Trojan Vundo Removal

What is Trojan Vundo

Trojan Vundo went ahead of all expectations its developer might have had for this virus. The speed at which Vundo began spreading over the Web showed a major drawback of interconnected World Network - Internet is very vulnerable. Vundo virus has become a pandemia.

Vundo removal happened to be such a painstaking process that McAfee released a special note stating about the difficulties in automatizing trojan vundo removal:

Certain variants of the Vundo trojan are especially difficult to remove. Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory.

Trojan Vundo is not a single piece of malware. It's a big family of malware which is increasing in number and acquiring yet more aggressive techniques literally daily. There are many variants and types of Vundo mutations - thousands as of now. This is why this malware is a killer test for detection and removal algorithms of security software. The programs known to be good Vundo fighters are listed at the end of this hubpage.

What Vundo Trojan does to Personal Computers

Vundo trojan, also known as VirtuMonde or VirtuMondo, is involved mainly in two types of activities. Once it gets installed onto a PC, it:

  • brings continuous ads scaring the user into downoading and consequently purchasing "full versions" of various applications like registry cleaners and antivirus programs. WinFixer, WinAntiSpyware, WinAntiVirus are examples of such fake programs;
  • downloads and install arbitrary components to intensify its advertizing capablities, which leads to further degrading of overall system security.
  • Vundo attaches itself to Windows Explorer (Explorer.exe) and goes memory resident. This allows the trojan to be always up and running when you turn on the PC. By constantly verifying its state, Vundo always knows if anything (like semi-effective security program) tries to stop it; whenever an attempt is made to block trojan vundo, it gets itself back into system memory. Hence the user reports about unremovable vundo virus.

How to know if your PC has been infected with Trojan Vundo

Trojan vundo activity causes multiple advertising pop-ups, be it when surfing (most often) or offline, if Vundo virus managed already to get its parts placed into the system.

Depending on what type of Vundo trojan is attacking a PC, displayed ads and pop-ups will differ. So, you may be presented with a threatening Internet Explorer message informing you about the disaster in Windows registry and urging you to download a cure for corrupted registry. The cure carries the name of WinFixer 2005.

Vundo virus is capable of downloading silently additional adware components. Together they may lead to significantly decreased system performance, overuse of virtual memory.

It is important to remember that your current anti-malware/antivirus protection may not be adequate to stop Vundo infection. There are evidences that McAfee Total Protection Suite, Spyware Doctor by PC Tools, and Spyware Remover missed traces of trojan Vundo and could not detect the presence of malicious files in the infected system.

WinFixer 2005

Vundo Trojan advertises WinFixer 2005 (fake registry cleaner)
Vundo Trojan advertises WinFixer 2005 (fake registry cleaner)

WinAntiSpyware 2007

Vundo advertises WinAntiSpyware 2007 (fake security program)
Vundo advertises WinAntiSpyware 2007 (fake security program)

Ultimate Fixer

Vundo scares PC users into downloading Ultimate Fixer (fake registry tool)
Vundo scares PC users into downloading Ultimate Fixer (fake registry tool)

SysProtect

Vundo advertises SysProtect (rogue threat remover)
Vundo advertises SysProtect (rogue threat remover)

PC-Antispyware

Vundo advertises PC-Antispyware (fake antispyware program)
Vundo advertises PC-Antispyware (fake antispyware program)

Ultimate Defender

Vundo advertises Ultimate Defender (fake spyware remover)
Vundo advertises Ultimate Defender (fake spyware remover)

How to get infected with Trojan Vundo

In fact, it is very easy to get your system infected with this virus - much easier than remove vundo. Infection can occur through:

  • installed software crack;
  • opened email;
  • launched unsafe application;
  • visited unsafe website;
  • connection to peer-to-peer network.

Generally speaking, all it takes to get a vundo trojan infection is a loss of attention for mere seconds. You may open an email message by mistake - and instantly get your computer infected.

