trojan.vundo.b

David Larder · May 1, 2005

Hi

I've just spent a couple of days struggling to remove the
trojan.vundo.b virus, and since removing it have noticed that my hosts
file - C:\WINDOWS\system32\drivers\etc\hosts has been renamed to
"hosts.bak" and the following, (just a small sample of about 1000
urls) has been appended:

127.0.0.1 1ad2srvr-cpt-v1.com
127.0.0.1 www.1ad2srvr-cpt-v1.com
127.0.0.1 207-182-237-233.visionaire-us.com
127.0.0.1 www.207-182-237-233.visionaire-us.com
127.0.0.1 3721.com
127.0.0.1 www.3721.com
127.0.0.1 680180.net
127.0.0.1 www.680180.net

Now I'm not 100% sure it was the work of this trojan, but thought I
should mention it.

I wish the cretins who write these things would just feck orf & die!

Hope this is in the right group - I'm new to using google groups.

Cheers

David

David H. Lipman · May 1, 2005

From: "David Larder" <[email protected]>

| Hi
|
| I've just spent a couple of days struggling to remove the
| trojan.vundo.b virus, and since removing it have noticed that my hosts
| file - C:\WINDOWS\system32\drivers\etc\hosts has been renamed to
| "hosts.bak" and the following, (just a small sample of about 1000
| urls) has been appended:
|
| 127.0.0.1 1ad2srvr-cpt-v1.com
| 127.0.0.1 www.1ad2srvr-cpt-v1.com
| 127.0.0.1 207-182-237-233.visionaire-us.com
| 127.0.0.1 www.207-182-237-233.visionaire-us.com
| 127.0.0.1 3721.com
| 127.0.0.1 www.3721.com
| 127.0.0.1 680180.net
| 127.0.0.1 www.680180.net
|
| Now I'm not 100% sure it was the work of this trojan, but thought I
| should mention it.
|
| I wish the cretins who write these things would just feck orf & die!
|
| Hope this is in the right group - I'm new to using google groups.
|
| Cheers
|
| David

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

While Google can access thdem, it is wofully inadequate as a mens of accessing News Groups
to start with.

Since 'hosts.bak' is NOT interpreted, it is not a problem. if you have a 'hosts' file with
those entries you have a problem. There are many infectors that modyfy the hosts table from
the Vundo to the QHosts Trojan..

Have you elimininated the Vundo Trojan or do you still have the Vundo or other infectors on
your PC ?

David Larder · May 3, 2005

David H. Lipman said:
From: "David Larder" <[email protected]>

| Hi
|
| I've just spent a couple of days struggling to remove the
| trojan.vundo.b virus, and since removing it have noticed that my hosts
| file - C:\WINDOWS\system32\drivers\etc\hosts has been renamed to
| "hosts.bak" and the following, (just a small sample of about 1000
| urls) has been appended:
|
| 127.0.0.1 1ad2srvr-cpt-v1.com
| 127.0.0.1 www.1ad2srvr-cpt-v1.com
| 127.0.0.1 207-182-237-233.visionaire-us.com
| 127.0.0.1 www.207-182-237-233.visionaire-us.com
| 127.0.0.1 3721.com
| 127.0.0.1 www.3721.com
| 127.0.0.1 680180.net
| 127.0.0.1 www.680180.net
|
| Now I'm not 100% sure it was the work of this trojan, but thought I
| should mention it.
|
| I wish the cretins who write these things would just feck orf & die!
|
| Hope this is in the right group - I'm new to using google groups.
|
| Cheers
|
| David

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

While Google can access thdem, it is wofully inadequate as a mens of accessing News Groups
to start with.

Since 'hosts.bak' is NOT interpreted, it is not a problem. if you have a 'hosts' file with
those entries you have a problem. There are many infectors that modyfy the hosts table from
the Vundo to the QHosts Trojan..

Have you elimininated the Vundo Trojan or do you still have the Vundo or other infectors on
your PC ?

Thanks to all the recent posts on various groups, and some painstaking
trawling of the registry, I've got rid of the blighter now.