Not confused but concerned....Adware.Vundo-Variant

[sasysusie]

Hi all... yikes its me again....... computer seems to be running ok but.... I just ran a SuperAntispyware scan and I had somthing in it that has concerned me... I am going to attach the log... I quarantined it all..The part that has me concerned is

Adware.Vundo-Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP14\A0003198.DLL
Does this mean I have something bad again in my restore?? Do I need tombe concerned or is this something i don't need to worry about as long as I know have it quarantined??

Ive been being ver carful but I am very gun shy after my last episode the the Grandaddy Troajan and all his family friends and neighbors i wound up with!

Thanks for looking at this for me. 
Susie

[oldman]

It was just in your system restore point. SAS caught it, bbut you might want to create a new clean point and remove the others.

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point

Remove old restore points

Disk Cleanup - Launch the Disk Cleanup tool and then select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

[sasysusie]

Ok did that... how do i get those anyway.. is that something computers just get... or is it me and mine in particular?
Thanks once again im trying to keep a close eye on things!
Susie

[DavidR]

If you don't disable system restore and something is detected from the system folders then system restore saves a copy in the system volume restore _restore point.

It isn't much of a problem there, but if you use system restore some time in the future you could be reinfecting your system. Even then as has been said in the past a file without a run command, etc. it not active, so it shouldn't present the same level of risk/potential. But it is better out of your system than sitting dormant waiting to be detected.

[rdmaloyjr]

Ok did that... how do i get those anyway.. is that something computers just get... or is it me and mine in particular?
Thanks once again im trying to keep a close eye on things!
Susie

If Opera was your browser & you used a real-time anti-spyware program like SuperAntiSpyware Professional (not free) or Spyware Terminator (free), you might not have become infected.

[oldman]

Ok did that... how do i get those anyway.. is that something computers just get... or is it me and mine in particular?
Thanks once again im trying to keep a close eye on things!
Susie

It may have been a piece of vundo that SAS didn't pick up before. SAS has probably added 20 or more vundo detections since we cleaned out your computer. Your SAS log was very clean with that one exception. If you do a scan on a regular basis and watch what's going on you should be fine.

[DavidR]

Ok did that... how do i get those anyway.. is that something computers just get... or is it me and mine in particular?
Thanks once again im trying to keep a close eye on things!
Susie

If Opera was your browser & you used a real-time anti-spyware program like SuperAntiSpyware Professional (not free) or Spyware Terminator (free), you might not have become infected.

That is a pretty bold statement considering you have no idea how that entry in the system volume information folder got into her system in the first place.

It is perfectly possible to remain safe without Opera and resident anti-spyware, but you do have to take precautions.

[sasysusie]

Thank you all and yes I am and will continue to run the SAS on a regular basis.  I appreciate your responses it helps me to know I  am OK and don't need to panic!  Your all great ty yet again. Hope you all have a good week and for those of you living here in the States as I am, Happy Thanksgiving Day to you all, hope you all enjoy some great food, good company and just a great day overall!
Take care,
Susie

[rdmaloyjr]

Ok did that... how do i get those anyway.. is that something computers just get... or is it me and mine in particular?
Thanks once again im trying to keep a close eye on things!
Susie

If Opera was your browser & you used a real-time anti-spyware program like SuperAntiSpyware Professional (not free) or Spyware Terminator (free), you might not have become infected.

That is a pretty bold statement considering you have no idea how that entry in the system volume information folder got into her system in the first place.

It is perfectly possible to remain safe without Opera and resident anti-spyware, but you do have to take precautions.

DavidR,
Please note that I said "might not have become infected".  I think it is fair to say a fw & antivirus isn't enough today.  A real-time antispyware is recommended.  Opera has built in defenses (so do IE & FF). I think Opera is better.  My sig has the security software that has been successful in keeping my computer from getting infected.  Therefore I recommend them.

[DavidR]

Might not, can also have a positive connotation especially when there is no information as to how they were infected and how they 'might have' avoided that particular infection. To me it almost read as an advert for both products.

[oldman]

I don't want to turn this into a p..... contest about what's better or what's worse.

For my 1.5 cents, the infection likely came via messenger and with out a good firewall, it was free to invite others over for the weekend. If SAS had been resident, it may have stopped it. Providing the first ones in the door where ones SAS could detect. About 50+ files where removed after a SAS scan.

There is no doubt that a resident scanner is better than an on demand scanner. But it's not infallible. People still have to watch what they are doing and check as soon as they suspect something is up.

Look at my sig, what you see is what I got. The worst I ever had was a toolbar. _{and you don't want to know where I've been.} 

[rdmaloyjr]

Not to argue, but when you don't know how you were infected, it's logical to cover all the bases you can or know how to.  Therefore I recommend more than a fw & av.  The economical way is with the best freeware available.

What do you think of Returnil?  It is the only freeware of it's type.

[rdmaloyjr]

To all that are reading this thread: DavidR & I aren't having a p______ contest.  This is a healthy discussion.  Sasysusie asked a good question.  Many don't know how they became infected.  A better understanding of how can help keep from getting infected.  The old saying "an ounce of prevention is worth a pound of cure" is true.  Safe surfing is as important as protective software.  Oldman is right, good security software isn't infallable.  It has to be constantly updated to be protective.  In between we can be infected.

DavidR & Oldman can give better insight on this subject than I can.

[oldman]

What do you think of Returnil?  It is the only freeware of it's type.

I don't know. It could be of use, depending on what you where doing.

Updates would have to be done either manually or with it turned off and anything you wanted to download would have to be to another partition.

Seems to be similar to another one called sandboxie, I guess the bottom line would be if it suited your needs, go ahead and try it.

[Lisandro]

What do you think of Returnil?  It is the only freeware of it's type.

Very good and stable. Worth a try. Worth to be used when testing software. I've used on XP. Thanks for remembering me to check if it is Vista compatible...