There's a security breech in Java that allows Vundo to infect PC's, therefore it is important to keep Java updated to latest builds.

It is important to remember that files containing Vundo trojan are very easy to come across. Tons of shareware programs on torrent networks are contaminated with Vundo virus. I mean, installation files themselves - not just patches. Normally a code of trojan vundo is added to an executable file and then placed for sharing via P2P networks. This way programs containing code of severely dangerous Vundo get exposed to an unlimited number of people. All kinds of desktop clocks, wallpaper changers, toolbars, etc, may contain patterns of Vundo trojan.

Often trial versions of antivirus and antispyware programs are distributed with trojan Vundo embedded into installation files. Because security programs are generally installed on computers without prior protection, this open a green route for the Vundo trojan to take control over unprotected computers, because malicious files are unpacked and placed into system memory before installation process of a security program is complete. Registry entries of Vundo virus ensuring auto-start of the parasite are created at once. All this happens before a newly installed antivirus or antispyware program is updated with latest definitions.

Fake Software Advertised by Vundo Trojan

These are only several examples of fake programs pushed by vundo trojan into infected computers. There are many more rogue applications advertised by vundo virus. It is discouraging that even reputable websites are involved in distributing some of these dangerous applications - most probably unwillingly and unintentionally.

Among other fake programs, masquerading well-known applications, the following can be listed:

  • PC cleaner;
  • System Doctor;
  • WinDoctor;
  • System Defender Security System;
  • SpySheriff;
  • Antivirus Gold;
  • SpyTrooper;
  • DriveCleaner;
  • SpyAxe;
  • Brave Sentry;
  • Error Protector;
  • VirusRescue;
  • more...

This list is partial and is growing as Vundo trojan continues its triumphal devastating mission.

Vundo Removal

How to remove vundo?

Unfortunately, unlike other similar scam extortion software, vundo trojan combines the features of a trojan and a virus, which makes it especially hard to remove. Many PC owners choose not to remove the infections and give up, preferring complete reformat to fruitless attempts of trojan vundo removal.

Mutating clones of Vundo populate in number, therefore there's little sense in listing Registry entries end filenames that need to be removed. Most PC users would feel at loss at the need of removing dozens of registry keys, and even more files from Progam Files and Windows folders. Vundo Trojan places its parts all over the system - starting from Documents and Settings and ending in System32 folder. Its files seem to have a random naming pattern, usually consisting of senseless numbers and letters. For example, Trojan Vundo can create a USS folder in Program Files, and add files to Windows subfolders (System32 and Drivers) - all set to auto-start at Windows boot.

The vundo trojan threat is so serious that volunteer programmers coded special vundo fix to help an army of virus victims. Installed antivirus and antispyware applications may not be enough to remove vundo virus, that's why a free vundo removal tool called Vundo fix is a good program to start with.

I've come across websites reporting about Adware Alert being an ultimate Vundo removal tool. Being as curious as I am, I could not resist testing this piece of software. Well, probably its programmers did their best and will fix the bugs in the nearest future. But in my case, the program failed to download latest updates (stopped in the middle of the process and froze). It could not initiate the scan because the program would autoclose without any warning given. I found Adware Alert absolutely useless and a waste of time. This does not mean everybody would have similar experience, but I strongly believe the team behind AA needs to put some significant additional efforts into mastering the software.

That's why I find it impossible to include Adware Alert in the list of recommended vundo removal tools.

Fight Vundo with VundoFix

VundoFix has been developed by great guys and saved an army of PC users worldwide (1 million infected PC's!).

VundoFix can help to remove Vundo Trojans in most cases. To use it, download a small executable file, and run - either in Windows Normal Mode or Safe Mode. VundoFix will scan the computer, find the parts of Vundo parasite, and mark them for removal. It may require a reboot to complete the claning process.

In some cases, VundoFix may be unable to remove a Vundo trojan infection if a new variant of it is spreaded over the Web. If that happen to you, visit VundoFix forum and report about your issue.

