Jump to content


Got a baaad bug...


  • Please log in to reply
7 replies to this topic

#1 m.oreilly

m.oreilly

    rog'er wilco

  • Admin
  • PipPipPipPipPipPip
  • 8,810 posts
  • Country:lower uncton

Posted 11 July 2008 - 03:21 AM

noticed an odd entry in msconfig/startup: MSSERVER. after checking out it's location in windows, (which turned out to be either false or hidden), and going through the reg with a fine tooth comb, it looks like it's reformat time. anybody got a clue re removing this? it appears to be a "vundo' variant, and i even tried using "super anti spyware" (lol), which reports the presence of the bug, but is unable to remove it. i'ved tried spybot, adaware, nod32, and that sas app, but no go...anybody?

#2 Nvyseal

Nvyseal

    Chairman of the Board

  • Administrator
  • PipPipPipPipPipPip
  • 9,802 posts
  • Location:From the whatever it is, Pluto
  • Country:USA

Posted 11 July 2008 - 03:33 AM

gads, thats a bad one. you on server 2008? roll back?

#3 m.oreilly

m.oreilly

    rog'er wilco

  • Admin
  • PipPipPipPipPipPip
  • 8,810 posts
  • Country:lower uncton

Posted 11 July 2008 - 04:18 AM

no restore points (heck, i'm a big boy... :lol: ).
success! :worry:

two apps that are a must for me now:
"super anti spyware" ( :rofl: )
and
"mbam"

ran in safe mode, they did a job that left my av and spybot/adaware looking for a clue. i might also add that the app i suspect (downloaded from a torrent, scanned with the av before unraring) is a very recent digital photography one.

#4 m.oreilly

m.oreilly

    rog'er wilco

  • Admin
  • PipPipPipPipPipPip
  • 8,810 posts
  • Country:lower uncton

Posted 11 July 2008 - 04:21 AM

oh, and a big shout out to "wilders security forums", where some folks left me a clue to start looking for a fix, and then pointed me in the right direction...Tarq57, thanks :lol:

#5 m.oreilly

m.oreilly

    rog'er wilco

  • Admin
  • PipPipPipPipPipPip
  • 8,810 posts
  • Country:lower uncton

Posted 11 July 2008 - 04:18 PM

just a heads up: nod32 now detects the baddie. must be the new defs that loaded this morning... :lol:

#6 Tweak

Tweak

    Established Member

  • Members
  • PipPipPipPipPip
  • 674 posts
  • Country:US

Posted 12 July 2008 - 04:35 AM

VundoFix from atribune.org will handle it as well.

#7 VROSA

VROSA

    Ghost Member

  • Global Moderator
  • PipPipPipPipPip
  • 2,043 posts
  • Location:Belo Horizonte - Minas Gerais - Brazil
  • Interests:Hardware, Software, Alphas and Betas, OS Mods, Windows 8.1, Windows 10, Linux, Games, Fun, Friends.
  • Country:Brazil

Posted 12 July 2008 - 11:36 PM

Good to see you handled to remove it :lol:

#8 m.oreilly

m.oreilly

    rog'er wilco

  • Admin
  • PipPipPipPipPipPip
  • 8,810 posts
  • Country:lower uncton

Posted 12 July 2008 - 11:57 PM

View Postvrosa x64, on Jul 12 2008, 04:36 PM, said:

Good to see you handled to remove it :rofl:

:lol:

and thanks to tweak, i think i have a handle on why my system, and an old p4 32bit rig at work were affected: i turned off DEP on my box, and the p4 system can only do limited software prevention. tweak sampled the installer of what i believe to be the bug, and it turns out his system (DEP on) was not compromised. i guess DEP is not for dopes after all... :worry:




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users