VundoFix
From Wikipedia, the free encyclopedia
| VundoFix | |
|---|---|
 |
|
| Developed by | Atribune |
| Initial release | September 7, 2005 (last posted) |
| Latest release | 7.0.5 |
| OS | Windows 95 and later |
| Genre | Anti-trojan, specifically for Vundo and Virtumonde variants |
| License | Freeware |
| Website | vundofix.atribune.org |
VundoFix is a cleaning tool made by Atribune. Its purpose is to remove Vundo infections from computers and it scans based on registry searching with an additional CLSID list.
[edit] Method
VundoFix's purpose is to remove Vundo from infected computers. VundoFix has a method of brute scanning the registry, as well as scanning for files that upload Vundo onto one's computer. It also has an attached "blacklist", and all the files in it are scanned. It also relies on a method of examining the binary strings inside suspicious files to determine how the file behaves. Afterwards, it will delete the file for you.
Because Vundo has random file names, it is not possible for VundoFix to have a 100% detection rate. Often, the infected files must be removed using VundoFix's "Add more files" option (they cannot be removed manually in any way).
[edit] Implications
Since Vundo often uses random file names to operate, the blacklist included with VundoFix is not nearly as comprehensive as the extent of the infection. However, VundoFix bypasses this flaw with a binary string search of files, which is much more reliable than brute searching the registry or a blacklist.
[edit] References
- Atribune's website, which includes information on ATF Cleaner and VundoFix
 |
This software-related article is a stub. You can help Wikipedia by expanding it. |
