Jump to content

Vundo with mp3tag ? Issues, and Questions.

WaxusDeWeeval
 Share

Recommended Posts

WaxusDeWeeval

WaxusDeWeeval

Posted
Posted

Hi,

I have recently been going through a depressing experience in which recently downloaded versions of mp3tag have been associated with the trojan vundo by Malwarebytes. I have never had this problem before. I downloaded the files from majorgeeks.com over the past several weeks again, after Malwarebytes had identified a connection with recent installations of mp3tag & vundo on 3 of my computers. Being careful, I deleted the directories in which this software had been installed. This was followed by a new cycle in which my computer began to prompt me to update my registry with 2 endlessly cycling settings:

1) regedit.exe %1 changed to regedit.exe %1* (and back again ad-nauseum)

2) Name (Company Name) %1 /S to %1* for .scr (and back again ... ad-nauseum ;) )

This is not the kind of 'Neverending Story' that I like to be part of.

In addition to this, the newly downloaded mp3tag files from majorgeeks.com were testing positive for trojan vundo immediately after being downloaded and before they were opened... by Malwarebytes.

Both avg antivirus as well as bitdefender do not detect the trojan vundo in this circumstance, but because of the behavior of my computer I have no doubts that the Malwarebytes detection was not a false positive.

If you have any thoughts regarding this ( and enough expertise to offer genuine insight and direction in dealing with it, I would appreciate your feedback. ) Is there a good way to deal with cycling registry change requests... other than formatting your hard drive and starting a completely new installation of XP? Others seem to have a feeling of disbelief that this vundo might have come with my mp3tag software, but when you get a positive detection on freshly downloaded files (and not on the older version you already have had of a program) what can your conclusion be?

Link to post
Share on other sites
WaxusDeWeeval

WaxusDeWeeval

Posted
  • Author
Posted
I am unable to replicate this .

Please follow these instructions :

http://www.malwarebytes.org/forums/index.php?showtopic=3228

With that version of a scan log I will be able to determine the problem .

Also confirm that this is the application that you installed :

http://www.majorgeeks.com/download5817.html

Hi,

I am going to have to get back to you on this. The reason is that I have already deleted any downloaded copies of Mp3tag which had tested positive for vundo which had existed on my current hard drives. I am thinking that I have another copy elsewhere, and of course, assuming that the most reason copy at majorgeeks.com has not been replaced (I reported my findings to them prior to my report to you) I could download the file again. I am not looking forward to that.

By the way, you did find the correct file that I was telling you about. Now that I think of it I realise that I should have attempted to upload my 'contaminated' copy to you, supposing that this is not a false positive.

One more thing. We all know that computers and other software have been known to go 'crazy' after Microsoft updates. My computer had recently been updated to Sp3 Home XP. I haven't noticed anything to indicate that this update has 'scrammed' my sytem in any way, but it is probably a good thing to alert you to these details.

One other thing (This time, for sure!) my most recent updates of AVG free antivirus version 8 did identify vundo along with some other simular trojans and adware, mostly in directories of Internet Explorer related to scripted (activex) software. It successfully removed these items as well.

Back with more hopefully tomorrow. Thank You for the great support.

Dan

Link to post
Share on other sites
WaxusDeWeeval

WaxusDeWeeval

Posted
  • Author
Posted

Darn...

I have not been able to find one of the original Mp3tag files which malwarebytes identified as positive for trojan vundo. I did return to Majorgeeks.com to download the file version which is now available at their website. It currently does not test positive (as it did previously) in Malwarebytes for trojan vundo. And of course Malwarebytes has also been updated several times since my detections had been made.

So of course one would have to consider this incident 'inconclusive'.

Apparently other 'positive' findings for vundo (as well as other objects) on my computer by AVG were false alarma related to Spywareblaster entries in the Windows regsitry. You probably were already aware of this, but I thought I would peg it into this reply so that anyone following this thread might realise that what we have been discussing appears to have been limited to an alarm on Mp3tag. That alarm later was not confirmed. And as I said before, that finding for me has been relegated to the inconclusive bin. I myself was becoming suspicious to this as Spywareblaster appeared to lose some of it's protections after AVG removed some registry settings. Resetting Spywareblaster led to new detections by AVG anitvirus v8.

Lesson learned? Next time instead of scrambling to erase all evidence... Hang onto just one copy to send to the chief.

Thanks for your time. Until next time. B)

Dan

Link to post
Share on other sites
WaxusDeWeeval

WaxusDeWeeval

Posted
  • Author
Posted
What version was it specifically that was causing prolems?

I tend to be a packrat B)

I am a part-time packrat, there can be good reasons to hold onto older versions.

The version was actually the current version 2.41 on the website. I can only say that if that or some of the files available to download of that version did contain trojan vundo... The 2 which I downloaded a few days later did not. But as I said before this detection I had mentioned in a Majorgeeks forum, that Malwarebytes had detected trojan vundo in Mp3tag (2.41). So there is the possibility that the file was replaced in the interim with a clean one, or that an update in Malwarebytes in the interim was not equally detecting (?) the trojan vundo.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Thanks Marcin for the update - but this post was start May 13 (4 days ago) so it still has me concerned, as I have more than one version sitting on my HD waiting for me to install, and I haven't run a full scan in a ... oh, well, since I originally installed MBAM on this machine (what, around May 3?)

I am performing a full scan right now to see if it is detected in any of the downloads I have....

@WDW - yeah, I tend to packrat most of the apps I install on my machine(s) because I never know when I may install a new version, and not like it, and have to revert to an older version....

Some, like Firefox, I don't do as much because you can get those via FTP still - but some I do - and especially in the area of security software....and general utilities....like mp3tag - I used to use a utility called ID3-tag - worked great, but there has been no active development in a while now....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.