Go to: VundoFix Download Page.

Don't Get Infected with Vundo Trojan

As simple as it sounds, using VundoFix may be too late. A usual restart may end in system not booting, and even Safe Mode (for those who are familiar with Windows Advanced Controls) may be of no help.

Therefore I stick to the idea of "better safe than sorry". Removing Vundo is more difficult than preventing its devastating attack.

A German manufacturer of security software, called Avira, holds a part of the market with its Avira AntiVir package. I've always trusted this great antivirus because of a very pleasant interface and highest detection rate in the industry (both in on-demand and proactive tests). It's not an exaggeration - Avira beats McAfee, Norton and Kaspersky* with ease. But knowing the malicious nature of Vundo virus, I though that even Avira might be missing this particular infection. Remember I told in the begining that McAfee hasn't developed a proper algorithm to remove Vundo? Well, I had a chance to test McAfee VirusScan Enterprise 8.5i (Patch 5) Antivirus+Antispyware against a Vundo trojan infection. McAfee failed. It was able to detect a couple of files allegedly related to Vundo, but missed the main executables completely. A windows error began popping up stating that Windows could not find a proper program to open software.php file - that's one of the signs of Vundo virus presence. Yet McAfee On-Access scan showed no messages of detection, and On-Demand scan reported the system was clean - while it was evident that Windows got a serious infection. McAfee even didn't notice a new folder created by Vundo in Program Files folder.

On the contrary, Avira AntiVir tackled the Vundo problem pedantically, like a German would ;) With a sound coming from system speaker it informed about Vundo staying at the gates of the PC, and asked if I'd like to Ignore it, Delete or Quarantine. Definitely you have the option to ignore the threat, but I wouldn't advise you to play that game ;) 

* According to AV comparatives, 2007-2008.

How Much does it Cost to Remove Vundo?

Simple question? Yes and no. Free vundo removal will not cost a single penny. But for the majority of PC users, this should be a relatively easy case.

Severe infections followed by system-wide damage may take hours to repair, and still end in Windows reinstall. If you don't have any software installed except for Email client and MSN Messenger, then it's not a big deal. For users of Photoshop, Vegas Video and AutoCAD, it's a nightmare. Therefore many people can't remove vundo. No giggles - this is a very stubborn trojan.

This is where a paid vundo removal may be needed. But can you guess how much would it cost?

See below.

Vundo Virus Removal for $89

A single virus repair for $90.
A single virus repair for $90.
Malwarebyte's Malware Activity Report
Malwarebyte's Malware Activity Report
EMSISOFT anti-malware v5.0
EMSISOFT anti-malware v5.0

More by this Author


Comments 122 comments

GREAT 6 years ago

omfg dude u helped me ur the best


charlemont profile image

charlemont 6 years ago from Lithuania Author

mike, glad you got it sorted out!

For God's sake, change the passwords that might be affected by the infection!


mike 6 years ago

looks like superantispyware got rid of it after a reboot thank the lord - and the programmers lol

i didnt have a real bad version of the trojan, i didnt get any adware popups etc, the maint hing it did was keep logging me out of websites and programs, im sure to farm passwords and be annoying

hope its all gone now :)


mike 6 years ago

i have avira and it didnt detect the vundo trojan at all - after 2 full scans. neither did malwarebytes or spybot, the only program that even detected it on my pc was superantispyware, i havent even tried removing it yet as the scan is still running


praveen 6 years ago

Malware Catcher 2009 is preventing me from installing Mcafee antivirus application.This Malware catcher 2009 process is not running in the task manager.There are no folders by this name too.I have also deleted the registry entry,but I still cant find as to why I am getting a message during Mcafee installation "Please uninstall Malware Catcher 2009"


Sparkster 6 years ago

Great well written write up, clear instructions and plenty of detail too. Thanks.


Neil Ashworth profile image

Neil Ashworth 6 years ago from United Kingdom

Great !! I've bookmarked this for further viewing..


