Vista Tutorial - Re: Trojan.Vundo kills activation?

06-29-2008

On Sun, 29 Jun 2008 02:17:18 -0400, Jay Moore wrote:

Quote:

> Ok, somehow..and don't ask me how...vundo managed to slip into what i
> thought was a secure system..sure, Defender detected it...but it missed the
> 4 other DLL's the process made and let them through...now i'm sitting here
> unable to detect it with scanners.
>
> Im determined to kill it, but as of now it's screwed with my windows
> activation. I rebooted and got Error 0xC004D301 - The security processor
> reported that the trusted data store was tampered.
>
> Assuming I get this cleaned...how much of a PITA is it going to be to get my
> vista back to validated or at this point am I totally screwed and it won't
> be able to be reactivated?

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo.
http://www.bleepingcomputer.com/forums/topic18610.html

06-29-2008

"Jay Moore" <dewdude@xxxxxx> wrote in message
news:0EF5F82E-53BA-4D95-AD91-F2C99F2C6B55@xxxxxx

Quote:

> Ok, somehow..and don't ask me how...vundo managed to slip into what i
> thought was a secure system..sure, Defender detected it...but it missed
> the 4 other DLL's the process made and let them through...now i'm sitting
> here unable to detect it with scanners.

http://www.physorg.com/news98802904.html

If you're not practicing safehex, then anything is possible. If the software
doesn't know about the other parts period, such as a signature to detect
them, as an example, then how is it suppose to detect anything, like DLL(s).

What happened to the anti-virus software, if one was installed? Why didn't
it catch anything? No solution is a stops all and ends all solution. And if
you think it's a stops all and ends all solution, then you have a false
sense of security. If the O/S can be fooled, then anything that runs with
the O/S can be fooled too.

http://www.claymania.com/safe-hex.html

Quote:

>
> Im determined to kill it, but as of now it's screwed with my windows
> activation. I rebooted and got Error 0xC004D301 - The security processor
> reported that the trusted data store was tampered.

Things have been tampered with, then what else has been tampered with or
running that is undetected?

http://technet.microsoft.com/en-us/l.../cc512587.aspx
<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
http://technet.microsoft.com/en-us/s...s/default.aspx

Currports (free) runs on Vista and Active Ports doesn't.

06-29-2008	#1 (permalink)
Kayman Guest n/a posts	Re: Trojan.Vundo kills activation? On Sun, 29 Jun 2008 02:17:18 -0400, Jay Moore wrote: Quote: > Ok, somehow..and don't ask me how...vundo managed to slip into what i > thought was a secure system..sure, Defender detected it...but it missed the > 4 other DLL's the process made and let them through...now i'm sitting here > unable to detect it with scanners. > > Im determined to kill it, but as of now it's screwed with my windows > activation. I rebooted and got Error 0xC004D301 - The security processor > reported that the trusted data store was tampered. > > Assuming I get this cleaned...how much of a PITA is it going to be to get my > vista back to validated or at this point am I totally screwed and it won't > be able to be reactivated? How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo. http://www.bleepingcomputer.com/forums/topic18610.html
My System Specs

06-29-2008	#2 (permalink)
Mr. Arnold Guest n/a posts	Re: Trojan.Vundo kills activation? "Jay Moore" <dewdude@xxxxxx> wrote in message news:0EF5F82E-53BA-4D95-AD91-F2C99F2C6B55@xxxxxx Quote: > Ok, somehow..and don't ask me how...vundo managed to slip into what i > thought was a secure system..sure, Defender detected it...but it missed > the 4 other DLL's the process made and let them through...now i'm sitting > here unable to detect it with scanners. http://www.physorg.com/news98802904.html If you're not practicing safehex, then anything is possible. If the software doesn't know about the other parts period, such as a signature to detect them, as an example, then how is it suppose to detect anything, like DLL(s). What happened to the anti-virus software, if one was installed? Why didn't it catch anything? No solution is a stops all and ends all solution. And if you think it's a stops all and ends all solution, then you have a false sense of security. If the O/S can be fooled, then anything that runs with the O/S can be fooled too. http://www.claymania.com/safe-hex.html Quote: > > Im determined to kill it, but as of now it's screwed with my windows > activation. I rebooted and got Error 0xC004D301 - The security processor > reported that the trusted data store was tampered. Things have been tampered with, then what else has been tampered with or running that is undetected? http://technet.microsoft.com/en-us/l.../cc512587.aspx <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html> http://technet.microsoft.com/en-us/s...s/default.aspx Currports (free) runs on Vista and Active Ports doesn't.
My System Specs

Similar Threads
Thread	Forum
Got nailed with Vundo, leftover rundll error	System Security
Vundo virus on laptop help!	System Security
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo	System Security
Re: Trojan.Vundo kills activation?	Vista General
Vista 64 kills PSP	Software