Technology news and Jobs 
Fuzzy Logic TrustDefender and the Trojan Vundo story
Fuzzy Logic TrustDefender and the Trojan Vundo story | TrustDefender and the Trojan Vundo story |
|
| by Alex Zaharov-Reutt | |
| Sunday, 21 December 2008 | |
|
Page 2 of 3 ”What now happened is that whenever she opened a web browser, the Trojan would open more windows with Advertising, Adware, Spyware and other nasty stuff. Quite regularly she got alerted that her computer is infected and she would need to download XP Antivirus or Antivirus 360 to fix it. (What a great marketing as these websites know for sure that the machine is compromised ;-). Featured Whitepaper
5 Best Practices for Smartphone Support
“We thought this is a good field test and installed Norton Internet Security 2009 and after it forced us to remove AVG (apparently Symantec wants to rule the desktop!), it did a quick scan and alerted us that the computer is infected with Trojan Vundo. “The Norton User Interface was actually very nice as it didn’t list all the infected files, it realized that they all belong to Vundo and only showed one line. Impressed with this, we found a button “Fix this” and thought we give it a try. “We got a nice green alert saying that the threat has been removed successfully and the computer is safe now. We thought that was really easy and even a typical internet user may be able to do this - until we restarted the machine. “The startup was uneventful and Norton did not alert us of anything. However when we used the webbrowser, other windows with adware/spyware appeared again!!! “When we did a Quickscan in Norton 2009, the Trojan Vundo was back!!! A “Fix this” removed it (again), making us believe it is gone, but it will always re-appear……every time the user restarts the machine. “So in the end, we AVG Free 8 and SUPERAntispyware didn’t stop the Trojan from installing and doing its nasty work. Norton Internet Security 2009 provided a much better protection, however failed to remove the Trojan completely causing the potential ongoing threat to the user. “And this for a Trojan that is around for more than 4 years (in various mutations)!!!! We as a security software industry can’t be serious. There has to be a better way. How can a typical user even think that they are protected by traditional Antivirus Engines? “We had to manually remove all entries in the various startup sections of the system as well as one BHO inside the Internet Explorer to successfully get rid of Vundo. Now we could remove the files with specialized tools (to counter the rootkit-component) to have a clean machine again. “Even though this Trojan was technically not very challenging or advanced, we learned a valuable lesson.” Page 3 of the blog post continues with some technical details, please read on! |
| < Next story in category | Previous story in the category > |
|---|