Oskar 6 years ago

I found MBAM to be a usefull tool finding 150 virus's on my friends computer..but Vundo was the last one that was stubborn..computer kept re-installing the worm,so tried manually deleting keys but it wouldnt let me delete them


charlemont profile image

charlemont 6 years ago from Lithuania Author

Probably HiJackThis doesn't spoil the system itself, but when used incorrectly it can do pretty unpleasant things. It's merely a tool.


henri 6 years ago

Yes I was wondering if it might be unrelated to vundo. After all, vundo would want computers to keep running for obvious reasons! I did read that if you run hijackthis while infected with vundo it can cause such shutdowns. Have you heard anything similar?

Thanks for your advice, I will let you know how I make out.


charlemont profile image

charlemont 6 years ago from Lithuania Author

henri, recovering precious data is definitely the first step you should take. Then, if you have a Windows XP CD (from which your copy of Windows was installed), you can attempt to use Repair Option that is provided when you start the installation process. Or just install a new Windows on top of an existing installation, that way you will save all settings etc.

However, physical memory dump may be a sign of some hardware issue, too (incorrectly placed or corrupt RAM memory module, dust in the slot(s), etc), just to keep in mind that probably it's not Vundo that is causing blue screen of death.


henri 6 years ago

Hi, I am unable to start xp even in safe mode. Getting blue screen with physical memory dump message. I used the avira rescue disc but it doesn't seem to be able to remove vundo components. Is there any other way to get rid of this? Do you think I should try to recover data (itunes, pictures) using knoppix or ubuntu livecd then reinstall xp, slave the hard drive and recover data, or something else? Thanks.


TwoHawks 6 years ago

I am a professional in this business for almost 30 years now... and I want to applaud the article... Still a great article after all this time.

Thank you Charlemont. Very helpful.

Oh, and in case one may be wondering... I am a nerd who runs a tight ship... and have almost never been compromised on one of my development systems by any trojan or virus... but out of 3 experiences in all my years, Vundo got me and it was hell to pay. In my case I fixed it, but it left brain damage in its wake, to be sure.


charlemont profile image

charlemont 6 years ago from Lithuania Author

Ellie, download HiJackThis from free-antivirus website:

http://free.antivirus.com/hijackthis/

Use the option to create a log file, then send it to charlemont[at.]elitemail.org (replace at. in quare brackets with @


Ellie 6 years ago

I just now ran VundoFix, it found no files. But, I know I'm infected. Something's rerouting my Google searches, freezing my computer, has disabled System Restore and Defrag, and I can't do the 'search' feature in my folders. Malwarebytes has detected the files on my computer, I've ran it at least a dozen times, restarted, etc. but it keeps finding two in my registry. I've even gone to look manually, and the files can't be found. I don't know what to do at this point. I need my computer for online classes, so I'm about to just buy a new computer. Is there anything you recommend?


charlemont profile image

charlemont 6 years ago from Lithuania Author

Chris, from what you've posted above I suspect that some AVG program files were changed by the malware. It also caused troubles with logging on in Safe Mode. I suggest that you download a new copy of AVG and install it on top of the existing one. It should fix the errors with antivirus. when Combofix asks to disable AVG, right-click on the AVG icon in the tray area and choose the option that temporarily disables real-time protection (it is called differently by each vendor, but I'm sure you'll find the right one). I also recommend that you download HiJackThis to create a logfile of system processes. It may provide additional info about malicious entries.


Chris 6 years ago

I am having similar problems with Vundo.JE which I am struggling to resolve & would be grateful for any suggestions/assistance.

I am running Windows XP Media Centre Edition, with AVG Free edition (Version 9.0.722, Virus DB 270.14.117/2582), Spybot Search & Destroy & Incredimail.

Suddenly I got swamped with 9000+ emails, details were “From: AVG for Email, Subject: Undelivered Mail Returned to Sender” & the “To:” was A different address in each case.

