• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Trojan › Tutorials - HowTo › How to remove Trojan Vundo

How to remove Trojan Vundo

Myantispyware team April 2, 2006     3 Comments    

Trojan Vundo also known as VirtuMonde and Adware.VirtuMonde is a very dangerous infection. The trojan uses rootkit-specific techniques designed to hide the software presence in the system (random names, random autorun locations and random CLSIDs). Once running, trojan Vundo will displays popup advertisements and a fake security alerts, offers to install other potentially unwanted software and rogue antispyware applications.

Trojan Vundo infection symptoms.

  • Popups.
  • Slow computer speeds.
  • Security alerts with a message stating that your computer is infected with spyware and that you must download and install a rogue (fake) antispyware.
  • Your antivirus program notify you via an alert that you have a Trojan Vundo.

Symptoms in a HijackThis Log.

O2 – BHO: WTLHelper Object – {75DC57F8-D831-4AB8-86B7-4F826F4A0873} – C:\WINDOWS\system32\unnqw.dll
O2 – BHO: (no name) – {10654df0-1449-4b62-82e9-9a6f61cc2ed7} – C:\WINDOWS\system32\yehifuni.dll (file missing)
O4 – HKLM\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s
O4 – HKLM\..\Run: [CPM3b906d0c] Rundll32.exe “c:\windows\system32\henemate.dll”,a
O4 – HKLM\..\Run: [38a35e90] rundll32.exe “C:\WINDOWS\system32\wavemile.dll”,b
O4 – HKLM\..\Run: [prunnet] “C:\WINDOWS\system32\prunnet.exe”
O4 – HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\user\LOCALS~1\Temp\winloggn.exe
O4 – HKCU\..\Run: [gadcom] “C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe” 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 – HKUS\S-1-5-19\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [risawenifa] Rundll32.exe “C:\WINDOWS\system32\lujivoni.dll”,s (User ‘NETWORK SERVICE’)
O20 – AppInit_DLLs: c:\windows\system32\kabunabo.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\vinomisu.dll c:\windows\system32\zahuzihi.dll C:\WINDOWS\system32\tazeyubo.dll C:\WINDOWS\system32\wifufulu.dll c:\windows\system32\gesekise.dll c:\windows\system32\kelinepe.dll c:\windows\system32\henemate.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kelinepe.dll

Note: Trojan Vundo uses random names, random autorun locations and random CLSIDs for hide itself.

Automated Removal Instructions for Trojan Vundo using Malwarebytes Anti-malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

trojan-vundo-mbam
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Automated Removal Instructions for Trojan Vundo using VundoFix

Download VundoFix and save the file to your desktop.

Once it downloaded, double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it’s done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES.

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

Note: If you need help with the instructions, then post your questions in our Spyware Removal forum.

Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. AJ
    ― January 28, 2009 - 1:42 pm  Reply

    Notthing were found on VundoFix and VirtumundoBegone. what should i do?

  2. Patrik
    ― January 28, 2009 - 6:00 pm  Reply

    Please follow these steps. I will help you.

  3. noko
    ― March 6, 2009 - 9:58 am  Reply

    What is the rason that VirtumundoBegone is going to crash you comp?

Leave a Reply Cancel reply




New Guides

Mo22.biz
How to remove Mo22.biz pop-ups (Virus removal guide)
gtlbin.pro
How to remove Gtlbin.pro pop-ups (Virus removal guide)
New-message.co pop-ups
How to remove New-message.co pop up scam (Virus removal guide)
Maxcooper.club
How to remove Maxcooper.club pop-ups (Virus removal guide)
Mo21.biz
How to remove Mo21.biz pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

Malwarebytes won’t install, run or update – How to fix it
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to reset Google Chrome settings to default
This setting is enforced by your administrator (Removal guide)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide

Recent Posts

Temporary fix for IE vulnerability
SpywareQuake Automatic removal
How to disable Active Scripting support
BHO malware used IE vulnerability for install
How to remove SpywareQuake

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.