The Vundo trojan is one of the most well-known and commonly spread on the Internet today. It commonly spreads through email attachments or a litany of browser exploits that take advantage of either built-in weaknesses in the browser itself or, regularly, through security flaws in popular browser plugins (ie, Flash and Java). Vundo also goes by several aliases including Virtumonde and Virtumondo.
What Vundo Does
Vundo, once installed, will disable most of the Windows notification systems to make sure your Firewall and Antivirus programs are running and up-to-date. Once that is done, Vundo will turn your computer into a weapon for Denial of Service attacks on popular websites and, most irritating to the infected user, assault you with non-stop advertising popups.
Reming Vundo
There are tons of Vundo varieties in the wild right now with more popping up all of the time. Since Vundo does so much to prevent the regular anti-virus operations of the infected machine sometimes removing Vundo can be a painful process. Here are a few links that might help you remove Vundo if your regular antivirus software can’t get the job done:
The Exploit-PDF.b Trojan has been all over the news for the last several years, with a new variant popping up a few days ago, so I thought I’d take some time to describe the threat and offer some Exploit-PDF.b removal solutions to anyone currently affected.
Exploit-PDF.b essentially exploits a vulnerability in PDF files and uses embedded JavaScript and a Flash object to download malicious software to install on the host machine. If you’re even a slight follower Apple’s recent fight over including Flash in their mobile products, issues like Exploit-PDF.b are some of their biggest pieces of ammo. Adobe has been pushing insecure products for too long, in the eyes of Apple and many others, and by refusing to include their software in their own products many hardware makers are claiming to greatly increase the security of their devices.
Exploit-PDF.b Removal
In addition to obviously maintaining an antivirus program that is up-to-date, here are a few links that might offer some additional help in removing Exploit-PDF.b from your computer:
Through a series of rather unfortunate events investigating a problem related to a client I infected my Windows machine with the Bomka.G Trojan this morning. I couldn’t find a lot of details online about the specifics of Bomka.G but my antivirus program was pitching errors and warnings all over the place every few minutes about the threat that had been installed.
I had a tough time finding any Bomka.G removal information by searching online but I did find a recommendation for some other antivirus programs to try. So I ended up downloading Malwarebytes Anti-Malware 1.46 from FileHippo.com after the other virus scanning solutions I had previously installed found the problem but were unable to fix it. Malwarebytes’ program managed to remove all traces of the Bomka.G Trojan from my machine using the quickest scan option available. The whole process to remove Bomka.G took less than 15 minutes from start to finish.
Bomka.G looks like a pretty typical Trojan in that it infects your machine, takes control of your computer and then takes your information while you’re unaware. As usual, you can help prevent these kinds of things from affecting you by keeping your antivirus software up-to-date and functional. Even though the particular antivirus program I was using before today couldn’t fix Bomka.G, it did notify me of the problem so that I wasn’t unaware of the damage being done to my computer.
This has been a crazy week of server maintenance, PC crashes (buy Macs people, please) and client technical support problems. I spent a huge amount of time already this week logging in to various remote systems to fix a handful of disasters and problems. And none of it would have been possible without VNC.
VNC, or Virtual Network Computing, is a method of accessing a remote system. It’s basically a simple way to do desktop sharing. I use it to help troubleshoot client problems by logging directly onto their computer, taking control of that machine’s keyboard and mouse and walking through the problem live with my client. It’s an invaluable tool that every freelancer needs to become intimately familiar with.
This whole setup is very easy to install. I use RealVNC on each client machine and then, since I’m a Mac user, I connect to them using a program called Chicken of the VNC. Chicken of the VNC also has one of the best application icons of all time, as you can see on the right.
Anyway, if you have clients and find yourself in need to some hand holding with them you should definitely look into using VNC.
After a recent OS X update (I can’t remember which one it was exactly, sorry) I would get a prompt like the one below telling me that the SuperDrive 2.1 Update could not find any “updatable” devices. This one was driving me nuts each time I booted up my Macbook.
The solution was simple and obvious in hindsight. To make this message go away enter your “System Preferences” and head to your “Accounts” window. There is a tab there called “Login Items” that will have a list of all of the applications that run immediately when your Mac boots up.
On that list will be an item called “SuperDrive Update 2.1.” Click on it and then hit the small minus button under the list of items. Do not hide the application. You want to disable it completely so hit the minus button instead of checking the “Hide” box.
Follow those steps and the next time you start up your Mac the SuperDrive box won’t be the first thing you’re greeted with.
