1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Trojan Vundo Activity 2

HTTP Trojan Vundo Activity 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects malicious requests related Trojan.Vundo which may result in file downloads that could compromise the target host.

Additional Information

Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Affected

  • Windows 2000
  • Windows 95
  • Windows 98
  • Windows Me
  • Windows NT
  • Windows XP

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Trojan.Vundo.
5. Reverse the changes made to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube