Trojan.Vundo compromised my browser?

blackdiabound28 · 06-01-2008, 02:42 PM

Hey guys, there is a problem with my Vista laptop that started recently.

So a few days ago, on startup, a message popped up saying "MSWINSCK.OCX is missing or corrupt". I ignored it and everything else ran like normal. However, every time since then I started up, the same message showed up (again, nothing else wrong). Yesterday, however, my Norton 360 popped "Trojan.Vundo detected" and it began to remove the virus itself in the background as I was doing other things. Afterwards, it prompted me to reboot to complete the removal process. I did. After that, all of these symptons began to show up. I am not sure if these mean there is still a virus in my computer or whether these are the result of damage to the registry that the virus caused.

1. When I used IE7 or Firefox, the browser would work sometimes and other times would strongly lag or just start loading and continue to load ad infinitum until I closed it via task manager. Most notably, there were times the Google search engine was nonresponsive and I could not check my email. This is still going on.

2. This sympton actually happened AS Norton was "fixing" the virus, before the reboot. Whenever I would open folders such as "My Music" or "Documents", the browser would sometimes lag and freeze, then a message came up saying "Windows Explorer has stopped working" and it would prompt me to end Windows Explorer, causing my desktop to go blank and come back a second later. This is still going on.

3. I tried to fix the problem with a 360 Full System Scan, but the scan can never get completed. When it scans about 7 to 9,000 files, it mysteriously gets stuck and freezes. So I have never been able to run a full scan to see if the virus cleared or not. I'm not sure if this is the virus's doing or if Norton just sucks.

I took two actions to fix the problem (other than attempted Norton scans). Firstly, I went back and replaced the "Mswinsck.ocx" file from one I downloaded online and the startup message disappeared. Secondly, I downloaded Vundofix.exe and ran it. It found one file associated with Vundo that attached to a PowerISO registry file, which it deleted. However, all of the symptons still exist. Also, I un- and reinstalled both Firefox and Norton and the problems still exist. I know that Vundo causes damage to the registry so I'm not sure if the problem is that its still around but my Norton just can't do anything about it, or if its already gone and all of this is caused by registry damage. Thank you for any insight you can shed in advance. I'd like not to reformat, since it would be time consuming. Is there any alternative?

**TheBruce1** · 06-03-2008, 03:14 PM

Hello and welcome to TSF

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Michael York · 06-04-2008, 03:52 PM

Quote:

Originally Posted by blackdiabound28

Hey guys, there is a problem with my Vista laptop that started recently.

So a few days ago, on startup, a message popped up saying "MSWINSCK.OCX is missing or corrupt". I ignored it and everything else ran like normal. However, every time since then I started up, the same message showed up (again, nothing else wrong). Yesterday, however, my Norton 360 popped "Trojan.Vundo detected" and it began to remove the virus itself in the background as I was doing other things. Afterwards, it prompted me to reboot to complete the removal process. I did. After that, all of these symptons began to show up. I am not sure if these mean there is still a virus in my computer or whether these are the result of damage to the registry that the virus caused.

1. When I used IE7 or Firefox, the browser would work sometimes and other times would strongly lag or just start loading and continue to load ad infinitum until I closed it via task manager. Most notably, there were times the Google search engine was nonresponsive and I could not check my email. This is still going on.

2. This sympton actually happened AS Norton was "fixing" the virus, before the reboot. Whenever I would open folders such as "My Music" or "Documents", the browser would sometimes lag and freeze, then a message came up saying "Windows Explorer has stopped working" and it would prompt me to end Windows Explorer, causing my desktop to go blank and come back a second later. This is still going on.

3. I tried to fix the problem with a 360 Full System Scan, but the scan can never get completed. When it scans about 7 to 9,000 files, it mysteriously gets stuck and freezes. So I have never been able to run a full scan to see if the virus cleared or not. I'm not sure if this is the virus's doing or if Norton just sucks.

