• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove Trojan Vundo

Myantispyware team April 2, 2006    

Trojan Vundo also known as VirtuMonde and Adware.VirtuMonde is a very dangerous infection. The trojan uses rootkit-specific techniques designed to hide the software presence in the system (random names, random autorun locations and random CLSIDs). Once running, trojan Vundo will displays popup advertisements and a fake security alerts, offers to install other potentially unwanted software and rogue antispyware applications.

Trojan Vundo infection symptoms.

  • Popups.
  • Slow computer speeds.
  • Security alerts with a message stating that your computer is infected with spyware and that you must download and install a rogue (fake) antispyware.
  • Your antivirus program notify you via an alert that you have a Trojan Vundo.

Symptoms in a HijackThis Log.

O2 – BHO: WTLHelper Object – {75DC57F8-D831-4AB8-86B7-4F826F4A0873} – C:\WINDOWS\system32\unnqw.dll
O2 – BHO: (no name) – {10654df0-1449-4b62-82e9-9a6f61cc2ed7} – C:\WINDOWS\system32\yehifuni.dll (file missing)
O4 – HKLM\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s
O4 – HKLM\..\Run: [CPM3b906d0c] Rundll32.exe “c:\windows\system32\henemate.dll”,a
O4 – HKLM\..\Run: [38a35e90] rundll32.exe “C:\WINDOWS\system32\wavemile.dll”,b
O4 – HKLM\..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”
O4 – HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\user\LOCALS~1\Temp\winloggn.exe
O4 – HKCU\..\Run: [gadcom] “C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe” 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 – HKUS\S-1-5-19\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘NETWORK SERVICE’)
O20 – AppInit_DLLs: c:\windows\system32\kabunabo.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\vinomisu.dll c:\windows\system32\zahuzihi.dll C:\WINDOWS\system32\tazeyubo.dll C:\WINDOWS\system32\wifufulu.dll c:\windows\system32\gesekise.dll c:\windows\system32\kelinepe.dll c:\windows\system32\henemate.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll

Note: Trojan Vundo uses random names, random autorun locations and random CLSIDs for hide itself.

Automated Removal Instructions for Trojan Vundo using Malwarebytes Anti-malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

trojan-vundo-mbam
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Automated Removal Instructions for Trojan Vundo using VundoFix

Download VundoFix and save the file to your desktop.

Once it downloaded, double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it’s done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES.

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.

Trojan Tutorials - HowTo

 Previous Post

Temporary fix for IE vulnerability

Next Post 

New vulnerability in Internet Explorer

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. AJ
    ― January 28, 2009 - 1:42 pm  Reply

    Notthing were found on VundoFix and VirtumundoBegone. what should i do?

  2. Patrik
    ― January 28, 2009 - 6:00 pm  Reply

    Please follow these steps. I will help you.

  3. noko
    ― March 6, 2009 - 9:58 am  Reply

    What is the rason that VirtumundoBegone is going to crash you comp?

Leave a Reply Cancel reply

New Guides

Neuro Sharp Scam Exposed, Fake “Golden Elixir” Brain Trick & Fake Dr. Rezai endorsements!
How to remove Novixnero.co.in pop-up ads
scam alert
How to remove Lexornero.co.in pop-up ads
scam alert
Kyronero.co.in Virus Removal Guide
Apple Pay Fall Quiz Scam, The “Instant Apple Cash” Trick Exposed

Follow Us

Search

Useful Guides

This setting is enforced by your administrator (Removal guide)
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
How to reset Google Chrome settings to default
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Guides

Temporary fix for IE vulnerability
SpywareQuake Automatic removal
How to disable Active Scripting support
BHO malware used IE vulnerability for install
How to remove SpywareQuake

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.