I then scanned my PC with AVG and got the result

Found 2 Removed & Healed 2 Not Removed or Healed 0

2 infections as follows:-

File has been changed "C:\Program Files\AVG\AVG9\avgcsrvx.exe (1492):\memory_00260000";"Trojan horse Vundo.JE";"Moved to Virus Vault"

File is infected "C:\Program Files\AVG\AVG9\avgcsrvx.exe (1492)";"Trojan horse Vundo.JE";"Reboot is required to finish the action"

The file was not showing in the Virus Vault & rebooting didn’t remove the other file.

I then tried to go into “Safe Mode” (& “Safe Mode With Networking2) but after scrolling through a load of information it froze with the message “Technical information: ***STOP: 0X0000007E (0XC0000005, 0X80537009, 0XF8A5B508, 0XF8A5B204)”.

I then had to restart using “Start Windows Normally”

I have tried using Symantec Trojan-Vundo Removal Tool 1.5.1, MalwareBytes’ Anti-Malware (this appeared to work after running several times but AVG still found the 2 infections), Spybot S & D, Defender & Combofix. Combofix during installation requested that I stop AVG running. I couldn’t find a way to temporarily stop it running & I couldn’t uninstall it using “Add & Remove Programs”. It kept telling me a file had an error.

I have been disconnecting the PC from the internet when running the scans etc.

The only other solution I can think of is to revert to a System Restore point when everything seemed to be working correctly, but I don’t know if this will solve the problem.


Christina 6 years ago

I just found out that I have Vundo.JD. I use AVG free and it claims to have removed it but I continue to scan and it continues to find it. How can I remove it. I've searched the version and I can't find it anywhere.


charlemont profile image

charlemont 7 years ago from Lithuania Author

brian, unless you know the exact type of infection, the easiest way is to scan the system for malicious/suspicious files. For example, using emsisoft online scanner: http://malwarescan.emsisoft.com/


brian 7 years ago

alright I've gotten rid of the pop-ups but I haven't got the virus off my computer how do I manually find the files that need to go?


Rudra profile image

Rudra 7 years ago

Vundo is a real nightmare.


Drat 7 years ago

I now have what I think is this virus on two computers... I've had it on one for quite a while. I used Vundofix, FixVundo, and another free Vundo-specific program, but none of these programs seem to pick up the virus/trojan at all. I used Macaffee, Malwarebytes, Search and Destroy and did seem to delete the problem... for a while.

Now I don't get any popup adds or anything like that, but I believe both computers are still infected because just recently on a rescan by Malwarebytes they were picked up- I used the programme to delete them but now whenever I try to start either computer it keeps on restarting after the windows screen... I can still get into safe mode, but system restore doesn't work on one computer and freezes on the other... I believe these computers are doomed but I wish there was a way to get pertinent stuff off of them without worrying about infecting something else, not that I can even acess anything right now, as the computer keeps on restarting...


Gene 7 years ago

Just happened to stumble onto this site, read everything, followed your suggestion to download Malwarebytes, and now Vundo Trojan is history. Wow! Brains AND Beauty--what a combo. THanks for the advice.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Ray, paid version provides enhanced real-time protection. Using a free edition you can update definitions, run scans and remove infections.


Ray 7 years ago

Went to website and downloaded the program that was suppose to be free but it took me to a page to pay for its removal.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Matt, what program have you downloaded & run? How do you your PC is infected by Vundo and not other malware?


Matt 7 years ago

Umm, that vundo removal tool, is wll umm . . . Garbage? I have had top different antiviruses, and just my personal experiance using my pc that it is definatly infected with vundo, but i downloaded the removal tool from this page and it says my system is clean??? This is terrible !!!


charlemont profile image

charlemont 7 years ago from Lithuania Author

KarIPH, download Malwarebyte's, update and run Quick scan, restart, then do a Full scan. You don't have to pay for it.