I took two actions to fix the problem (other than attempted Norton scans). Firstly, I went back and replaced the "Mswinsck.ocx" file from one I downloaded online and the startup message disappeared. Secondly, I downloaded Vundofix.exe and ran it. It found one file associated with Vundo that attached to a PowerISO registry file, which it deleted. However, all of the symptons still exist. Also, I un- and reinstalled both Firefox and Norton and the problems still exist. I know that Vundo causes damage to the registry so I'm not sure if the problem is that its still around but my Norton just can't do anything about it, or if its already gone and all of this is caused by registry damage. Thank you for any insight you can shed in advance. I'd like not to reformat, since it would be time consuming. Is there any alternative?

Hi blackdiabound,

This is Mike from the Norton Authorized Support Team responding to your posting.

The Vundo infection is actually what is called a Trojan, and can embed itself deep into your system files.

You mention that you ran a Full System scan (actually called a "Comprehensive Scan" in Norton 360) and that it did not complete. This symptom points to a problem with the LiveUpdate module in Norton 360, which, may have been compromised by the Vundo infection. If LiveUpdate has been compromised then you may not have the latest program and definition files applied to your installation of Norton 360.

Please click on the following link and follow the instructions to run a tool that will launch LiveUpdate.

Fix Tool for when Norton 360 scan stops

After you have run this tool, please read the information in the following link that describes the Vundo infection. At the top of the page, click on "Download Removal Tool" and follow the instructions carefully.

Symantec Vundo Removal Tool

Please follow these instructions and let me know the outcome.

Thank you,
Mike

06-01-2008, 02:42 PM	#1 (permalink)
blackdiabound28 Registered User Join Date: Jun 2008 Posts: 1 OS: Windows Vista SP1	Trojan.Vundo compromised my browser? Hey guys, there is a problem with my Vista laptop that started recently. So a few days ago, on startup, a message popped up saying "MSWINSCK.OCX is missing or corrupt". I ignored it and everything else ran like normal. However, every time since then I started up, the same message showed up (again, nothing else wrong). Yesterday, however, my Norton 360 popped "Trojan.Vundo detected" and it began to remove the virus itself in the background as I was doing other things. Afterwards, it prompted me to reboot to complete the removal process. I did. After that, all of these symptons began to show up. I am not sure if these mean there is still a virus in my computer or whether these are the result of damage to the registry that the virus caused. 1. When I used IE7 or Firefox, the browser would work sometimes and other times would strongly lag or just start loading and continue to load ad infinitum until I closed it via task manager. Most notably, there were times the Google search engine was nonresponsive and I could not check my email. This is still going on. 2. This sympton actually happened AS Norton was "fixing" the virus, before the reboot. Whenever I would open folders such as "My Music" or "Documents", the browser would sometimes lag and freeze, then a message came up saying "Windows Explorer has stopped working" and it would prompt me to end Windows Explorer, causing my desktop to go blank and come back a second later. This is still going on. 3. I tried to fix the problem with a 360 Full System Scan, but the scan can never get completed. When it scans about 7 to 9,000 files, it mysteriously gets stuck and freezes. So I have never been able to run a full scan to see if the virus cleared or not. I'm not sure if this is the virus's doing or if Norton just sucks. I took two actions to fix the problem (other than attempted Norton scans). Firstly, I went back and replaced the "Mswinsck.ocx" file from one I downloaded online and the startup message disappeared. Secondly, I downloaded Vundofix.exe and ran it. It found one file associated with Vundo that attached to a PowerISO registry file, which it deleted. However, all of the symptons still exist. Also, I un- and reinstalled both Firefox and Norton and the problems still exist. I know that Vundo causes damage to the registry so I'm not sure if the problem is that its still around but my Norton just can't do anything about it, or if its already gone and all of this is caused by registry damage. Thank you for any insight you can shed in advance. I'd like not to reformat, since it would be time consuming. Is there any alternative?

06-03-2008, 03:14 PM	#2 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Trojan.Vundo compromised my browser? Hello and welcome to TSF Please follow our 5 Step process outlined here: http://www.techsupportforum.com/secu...oval-help.html After running through *all* the steps, please post the requested logs. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating