Virtumonde and Seneka

A nasty little trojan, Virtumonde/Vundo, and rootkit, Seneka, have gotten hold of 3 of our machines at work in the last month. Two were so trashed that they had to be formatted and rebuilt. The third, a laptop, looks to be just about salvaged after two five hours of tinkering on my part. (Scrub, kill LSA or Winlogon, then delete files before the machine auto-reboots, repeat.)

Update: The laptop wasn’t just infected with Vundo, but also with the Seneka rootkit. Seneka is nasty and wasn’t caught by any anti-virus I threw at it. I only found it because I noticed that the McAfee mcshield service wasn’t in the Services list. Which began an extra 3-hour trek to clean it …

The previous network admin was in the habit of making the non-IT users admins on their machines. I asked him about this once, and he said he did it because he was tired of people asking him why they couldn’t install things.

No, really.

It’s my own fault for not pressing the issue when I should have, though.

On the upside, with each infection comes the opportunity to lock down the machine, install Firefox, and disable Internet Explorer. And, really, each is a nail in the coffin for us continuing to use Windows. My little Ubuntu experiment is working out exceedingly well, and it’s fortuitous timing.

Published by

Rick Osborne

I am a web geek who has been doing this sort of thing entirely too long. I rant, I muse, I whine. That is, I am not at all atypical for my breed.