• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Trojan › Tutorials - HowTo › How to remove Trojan Vundo

How to remove Trojan Vundo

Myantispyware team April 2, 2006     3 Comments    

Trojan Vundo also known as VirtuMonde and Adware.VirtuMonde is a very dangerous infection. The trojan uses rootkit-specific techniques designed to hide the software presence in the system (random names, random autorun locations and random CLSIDs). Once running, trojan Vundo will displays popup advertisements and a fake security alerts, offers to install other potentially unwanted software and rogue antispyware applications.

Trojan Vundo infection symptoms.

  • Popups.
  • Slow computer speeds.
  • Security alerts with a message stating that your computer is infected with spyware and that you must download and install a rogue (fake) antispyware.
  • Your antivirus program notify you via an alert that you have a Trojan Vundo.

Symptoms in a HijackThis Log.

O2 – BHO: WTLHelper Object – {75DC57F8-D831-4AB8-86B7-4F826F4A0873} – C:\WINDOWS\system32\unnqw.dll
O2 – BHO: (no name) – {10654df0-1449-4b62-82e9-9a6f61cc2ed7} – C:\WINDOWS\system32\yehifuni.dll (file missing)
O4 – HKLM\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s
O4 – HKLM\..\Run: [CPM3b906d0c] Rundll32.exe “c:\windows\system32\henemate.dll”,a
O4 – HKLM\..\Run: [38a35e90] rundll32.exe “C:\WINDOWS\system32\wavemile.dll”,b
O4 – HKLM\..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”
O4 – HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\user\LOCALS~1\Temp\winloggn.exe
O4 – HKCU\..\Run: [gadcom] “C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe” 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 – HKUS\S-1-5-19\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘NETWORK SERVICE’)
O20 – AppInit_DLLs: c:\windows\system32\kabunabo.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\vinomisu.dll c:\windows\system32\zahuzihi.dll C:\WINDOWS\system32\tazeyubo.dll C:\WINDOWS\system32\wifufulu.dll c:\windows\system32\gesekise.dll c:\windows\system32\kelinepe.dll c:\windows\system32\henemate.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll

Note: Trojan Vundo uses random names, random autorun locations and random CLSIDs for hide itself.

Automated Removal Instructions for Trojan Vundo using Malwarebytes Anti-malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

trojan-vundo-mbam
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Automated Removal Instructions for Trojan Vundo using VundoFix

Download VundoFix and save the file to your desktop.

Once it downloaded, double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it’s done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES.

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.

Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. AJ
    ― January 28, 2009 - 1:42 pm  Reply

    Notthing were found on VundoFix and VirtumundoBegone. what should i do?

  2. Patrik
    ― January 28, 2009 - 6:00 pm  Reply

    Please follow these steps. I will help you.

  3. noko
    ― March 6, 2009 - 9:58 am  Reply

    What is the rason that VirtumundoBegone is going to crash you comp?

Leave a Reply Cancel reply




New Guides

TEMU UP TO 90 OFF SPECIAL OFFER scam
Beware of the ‘TEMU UP TO 90% OFF SPECIAL OFFER’ Scam on Facebook! 🚨
Delivery Failed Addressee Unknown USPS Scam
Delivery Failed, Addressee Unknown: USPS or Scam? Decoding the Alert
Re Captha Version Top virus
Re Captha Version Top Virus Removal Guide
Rosyday.co.uk scam store
Rosyday.co.uk Review: The Reality Behind the ‘Beautiful Dresses’ Facebook Ads
Re-captha-version-3-35.top Click Allow Scam
Re-captha-version-3-35.top Virus Removal Guide

Follow Us

Search

Useful Guides

How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
adwcleaner
AdwCleaner – Review, How to use, Comments
Malwarebytes won’t install, run or update – How to fix it
How to reset Google Chrome settings to default
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)

Recent Posts

Temporary fix for IE vulnerability
SpywareQuake Automatic removal
How to disable Active Scripting support
BHO malware used IE vulnerability for install
How to remove SpywareQuake

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.