Saturday, 13 December 2008

Banishing the Vundo Trojan

If your browsers have started playing up and are opening up new tabs whenever you Google something and these new tabs in turn are redirecting themselves to random sites that you in your normal sense would never visit then chances are high that you are a host to the Vundo Trojan. While the infection appears to stem from a vulnerability in Java 1.5.0_7, I found the infection on a system that was running a much more advanced version (of Java) and so it is highly probable that a new loophole is being exploited.

On the infected machine, Vundo was able to infect and control the behaviour of Firefox, IE and Chrome. An annoying symptom of the infection was random popups and new windows that redirected themselves to and forcibly tried to install AntiVirus 360 (what's that??) on the machine. The key diagnostic tool that was able to catch these infections was PC Tool's SpyDoctor but since the FREE version only performed a scan and required a paid version for the removal, I tried MalwareByte's Anti Malware version 1.31. This tool successfully located and removed the infections. So if you are facing the same problem, head down to MalwareByte and try out the tool but be aware that the tool only locates and fixes existing infections. To guard against getting infected, keep your SpyDoctor's IntelliGuard setting ON.

No comments: