On May 17, 10:02 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "look at us we're beautiful" <brrypr...@yahoo.com>
>
> |
> | I should mention there are no other files I suspect of being bad...
> |
> | possibly one more beyond the wvuuutu.dll, but maybe not
> |
> | I did get rid of about 5, that SEC.TaskManager showed me.
> |
> | aaaand yet another intrusion blocked by sunbelt!
> | this blocking seems to be keeping the popups at bay
> |
> | sunbelt works off of some self serving loopback, all things done must
> | pass through this loop... far as I can tell...
> |
> | I believe I have deleted the *.exe that created wvuuutu.dll
>
> It is either a Vundo Trojan or a Conhook/Klone Trojan.
> By it name, I'll take a guess that it is a Vundo Trojan.
>
> If you are using any version of Sun Java that is prior to JRE Version 6.0,
> then you are strongly urged to remove any/all versions.
> There are numerous vulnerabilities in them and they are actively being exploited.
>
> It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
> Version 6.0 update 1 (jre 6u1)
>
> Simple check, look under...
> C:\Program Files\Java
>
> The only folder under that folder should be the latest version.
>
> Such as...
> C:\Program Files\Java\jre1.6.0_01
>
> http://java.sun.com/javase/downloads...oad/manual.jsp
>
> FYI:http://sunsolve.sun.com/search/docum...=1-26-102760-1
>
> Download Atribune's VUNDOFIX.EXEhttp://www.atribune.org/ccount/click.php?id=4
>
> Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
>
> * * * Please report back your results * * *
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

wvuuutu.dll
it got rid of everything but that, vundo thingy did good job, I ran it
twice it found different set each time, but led to believe it did not
know which was host file

only site on the web that lists wvuuutu.dll is for product called
Prevx1

installing it now... we'll see