Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Sun Java exploit=Vundo/Winfixer/Virtumonde

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Nov 20, 2005 3:46 am    Post subject: Sun Java exploit=Vundo/Winfixer/Virtumonde Reply with quote

For attention of all Sun Java users Exclamation

A very recently discovered exploit by our very own Calamity Jane
has riddled a lot of PC's recently>>>
Sun Java update exploit=Vundo/Winfixer/Virtumonde infection
http://www3.dslreports.com/forum/remark,14738046~start=0

In short>>>

If you have Sun java on your PC,check the add/remove software part of control panel to see which version(s) you have installed.
The only one required is the latest version 1.5.0_06
Download here>>>
http://www.java.com/en/download/manual.jsp

Exclamation All others should be uninstalled immediatley since they are at risk from this recently discovered exploit and also surplus to requirement.

Editorial Note by CalamityJane: I did not "discover" this vulnerability - I've just been spreading the word. Two fellow MS MVPs (Steve Wechsler aka MowGreen & Sandi Hardmeier) have been after Sun Microsystems on this since last February 2005. Sun acknowledged back then that older (vulnerable) versions on a system can be called up by Malware and exploit the system, but have failed to do anything about it to date
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Nov 20, 2005 5:55 am    Post subject: FAO victims of the Vundo/Winfixer/Virtumonde infection>&g Reply with quote

Here is one removal solution that is effective against some variants of the infection(Not all Sad )

Q: How Do I Remove Trojan Vundo/Winfixer/Virtumonde?

A: A: VirtuMonde is an adware program that downloads and displays popup advertisements. It may also hijack the browser to unwanted advertising related sites.

There is a free removal tool offered by Symantec here:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html

or here:
http://www.majorgeeks.com/Symantec_Trojan.Vundo_Removal_Tool_d4430.html

Follow the removal directions on the download page. Run the tool twice with a reboot inbetween to be sure it got everything.

*You will still need to post a HJT log for inspection by an expert because there are some variants that this tool dose not remove so other tools/solutions will have to be utilised.
**Also any remnents of removed infection and other malware might be present and will also need removing.

HJT download>>>
http://spywarewarrior.com/files/hijackthis.zip

HJT help forums>>>
http://www.spywarewarrior.com/viewforum.php?f=5

HTH Smile

Ps Huge kudo's and big thanks to Calamity Jane for picking up on this exploit.CJ kicks malware butt yet again prayer

http://calamityjanevirusmd.com/index.php?option=com_frontpage&Itemid=1
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Mon Nov 21, 2005 11:39 am    Post subject: Which version do i have,which do i need ? Reply with quote

Just to clarify about older versions of Sun Java,
They will appear in the control panel>>>add/remove as/or like

J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5 - 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb

or as illustrated here


It is crucial to stress that all versions need to be uninstalled with the exception of the latest version 1.5.06 which will be listed in the add/remove as
J2SE Runtime Enviroment 5.0 Update 6
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Fri Nov 25, 2005 12:11 pm    Post subject: Reply with quote

Here's what Sun java have to say about the problem Shocked

shortened link
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Nov 27, 2005 3:45 am    Post subject: FAO victims of the Vundo/Winfixer/Virtumonde infection Reply with quote

*Additional Variant removal update

It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.

SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html

*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
Shocked
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
thejynxed
Warrior


Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania

PostPosted: Sun Nov 27, 2005 3:55 am    Post subject: Reply with quote

I tried removing previous versions and get an odd "Installer not found" error.
_________________
"I stab thee with a rusty spork."

Back to top
View user's profile Send private message AIM Address
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Nov 27, 2005 4:22 am    Post subject: Reply with quote

thejynxed wrote:
I tried removing previous versions and get an odd "Installer not found" error.


I've tried searching the Sun Java website for help and this is what i could locate relating to removing the software>>>
http://www.java.com/en/download/help/5000010800.xml

If you know how to manually remove software,you could always remove all versions by manual means+registry cleaner and then go and download the most recent version Wink

Or alternatively contact Sun Java for assistance.

HTH Smile
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
thejynxed
Warrior


Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania

PostPosted: Sun Nov 27, 2005 5:31 am    Post subject: Reply with quote

I just used jv16powertools to do it. Windows Add/Remove kept looking for an .msi file, couldn't find it, etc. etc. Powertools had no trouble removing the software. Go figure.
_________________
"I stab thee with a rusty spork."

Back to top
View user's profile Send private message AIM Address
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Wed Nov 30, 2005 11:21 am    Post subject: Reply with quote

Sun Java have updated there warning for this exploit to Critical>>>

http://secunia.com/advisories/17748/


Shocked Evil or Very Mad But they still will not reccomend people remove earliar versions.

A suggestion to any victims of WinFixer/Vundo/Virtumondo who have earliar versions of Sun Java software and more than probable victims of this exploit on their PC would be to contact the company and thank them for your infection Idea
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
Webroot_SS
Malware Expert


Joined: 09 Feb 2005
Last Visit: 13 Feb 2008
Posts: 52

PostPosted: Wed Nov 30, 2005 12:51 pm    Post subject: Re: FAO victims of the Vundo/Winfixer/Virtumonde infection Reply with quote

fcukdat wrote:
*Additional Variant removal update

It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.

SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html

*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
Shocked


Spy Sweeper should be getting most if not all known variants of this.

If you happen to have a Vundo/Winfixer/Virtumonde infection that Spy Sweeper is not able to remove, please contact Webroot support and we will gather the files needed and update our definitions.

http://support.webroot.com/ics/support/default.asp?deptID=776
Back to top
View user's profile Send private message Visit poster's website
CalamityJane
Site Admin


Joined: 05 Feb 2004
Last Visit: 22 Sep 2009
Posts: 1020
Location: Central Florida, USA

PostPosted: Wed Nov 30, 2005 6:32 pm    Post subject: Re: FAO victims of the Vundo/Winfixer/Virtumonde infection Reply with quote

Webroot_SS wrote:
fcukdat wrote:
*Additional Variant removal update

It has been found that some variants can be removed By Webroot SpySweeper that the Symantec removal tool is ineffective against.

SpySweeper is available on a 14day free trial and can be downloaded from>>>
http://majorgeeks.com/Spy_Sweeper_d3263.html

*Remember it is still crucial to post a HJT log for inspection since other malware may still be on your system
Shocked


Spy Sweeper should be getting most if not all known variants of this.

If you happen to have a Vundo/Winfixer/Virtumonde infection that Spy Sweeper is not able to remove, please contact Webroot support and we will gather the files needed and update our definitions.

http://support.webroot.com/ics/support/default.asp?deptID=776


True, it does! And thanks for your efforts on battling this infection Webroot Big Thumb Up

We also have a free "fix tool" by spyware expert Atribune that can remove it with assistance from a Spyware Warrior removal helper in the forums
_________________
Microsoft MVP 2003-2008, Windows - Security
Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Wed Nov 30, 2005 11:29 pm    Post subject: Update 6 released Reply with quote

Sunn Java within 24hrs of releasing security patch's have now released software updates Shocked Confused

http://java.sun.com/j2se/1.5.0/download.jsp


Evil or Very Mad The madness still continues since Sunn are still not instructing people to uninstall the earliar vulnerable versions from people PC's.

Thanks CJ for additional info supplied,its plain madness to think that this exploit has been known of since Feb2005 and yet Sunn take no effective action Shocked
Quote:
Editorial Note by CalamityJane: I did not "discover" this vulnerability - I've just been spreading the word. Two fellow MS MVPs (Steve Wechsler aka MowGreen & Sandi Hardmeier) have been after Sun Microsystems on this since last February 2005. Sun acknowledged back then that older (vulnerable) versions on a system can be called up by Malware and exploit the system, but have failed to do anything about it to date

_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 28 Mar 2014
Posts: 3913
Location: California

PostPosted: Sat Dec 10, 2005 11:48 pm    Post subject: Reply with quote

Edited first post to reflect that 1.5.0_06 is the current version of java.
_________________
Nick's Security Ticker

Back to top
View user's profile Send private message
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sun Dec 11, 2005 11:01 am    Post subject: Reply with quote

Nick wrote:
Edited first post to reflect that 1.5.0_06 is the current version of java.


Thanks Nick,can you also edit my 3rd post(Last line) to show new most recent version Wink
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Sat Jan 28, 2006 3:30 am    Post subject: Reply with quote

Very Happy

Ok people's since the Symantec tool is not always effective and finding a working version of SpySweeper that dose'nt cost $'s to see it action here is a free canned removal solution for most variants of Vundo/Virtumondo/Winfixer>>>
http://wiki.castlecops.com/Malware_Removal:_Virtumundo


*But please remember to post an HiJackThis log for inspection by a malware removal expert since there is a chance that you have more malware on your system that is'nt related to Vundo.
http://www.spywarewarrior.com/viewforum.php?f=5
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
fcukdat
Warrior Addict


Joined: 01 Jan 2005
Last Visit: 08 Apr 2009
Posts: 757
Location: Yeovil,England.

PostPosted: Wed Feb 08, 2006 11:41 am    Post subject: Reply with quote

Shocked Eventually Sun Microsystems put their hands up to 7 holes in their earliar software>>>

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1

Cool Great commentary here>>>
http://www3.dslreports.com/forum/remark,15429033

Only took them a whole year to publicly acknowledge it Evil or Very Mad
_________________
Malware hunter....Got Bot ?

MIRT Handler >>>
http://www.castlecops.com/c55-MIRT.html
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group