Virtumonde hiding itself from AV scanners

 CastleCops -> Unknown Files
Author: DeadMan3000Location: UK PostPosted: Sat Jun 14, 2008 9:00 pm    Post subject: Virtumonde hiding itself from AV scanners
Hi. New here. But I just had a brush with Virtumonde. Still trying to figure out if I have removed it all at present. However I think I caught it today from a dodgey warez file (I deserve what I get I guess).

It's on a public torrent site and comments reported it to have passed many AV scans (But you cannot trust people who make comments like that anyhow).

I was wondering about posting the link to the torrent so someone could take a look at it. Or would that be a rule violation?
Author: nosirrahLocation: USA PostPosted: Sat Jun 14, 2008 9:39 pm    Post subject:
If you do , do it one of these ways :

http://www.virustotal.com/

http://www.virustotal.com/

hxxp://www.virustotal.com/

Anything like this will make it so it cant be directly clicked .
Author: IP: 87.74.*.* PostPosted: Sat Jun 14, 2008 11:54 pm    Post subject:
I'm thinking that vundo was in the setup.exe file which is autoexecuted via the rar self executing file. If you rename the file to rar or zip and open it it shows the setup.exe file and the file that installs the application. You can install the application without setup.exe so that is why I believe that is the culprit. To prevent spreading 'warez' I am going to upload the setup.exe only to rapidshare renamed as vundo.vir and leave it to whomever wishes to look at it to rename it if they need to.

I'd be interested to know if this really is where I caught the trojan or not. Otherwise it is in the warezed application itself which I would prefer not to infringe further by distributing (Suddenly I have an attack of morals).

hxxp://rapidshare.de/files/39721981/vundo.vir.html
Author: tetak PostPosted: Sun Jun 15, 2008 12:34 am    Post subject:
The file you uploaded is malware. I've added it to the malware listserv.

CastleCops Link/p1098585-MD5_ede8de02b67e988a7a7218a210645664.html
Author: hjtuserLocation: USA PostPosted: Mon Jun 23, 2008 9:50 pm    Post subject: vundo
It can become disguised in practically any warez. I just got it embedded in ACAD 08.

Pesky little critter, although norton "cough" it, browser still fires up random pages -the notoriously fake security pages- so at least it's half there.

Oh btw, MS updates are fried too, can't get the Service to run but it could be unrelated to Vundo.
Confused
Author: tetak PostPosted: Mon Jun 23, 2008 10:46 pm    Post subject:
You could try removing the rest of the malware with this http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Have you had any luck getting Windows Update to work? If not it's worth spending some time trying to fix it.
CastleCops -> Unknown Files

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group