Remove Trojan Vundo
Some people are just naturally curious. Some people will get a spam email for something they have no interest in but are curious as to where the link goes in that spam email when they click on it. They click on the link and they are taken to a website while they simultaneously notice that something is being downloaded to their computer. They figure that they way to stop it is to just move on to a new website and delete the spam email but then they see pop up ads for spyware remover programs appear on their screen. Their background image changes to the icon of a program being loaded to their computer and they can no longer access Facebook or Google. They just got the Vundo virus.
The Vundo virus is a moderately invasive virus that focuses on your internet browser to make it impossible to get to certain websites and it also causes pop up ads to appear for spyware products that do not exist. It is not long before major parts of your computer are disabled and it is time for you to look to remove Trojan Vundo. It takes some people a while to admit that they have contracted a computer virus but once the realization has set in it is time to get rid of Vundo.
There are some preliminary things you can do to protect yourself from ever getting Vundo in the first place and the main one of those is to not click on links in spam emails. You are usually just asking for trouble when you click on a link from a spam email so to save yourself the hassle avoid clicking on links from spam emails. You can also put email antivirus programs on your computer that scan messages for viruses and protect you by blocking those emails.
If you do find yourself needing to remove Trojan Vundo virus you have two very powerful options. The first is a piece of software called Spyware Doctor With Antivirus. This is one of the leading antivirus and antispyware clients on the market and one of the few that does work to remove Trojan Vundo and the other online threats that come with it. You can also visit this computer repair site. This is an online computer repair compant that remotes in and fully removes all viruses and spyware no matter how badley you are infected for a very decent price. They have a no fix no fee policy so if they can not fix it then you do not pay a cent. This company is based in California and has a BBB acredidation. It’s free to chat with them so feel free and stop by to see what it’s all about.
January 16th, 2009 at 1:18 pm
Agreed Vundo is a PITA. Current versions out there can be also be removed semi-manually by using the following basic procedure:
A. BACK UP YOUR SYSTEMN AND REGISTRY. As you should know, changes to the registry and system32 can cause serious damage. If you have questions about these steps consult your nearest computer whiz.
1. Do no further damage. Install TeaTime as part of Spybot Search and Destroy (free dowload, consider contributing. They are good guys). SpybotS&D is currently detecting but unable to remove as the guilty dlls are actively used by the winlogon process. Teamtime will notify you when any file tries to muck with startup settings. Usually you say no to these unless the changes are being made by Spybot. Note that spybot will always prompt you to delete.
2. Update SpybotS&D
3. Disconnect your network cable and run a Spybot Search and Destroy scan and cleanup. It will prompt you to reboot and scan again because it can’t clean everything. Don’t bother.
4. Identify problem files - making 100% sure they are NOT needed. Current versions of vundo (Jan ‘09 vintage) have them installed in %SYSTEMROOT%\system32 - on my machine that is C:\Windows\System32. These are easy to identify if you sort by date. ASSUMING you haven’t recently patched or installed, you should see multiple .dll, .wbl, and .ini files of recent vintage (within a few days). Note the .ini and dll files are randomized and appear to be upper and lower case gobbley gook. All of the .ini files currently have the same size, the .dll files have the same size as well. I also used Sysinternal’s process explorer to make sure the .dll files in question were in use (they were, by pretty much every .exe possible, including winlogon.exe, explorer.exe, and firefox.exe). Make a complete list of these files.
5. Since the .dll files are in use by winlogon.exe (which fires off even in safe mode), you can’t delete them. The vundo nerds thought they thought of everything. Here’s the workaround.
Open your cmd prompt and:
cd %SYSTEMROOT%\system32
md vundosucks
For all files, do a:
move vundofile.dll vundosucks
or
move vundoini.ini vundosucks
6. IMMEDIATELY UNPLUG your system. You can try powering off nicely, but vundo will attempt to re-insert itself somewhere. If you missed any files, you could be out of luck.
Good luck.