. I guess there are newer variants. Now I've got double-click...

You probably got hit with the latest version. Like I stated before, Vundofix is about a week behind. The jerks that make Vundo keep changing it to counter various fixes.

My company laptops are just fine. :)

I'll see if I can't find the document I used to convince my bosses that least privileges cost the company less than having me concentrate on cleaning the bugger once I get it back. This was during a time of growth, though, so they needed my time on other things like planning and getting the systems to scale, but in today's economic environment it might prove an even stronger argument. I tended to boil it down to catchy business-talk memes, like explaining the difference between a process and a procedure to get their focus on the idea of efficiency and then pointing out how standards will produce more consistent results (and contribute to efficiency when refined).

Another idea would be to install Microsoft's SteadyState (formerly Shared Computer Toolkit) on the laptops and tell them that they must save to an external (USB flash) drive in order to save work.


Yeah, we are considering the Steady State on the desktops, it has some issues (like having to install printers everyday), the issue is that staff don't want IT to limit the scope of what they can do. (It is a school distrcit which is very different from a private company), heck the pricipals got all pissy when they had the thumb locks onthe new machines diabled (Duh, it we need your thumb to unlock the machine it makes maintainence very hard.)

Also we only have seven techs in a large district, they don't want to be bothered with all the minutia of installing software for each class room.

I use a program called "sandboxie (http://www.sandboxie.com/)," recommended to me by users at the NoScript forums -- but at the same time, my firewall is zonealarm, and I set firefox.exe to be forbidden to engage in unsafe interactions outside of it's own profile. I'd use Tor for anonymization, but I don't think there's many tor servers around here as it really does slow me the heck down.


Hey funny thought, since google's browser Chrome has native sandboxing which has foiled all pc hacking attempts, do you think there are people out there who still put the browser inside of another sandbox? and sit back in their big ol' gaming chairs and laugh maniacally at how they've built some kind of fortress nobody wants to invade just yet?

Thanks.

I've relied on forums.Majorgeeks.com maleware removal thread for updates on best PC practices.


Yay Geeks!

Yeah, we are considering the Steady State on the desktops, it has some issues (like having to install printers everyday), the issue is that staff don't want IT to limit the scope of what they can do. (It is a school distrcit which is very different from a private company), heck the pricipals got all pissy when they had the thumb locks onthe new machines diabled (Duh, it we need your thumb to unlock the machine it makes maintainence very hard.)

Also we only have seven techs in a large district, they don't want to be bothered with all the minutia of installing software for each class room.

If the printers are network devices, I can give you a script to add the printers at logon. If installed locally, then just have them set up prior to the steadystate image. Same goes for the installed software. Essentially, in cases like these logon scripts and group policy settings are your friend.

If the printers are network devices, I can give you a script to add the printers at logon. If installed locally, then just have them set up prior to the steadystate image. Same goes for the installed software. Essentially, in cases like these logon scripts and group policy settings are your friend.


I am sort of aware of that, however i am a teacher's aide. I have very low permissions and some directory access. the issue is that the tech has a bunch of other buildings and machines to deal with, and how to say this, they are sort of grumpy about stuff like that.

I think that is great that there is a solution however, I can mention it to the tech and se if he will go for it.

(I know enough to get in trouble, but not enough to do anything on the server level. Or scripts, those have to come from the director of IT.)

I am sort of aware of that, however i am a teacher's aide. I have very low permissions and some directory access. the issue is that the tech has a bunch of other buildings and machines to deal with, and how to say this, they are sort of grumpy about stuff like that.

I think that is great that there is a solution however, I can mention it to the tech and se if he will go for it.

(I know enough to get in trouble, but not enough to do anything on the server level. Or scripts, those have to come from the director of IT.)

Ahh, okay. I understand now. Well, you can maybe mention it, but there may or may not be a very good reason why they don't do it that way. I have all my systems under pretty decent lockdown, but on the other hand I don't administer a school system. Different environments might require different measures.

Hey I never did say I payed for Sandboxie now did I?

Big problems with this one – Major Geeks took a half-minute to load and the links on their page wouldn’t work. Every time I shut down I’d see rundll32.exe not able to quit message box. Finally drove to the library for a few downloads then got rid of it.

You probably got hit with the latest version. Like I stated before, Vundofix is about a week behind. The jerks that make Vundo keep changing it to counter various fixes.

I did. I got a fresh torrent of AutoCad2009 and paid the consequences. My trial had run out and I had a project due so I paid the price. I deserved it.