How do I remove a Trojan.Virtumonde or Vundo
26 Dec
Posted by Hemal in Browsers, Internet, Security, Software, Windows
My computer currently has a Trojan.Virtumonde. How do I get rid of it??
First, I’d like to cover what?exactly a?Trojan?Virtumonde?is or can look like for some of our viewers who might not be so familiar with it.? A virtumonde by definition is adware that modifies the Windows Internet connection mechanism and display various pop-up advertisements.? It holds an elevated level of danger to your PC security (around a 4 out of 5 star rating!)
The virtumonde attaches itself to critical system processes so its tough to do a “seek-and-destroy” type of removal.? It gets its power from?exploiting weakness of Sun Java, so its commonly seen more in Internet Explorer then some sister browsers of Firefox and Opera (but neither are scot free).
Some common forms the Virtumonde operates under range from any of these:
- Spyware/Virtumonde
- Downloader.Virtumonde.G
- Trojan.Downloader.Virtumonde.F
- Trojan.Virtumod
- Trojan.Downloader.Virmo-3
- Trojan:Win32/Vundo.A
^each generating random .dll’s once they are ran and starts its infection process.? Do to the fact it attaches itself to system processes and can add registry keys to the auto-start, this special bugger can execute itself every time Windows is rebooted.? As you can tell, this is definitely a more serious type of trojan and should not be taken lightly.
Symptoms: If you see your PC with any of these systems, please post on the forum and try the fix as they are all signs pointing to a serious Virtumonde infection.
- Numerous pop-ups upon browser start up
- Changed desktop backgrounds
- Blue Screensavers (not chosen by default)
- Disabled Windows Security Center
- Computer offers a fix for the problem it seems to have
How to remove the infection:
1. Download VundoFix.exe to your desktop
2. Run the .exe and click Scan for Vundo
3. After the scan, use the Remove Vundo button (click yes on the prompt asking if you would like to remove the file)
4. Let the process run, don’t be alarmed when the desktop goes blank or discolored while removing the file. Reboot the computer when prompted again.
5. If the Fix claims it cannot remove all of the files, it will run again once the system has rebooted, just follow the above directions, starting with the Scan for Vundo.
This should remove your problem!? If you feel the infection is still?there, save the contents of C:vundofix.txt and post it on the forums along with a HijackThis Log and a specialist will be around to help.
Good Luck!
I can sympathize. I went through two days of hell and tried everything imaginable...but I did eventually defeat this Vundo Variant, which I believe is fairly new.
It took me five steps to finally eradicate the Trojan:
1. Run HJT and you will likely find a false BHO entry created by the virus; it must be removed.
2. Run an updated version of SuperAntiSpyware. TODAY's update seems to get at the root of this Trojan.
3. Run combofix.exe. I believe it was this last step that really finished off the Trojan and deleted all of the false Windows system files it spawned.
4. Turn off Restore before you reboot;
5. Reboot into safe mode each time
Good luck with this.
Hey Raymond! My friend's computer was infected with this Trojan too. But he said he just used an updated and premium Avira Antivir. I'm not really sure but his computer seems to be working just fine now. He is now using dual boot just in case some flash drives would be inserted to his computer, he could manually remove them in Ubuntu. Thanks for info by the way!
My laptop is infected with over 40 viruses including Trojan. I couldn’t run the anti-virus software since it seemed to be malfunctioning. I’m glad I got into this site. This is really good information. How do I get a hold of the SuperAntiSpyware? Thanks for sharing!
Wow, thank you so much! I've found this post very helpful. Trojans are such a difficult kind of virus and I'm glad I've bumped into your site.
I hate trojans... it often get through my computer without me noticing. and sometimes my antivirus can not detect them. such a pity sometimes I think I should start using the fruit computer instead of the window one.