![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
BlindedByScience
More Human than Human
- Joined
- May 26, 2000
- Messages
- 9,225
Guys - greetings. I'm pretty good with the hardware side of things but maybe you can teach me a thing or two about Vundo and the "AntiSpyware2008" crap that seems to be going 'round.
We have a vanilla NAT router and I've been running McAfee V8.0 as my virus scanner. I've been running Firefox as my browser and hadn't even seen a virus in years. Guess my luck finally ran out. Last week, I got hit with the Vundo malware and about two days later, got hit with the "AntiSpyware2008" variant. I ran Windows Defender and MBAM several times with the system restore turned off (XP Pro here) and deleted all the cache files in both Firefox and IE. I ran MBAM in safe mode and it didn't find jack, but when I ran it under "normal" Windows, it found what I'd expect it to find for these trojans and deleted them. Interesting, but deleted is deleted. Figured I was good.
I am pretty sure I left Firefox running overnight and I am assuming that's how the trojan got in. Am I right?
Woke up this morning and Defender had found and deleted Vundo again. Now, I'm very sure that the browser and e-mail were both off last night and there was no internet connectivity.....that I'm aware of. So, I guess there are at least a couple of possibilities;
- The trojan(s) installed a back door that's running and letting this crap in.
- I didn't manage to get it fully cleaned up and it went active again.
Any suggestions and learning you guys could offer would be appreciated; thanks in advance.
We have a vanilla NAT router and I've been running McAfee V8.0 as my virus scanner. I've been running Firefox as my browser and hadn't even seen a virus in years. Guess my luck finally ran out. Last week, I got hit with the Vundo malware and about two days later, got hit with the "AntiSpyware2008" variant. I ran Windows Defender and MBAM several times with the system restore turned off (XP Pro here) and deleted all the cache files in both Firefox and IE. I ran MBAM in safe mode and it didn't find jack, but when I ran it under "normal" Windows, it found what I'd expect it to find for these trojans and deleted them. Interesting, but deleted is deleted. Figured I was good.
I am pretty sure I left Firefox running overnight and I am assuming that's how the trojan got in. Am I right?
Woke up this morning and Defender had found and deleted Vundo again. Now, I'm very sure that the browser and e-mail were both off last night and there was no internet connectivity.....that I'm aware of. So, I guess there are at least a couple of possibilities;
- The trojan(s) installed a back door that's running and letting this crap in.
- I didn't manage to get it fully cleaned up and it went active again.
Any suggestions and learning you guys could offer would be appreciated; thanks in advance.