KarlPH 7 years ago

i read al the comments here

i have the same problem

i got trojan vundo

and i use kesperky to scan that and i found out 180+ trojan including trojan vundo

can somebody help me?

i dont have money to purchase vundoremoval


charlemont profile image

charlemont 7 years ago from Lithuania Author

shellz, you've been hit by another piece of malware. Virus Remover 2009 should be erased as soon as possible! Either Malwarebyte's or SUPERAntiSpyware should do it.

BitDefender online scanner is FREE, so I wonder why it wouldn't work for you. It needs ActiveX enabled, so in Internet Explorer it will display a narrow tab on top of the screen, which you have to click on to enable download of BitDefender controls.

CPMfb9d6fd1 is most probably name of the malicious file that was removed, but an entry pointing to it still remains in the Registry. Rundll32 might have been exploited by the malware, hence S&D error.


shellz 7 years ago

Well, the pain is not over. :(

BitDefender will not let me download it for free. Maybe I don't have something on my pc that I'm supposed to, I don't know.

Spybot Search & Destroy now has a NEW entry for me to stress over: "CPMfb9d6fd1"....of course this ALSO says it's Rundll32.

And now Windows is telling me to download VirusRemover2009 and if I don't my whole pc will basically blow up (I know, a BIT of an exaggeration but not by much)...it started doing it's thing on it's own and I had to keep closing box after box so that this "Windows" fix didn't do anything on it's own.

I guess I'll have to back everything up and start from scratch. I'm very bummed but I thank you so much for having taken the time to try to help. I'm like the people above on this link, I think...I can keep doing everything over and over and it's not working. I'll have to reformat.

Thanks again and best wishes! You're doing a great service to all!


charlemont profile image

charlemont 7 years ago from Lithuania Author

shellz, your Rundll32.exe is safe and virus-free. Virustotal checked it with 38 scanners, and none detected malware in it (hence 0.00%).

So I assume SpyBot found a registry entry that shouldn't be there, or it was corrected by SuperAntiSpyware and Spybot thinks the change was made by malware. Anyway, when it shows the error next time, accept the change. After BitDefender scan you should be safe and malware-free.


shellz 7 years ago

charlemont, thanks again for all your help. I uploaded the file to virustotal.com but truly couldn't tell you what the results mean. I'm not joking when I say I'm computer illiterate. :(

This is what it said at the top:

File rundll32.exe received on 12.17.2008 03:09:16 (CET)Current status: finished Result: 0/38 (0.00%)

Lots of info in the midde.

At the bottom it gave me a "Threat Expert" info link that makes me a little nervous. It said this:

Submission details: Submission received: 23 March 2009, 18:12:10 Processing time: 6 min 25 sec Submitted sample: File MD5: 0x037B1E7798960E0420003D05BB577EE6 File SHA-1: 0x303A90020BF3BEAF9ACD0EA86487C853636A99A3 Filesize: 33,280 bytes

Then it gave some "technical details".

Is this anything I should worry about?

Thanks for the info on BitDefender...I will try that next.


charlemont profile image

charlemont 7 years ago from Lithuania Author

shellz, find Rundll32.exe and upload it to virustotal.com for immediate analysis. This service uses a bunch of scanners to test files, so it's nearly 100% guarantee that if your file is infected, virustotal will report it as malicious. But I doubt it is. This is a Windows system file.

After that launch Internet Explorer and run a free online virus scan with BitDefender or some other:

http://hubpages.com/technology/Top-Free-Online-Vir


shellz 7 years ago

Thank you for your reply! I appreciate any help you can offer.

Well, I was only going to delete it because the Search & Destroy keeps telling me it's been changed. Should I just allow that change then?

When TM and SUPERAntiSpyware ran they both came up with that Vundo but it was quarantined.

