From: Martin Robson on
Can someone help me to identify and get rid of a very annoying and
potentially very embarrassing pop-up. When I open up my home PC for the
first time each day it opens up a web site - 'www.pornochicks.com'. I have
never, as far as I am aware, ever been to this site (honest!), but you can
imagine the contents.

Has anyone else ever has this happen>? Is it a virus? A quick Google is not
conclusive but seem to suggest something called 'vundo'. I'm no expert,
however, so any help and previous experience would be greatly appreciated.

Thanks,

--
Martin Robson

m714 at btinternet dot com


From: Art on
On Sun, 19 Feb 2006 15:46:50 +0000 (UTC), "Martin Robson"
<m714(a)btinternet.com> wrote:

>Can someone help me to identify and get rid of a very annoying and
>potentially very embarrassing pop-up. When I open up my home PC for the
>first time each day it opens up a web site - 'www.pornochicks.com'. I have
>never, as far as I am aware, ever been to this site (honest!), but you can
>imagine the contents.
>
>Has anyone else ever has this happen>? Is it a virus? A quick Google is not
>conclusive but seem to suggest something called 'vundo'. I'm no expert,
>however, so any help and previous experience would be greatly appreciated.

The vundo Trojan is detected by mainstream antivirus products. Which
one are you using? Symantec offers a removal tool here:

http://www.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html

No luck? Try a online scan by Kaspersky:

http://www.kaspersky.com/virusscanner

Art
http://home.epix.net/~artnpeg
From: Craig Davies on

"Martin Robson" <m714(a)btinternet.com> wrote in message
news:dta3ta$p34$1(a)nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Can someone help me to identify and get rid of a very annoying and
> potentially very embarrassing pop-up. When I open up my home PC for the
> first time each day it opens up a web site - 'www.pornochicks.com'. I
> have never, as far as I am aware, ever been to this site (honest!), but
> you can imagine the contents.
>
> Has anyone else ever has this happen>? Is it a virus? A quick Google is
> not conclusive but seem to suggest something called 'vundo'. I'm no
> expert, however, so any help and previous experience would be greatly
> appreciated.

The best advice I can gave you, get some anti-virus software, if you have
one installed try and update it and scan your computer.


From: pcbutts1 on
Use this removal tool for winfixer only.

Removal Tool - Adware-Virtumundo/WinFixer Popups
http://forums.mcafeehelp.com/viewtopic.php?t=57049

When that is done then download Ewido, update it and run it. Let it remove
or fix whatever it finds.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Martin Robson" <m714(a)btinternet.com> wrote in message
news:dta3ta$p34$1(a)nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Can someone help me to identify and get rid of a very annoying and
> potentially very embarrassing pop-up. When I open up my home PC for the
> first time each day it opens up a web site - 'www.pornochicks.com'. I
> have never, as far as I am aware, ever been to this site (honest!), but
> you can imagine the contents.
>
> Has anyone else ever has this happen>? Is it a virus? A quick Google is
> not conclusive but seem to suggest something called 'vundo'. I'm no
> expert, however, so any help and previous experience would be greatly
> appreciated.
>
> Thanks,
>
> --
> Martin Robson
>
> m714 at btinternet dot com
>


From: David H. Lipman on
From: "Martin Robson" <m714(a)btinternet.com>

| Can someone help me to identify and get rid of a very annoying and
| potentially very embarrassing pop-up. When I open up my home PC for the
| first time each day it opens up a web site - 'www.pornochicks.com'. I have
| never, as far as I am aware, ever been to this site (honest!), but you can
| imagine the contents.
|
| Has anyone else ever has this happen>? Is it a virus? A quick Google is not
| conclusive but seem to suggest something called 'vundo'. I'm no expert,
| however, so any help and previous experience would be greatly appreciated.
|
| Thanks,
|



If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm