Although vundo virus and its variants are around for more than one year I think, I am surprised that avast home still could not detect and remove it. I had ddayw.dll and ddabb.dll files in applicationdata>local>temp directory in win vista home. Avast could not detect those. I had to use vundofix tool(http://www.atribune.org/content/view/24/2/ )
Why avast can’t detect and fix it? I trusted avast but got very frustrated with this incident.
Any comment?
Actually all antiviruses are having trouble with vundo. It just keeps mutating. Have a look in the virus and worm section of the forums and you will see people with a variaty of AVs with the same problem.
Actually that does not answer the question. If it is a new variant, then the argument holds. But from internet search it appears that those two dll files were reported a year and a half ago. So should have been well included in avast.
The file name in itself can’t be used as a reliable indicator the file name may be one that cropped up about a year and a half ago, but that is no guarantee that it is the same vundo variant. avast doesn’t base its detections on file names but signatures.
DavidR is right on the money. Vundo uses random letter filenames, so every variant could have the same name. In one infection it is likely to have several files the same size, same file but named iirfdel.dll, residwg.dll.
One of the latet version was mutating in a matter of hours. The name was probably the same though.
I see what you are saying. Whatever method you choose to detect virus/trojans, does this imply that avast do not successfully detect and remove vundo virus and its variants? In that case, do you hav any virus warning for users somewhere? I saw norton and some others have vundo fix tool. How they are providing fix for this?
http://vundofix.atribune.org/ this tools works. Also anti-malware tools like this works against vundo as I tested on my systems and cleaned up.
http://www.malwarebytes.org/mbam.php
http://www.symantec.com/business/security_response/writeup.jsp?docid=2004-112210-3747-99
http://answers.yahoo.com/question/index?qid=20080127072050AA3w3HT
I don’t know much of technical details of anti-virus/trojans or whatever, all I see from users point of view that vundo and its variant went undetected from avast , let alone removal.
rule is send anything detected what Avast failed to detect to Alwil team … w/o the ‘offending’ files they can’t analyze it, fix or add detection
as filenames means nothing, code inside or at least hash is best 
with amount of malware raising so fast it’s nearly impossible to cover all variants w/o them being first reported nor catched in traps
there are tons variants of Vundo and many tools from several ‘respected’ companies fail to fix every (they work on most)
there are maybe some other cases like these files you got on computer were damaged (inert and harmless) or just name similarity
yet some tools are hardcoded to get rid of everything no matter if it is the ‘real’ thing …
in some cases if you create folder with name equal to some nasty malware and run scan, these tools report it as ‘unable to read’ and ‘critial to remove’
failing to do basic check la " if scanned source == folder then all fine"
I see what you are saying. Whatever method you choose to detect virus/trojans, does this imply that avast do not successfully detect and remove vundo virus and its variants? In that case, do you hav any virus warning for users somewhere? I saw norton and some others have vundo fix tool. How they are providing fix for this?
I think some avs are making the tools available, via a link. The avs, like avast detect some and give you a warning. This should be enough to make one look deeper.
Some are detected, but can’t be removed even with a specialized removal tool. Some manual work has to be done first. Some are stealthed.
As Dwarden said, any undetected samples removed with special tools should be sent to avast. Remember also, the avs are behind the malware in terms od change. The change has to occur before the new detection can be made.