I just figured this must have something to do with that since I've never seen it before and it now won't go away.


charlemont profile image

charlemont 7 years ago from Lithuania Author

shellz, when restarting, press F8 key and hold it until Windows Boot Menu appears. Select Safe Mode with Networking and hit Enter. But do you want to delete with Unlocker? Rundll32.exe is NOT a virus.


shellz 7 years ago

My laptop has been infected by Vundo and both TrendMicro and my SUPERAntiSpyware have detected and quarantined it. However, my computer is still running slow (although I'm not getting all the pop ups people have referred to) and every time I reboot it my Spybot Search & Detroy keeps telling me that "an important registry entry has been changed". I've tried "deny change" for the entry "fetahewite" (shows new data of "Rundll32.exe") but it won't let me...it just keeps popping up over and over and over again.

I downloaded and ran the VundoFix you described above and it tells me that it detects nothing. I know this can't be true with that other Spybot Search & Detroy box constantly there.

I see that you told someone else to install Unlocker and then restart Windows in "safe mode". I've located Unlocker and plan to download it, but before doing so, can you tell me how to run Windows in "safe mode?" I'm completely computer illiterate and this whole experience is driving me crazy.


Allan 7 years ago

Had Vundo attack yesterday. Used Malwarebytes (free version) to quickly address problem. The virus bypassed both McAfee and Spy Sweeper. Am upgrading MWB for active protection. Great hub - keep up the good work! Visited your country a few years ago - great "Old World" charm.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Jennifer, pls contact me via email. By installing a rogue program you definitely made things worse, but hopefully I'll be able to help you out.


Jennifer 7 years ago

I got the Vundo on both of my computers 2 weeks ago... a laptop and desktop. I reformatted my laptop with no hesitation but I am going to fight to the end before I reformat my desktop. This one is my "life".

I just ran Malwarebytes and it said it found and quarantined the virus, but from the comments I've read, it seems I should keep running them until everything comes clean. If it ever does. I'll keep trying.

I am posting because of what ndmiisrb said about paying $40 for a scan that didn't work. I did the same thing and it ended up being rogue spyware that looked very much like Malwarebytes but it was called MalwareRemovalBot. It even uses the same "M" symbol as MBytes. I saw it recommended on a help messagboard and I fell victim to the scan. I should of known better.

I am out $40, I still have Vundo plus a whole LOT more ugly stuff on top of it.

Just wanted to share my experiences so somebody else doesn't end up being scammed like I was.

Thank you to charlemot for her guidance and everyone elses comments and advice. It is helping me a lot to know which steps I should take.


charlemont profile image

charlemont 7 years ago from Lithuania Author

ndmiisrb, what's the exact name of the software you purchased? Since it didn't do the trick, contact me via email and I will try to help you.


ndmiisrb 7 years ago

I purchase a Trojan Virus fix tool for 40 dollars and I believe it helped solved part of the problem. When i restart, there is no start menu , no icons no ability to open up any files. After a couple of hours staring at the computer, i went into alt control delete and Window tasks manager popped up. and there i was able to run something. I could go into outlook express read my e mail, go to I E

the problem is I can not do this quickly and like it normally should take place. Is there a procedure I can do to restore the ease of which i used to be able to open up anything. it also does not allow me to place Norton anti virus on the computer which I have.

is the next step and only step to reinstall the operating system? Should i get my money back on the purchase if the fix tool is guaranteed???


COD 7 years ago

One item I haven't seen here is Windows Defender. Hard to believe an MS product would work better than others but compared to a feeble ID by McAfee, I installed Defender. It found a bunch of Vundo files and others. It took a few minutes but did manage to clean things up. Then I ran Malwarebytes and it found remnants in the registry which it cleaned up. Defender did a very nice job in getting the executables out. Malwarebytes appears to be much superior but if you have Defender installed, it definitely is better than some of the other pay programs as a start.


joanne 7 years ago

First of all THANK YOU for this great site, and helpful advice!

Today is my third day of struggling with this virus, and I have found so much conflicting advice it has been mind boggling. I already had "Spybot Search and destroy" which I updated and AD-Aware which I got the latest addition of. I also tried spyware Dr. [the free addition found a few Vundo related files but not many & you had to pay for it to take any out] so I looked a little farther and found this site and decided to try the "Malware bytes download."

