VundoFix

Infobox Software
name = VundoFix

developer = Atribune
released = September 7, 2005 (last posted)
latest release version = 7.0.6
operating system = Windows 95 and later
genre = Anti-trojan, specifically for Vundo and Virtumonde variants
license = Freeware
website = [http://vundofix.atribune.org/ vundofix.atribune.org]

VundoFix is a cleaning tool made by Atribune. Its purpose is to remove Vundo infections from computers and it scans based on registry searching with an additional CLSID list.

Method

VundoFix's purpose is to remove Vundo from infected computers. VundoFix has a method of brute scanning the registry, as well as scanning for files that upload Vundo onto one's computer. It also has an attached "blacklist", and all the files in it are scanned. It also relies on a method of examining the binary strings inside suspicious files to determine how the file behaves.Afterwards, it will delete the file for you.

Because Vundo has random file names, it is not possible for VundoFix to have a 100% detection rate. Often, the infected files must be removed using VundoFix's "Add more files" option (they cannot be removed manually in any way).

Implications

Since Vundo often uses random file names to operate, the blacklist included with VundoFix is not nearly as comprehensive as the extent of the infection. However, VundoFix bypasses this flaw with a binary string search of files, which is much more reliable than brute searching the registry or a blacklist.

References

# [http://www.atribune.org Atribune's website] , which includes information on ATF-Cleaner and VundoFix.