I downloaded this fine, but had an error message after a few seconds - I clicked ok a few times the message went away a few seconds during which it ran, then the message came back and it stopped scanning again. I remembered reading that sometimes you would have to put the computer in safe mode so I manually turned off my computer and restarted it in safe mode and it worked fine, found 51 things to remove ~ 40 - 45 of which were Trojan Vundo related items. It removed all but 5 of these things and said the computer had to restart to get rid of these, I restarted and ran the tool all over again in regular mode, it found 1 Vundo related thing this time and said it was successful at removing it.

I am worried about whether I got it all out or not, I ran the "VundoFix scan" and it came out with zero infections. Is there a way for me to tell if I got it all out or not - other than just waiting and keep on scanning to see if it shows up again on that, or in symptoms? I think I am going to get the paid version of "Malware Bytes" to help keep from getting things like this again. My Norton let me know I had it, but couldn't do anything to get rid of it, and it didn't show up on system scans that I tried previously when I ran it to see if it was gone, then I was having increasing symptoms so I knew I still had it.

Thank You again!


baobab profile image

baobab 7 years ago from Serbia, Pan?evo

So.. I have NOD32 installed, useless in this case, and than i heard about Malwarebytes.. It scaned and found 13 vundos. I ran it again after abot an hour, and it found one more. The last scan came out clean. Also, I ran a scan with VundoFix at the end, it also came out clean. Is there a way to be certain that the vundo is no more, and what registry entries should I look for to recognize vundo action? Oh, thanks all, you have been very helpfull!!!


Just Your Avg Bear 7 years ago

I just battled this trojan Vundo. Here are the sites I found most helpful:

http://www.symantec.com/security_response/writeup.... You probably already found this site and the software didn't work (If it did, you likely would not need with this.) Nevertheless, Symantec's very well-written, step-by-step directions prove helpful re: * Turning System Restore off or on* Printing all your instructions before you start* Restarting the computer in Safe mode

http://en.wikipedia.org/wiki/VundoFix A good intro and overview, which led me to VundoFix & Malwarebytes Anti-Malware (MBAM).

This cnet forum had a decent discussion and step-by-step directions for using both software products.http://forums.cnet.com/5208-6132_102-0.html?forumI... hubpages forum provided a GREAT discussion and much helpful info on various answers. THANKS Charlemont !!! and others who participated.

My experience? VundoFix did not find any infected files on my PC, but it received many endorsements and its creators are clearly committed to fighting this junk. Certainly worth trying. Malwarebytes Anti-Malware did work (thank Goodness!) But I ran it 2 or 3 times in safemode [25 infected files the first time; 5 the next. Then all-clear in normal mode, then 3 in normal mode [much to my chagrin]. So is it completely solved? Dunno yet. But I'm going to subscribe to the paid version after this experience - and donate to VundoFix so they continue their efforts, and provide some hope for the next victims. This malware is Bad stuff.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Redhead, quarantined objects are harmless.


Redhead 7 years ago

I have free Malwarebyte's anti-malware and just ran a scan and find I have many Trojan Vundo, Trojan agent, Trojan Vundo.it, Trojan BHO, Adware Popcap, Malware Trace. Twenty-six total. Found this out when ran Malwarebyte scan and all are in quarantine just a few hours ago.

Now what do i do? I have not a clue or when/where and how long they have been on my computer. Buit it seems to be running ok and have not noticed anything systems running slower.

I have not a clue what do do from here. Help please. And will they damage my PC now that they are in quarantine.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Silverwing174, sometimes Malwarebyte's anti-malware needs a bit help to remove Vundo. A common and recommended approach is to use a couple of freeware utilities to locate malicious files and registry entries. Then MBAM should be able to completely remove Vundo infection. Contact me via email.


charlemont profile image

charlemont 7 years ago from Lithuania Author

Hi Bobby,

try emptying browsers's cash, removing temporary files, and reinstalling firefox.


    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working