- Internet & the Web
Trojan Vundo Removal
What is Trojan Vundo
Trojan Vundo went ahead of all expectations its developer might have had for this virus. The speed at which Vundo began spreading over the Web showed a major drawback of interconnected World Network - Internet is very vulnerable. Vundo virus has become a pandemia.
Vundo removal happened to be such a painstaking process that McAfee released a special note stating about the difficulties in automatizing trojan vundo removal:
Certain variants of the Vundo trojan are especially difficult to remove. Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory.
Trojan Vundo is not a single piece of malware. It's a big family of malware which is increasing in number and acquiring yet more aggressive techniques literally daily. There are many variants and types of Vundo mutations - thousands as of now. This is why this malware is a killer test for detection and removal algorithms of security software. The programs known to be good Vundo fighters are listed at the end of this hubpage.
What Vundo Trojan does to Personal Computers
Vundo trojan, also known as VirtuMonde or VirtuMondo, is involved mainly in two types of activities. Once it gets installed onto a PC, it:
- brings continuous ads scaring the user into downoading and consequently purchasing "full versions" of various applications like registry cleaners and antivirus programs. WinFixer, WinAntiSpyware, WinAntiVirus are examples of such fake programs;
- downloads and install arbitrary components to intensify its advertizing capablities, which leads to further degrading of overall system security.
- Vundo attaches itself to Windows Explorer (Explorer.exe) and goes memory resident. This allows the trojan to be always up and running when you turn on the PC. By constantly verifying its state, Vundo always knows if anything (like semi-effective security program) tries to stop it; whenever an attempt is made to block trojan vundo, it gets itself back into system memory. Hence the user reports about unremovable vundo virus.
How to know if your PC has been infected with Trojan Vundo
Trojan vundo activity causes multiple advertising pop-ups, be it when surfing (most often) or offline, if Vundo virus managed already to get its parts placed into the system.
Depending on what type of Vundo trojan is attacking a PC, displayed ads and pop-ups will differ. So, you may be presented with a threatening Internet Explorer message informing you about the disaster in Windows registry and urging you to download a cure for corrupted registry. The cure carries the name of WinFixer 2005.
Vundo virus is capable of downloading silently additional adware components. Together they may lead to significantly decreased system performance, overuse of virtual memory.
It is important to remember that your current anti-malware/antivirus protection may not be adequate to stop Vundo infection. There are evidences that McAfee Total Protection Suite, Spyware Doctor by PC Tools, and Spyware Remover missed traces of trojan Vundo and could not detect the presence of malicious files in the infected system.
How to get infected with Trojan Vundo
In fact, it is very easy to get your system infected with this virus - much easier than remove vundo. Infection can occur through:
- installed software crack;
- opened email;
- launched unsafe application;
- visited unsafe website;
- connection to peer-to-peer network.
Generally speaking, all it takes to get a vundo trojan infection is a loss of attention for mere seconds. You may open an email message by mistake - and instantly get your computer infected.
There's a security breech in Java that allows Vundo to infect PC's, therefore it is important to keep Java updated to latest builds.
It is important to remember that files containing Vundo trojan are very easy to come across. Tons of shareware programs on torrent networks are contaminated with Vundo virus. I mean, installation files themselves - not just patches. Normally a code of trojan vundo is added to an executable file and then placed for sharing via P2P networks. This way programs containing code of severely dangerous Vundo get exposed to an unlimited number of people. All kinds of desktop clocks, wallpaper changers, toolbars, etc, may contain patterns of Vundo trojan.
Often trial versions of antivirus and antispyware programs are distributed with trojan Vundo embedded into installation files. Because security programs are generally installed on computers without prior protection, this open a green route for the Vundo trojan to take control over unprotected computers, because malicious files are unpacked and placed into system memory before installation process of a security program is complete. Registry entries of Vundo virus ensuring auto-start of the parasite are created at once. All this happens before a newly installed antivirus or antispyware program is updated with latest definitions.
Fake Software Advertised by Vundo Trojan
These are only several examples of fake programs pushed by vundo trojan into infected computers. There are many more rogue applications advertised by vundo virus. It is discouraging that even reputable websites are involved in distributing some of these dangerous applications - most probably unwillingly and unintentionally.
Among other fake programs, masquerading well-known applications, the following can be listed:
- PC cleaner;
- System Doctor;
- System Defender Security System;
- Antivirus Gold;
- Brave Sentry;
- Error Protector;
This list is partial and is growing as Vundo trojan continues its triumphal devastating mission.
How to remove vundo?
Unfortunately, unlike other similar scam extortion software, vundo trojan combines the features of a trojan and a virus, which makes it especially hard to remove. Many PC owners choose not to remove the infections and give up, preferring complete reformat to fruitless attempts of trojan vundo removal.
Mutating clones of Vundo populate in number, therefore there's little sense in listing Registry entries end filenames that need to be removed. Most PC users would feel at loss at the need of removing dozens of registry keys, and even more files from Progam Files and Windows folders. Vundo Trojan places its parts all over the system - starting from Documents and Settings and ending in System32 folder. Its files seem to have a random naming pattern, usually consisting of senseless numbers and letters. For example, Trojan Vundo can create a USS folder in Program Files, and add files to Windows subfolders (System32 and Drivers) - all set to auto-start at Windows boot.
The vundo trojan threat is so serious that volunteer programmers coded special vundo fix to help an army of virus victims. Installed antivirus and antispyware applications may not be enough to remove vundo virus, that's why a free vundo removal tool called Vundo fix is a good program to start with.
I've come across websites reporting about Adware Alert being an ultimate Vundo removal tool. Being as curious as I am, I could not resist testing this piece of software. Well, probably its programmers did their best and will fix the bugs in the nearest future. But in my case, the program failed to download latest updates (stopped in the middle of the process and froze). It could not initiate the scan because the program would autoclose without any warning given. I found Adware Alert absolutely useless and a waste of time. This does not mean everybody would have similar experience, but I strongly believe the team behind AA needs to put some significant additional efforts into mastering the software.
That's why I find it impossible to include Adware Alert in the list of recommended vundo removal tools.
Fight Vundo with VundoFix
VundoFix has been developed by great guys and saved an army of PC users worldwide (1 million infected PC's!).
VundoFix can help to remove Vundo Trojans in most cases. To use it, download a small executable file, and run - either in Windows Normal Mode or Safe Mode. VundoFix will scan the computer, find the parts of Vundo parasite, and mark them for removal. It may require a reboot to complete the claning process.
In some cases, VundoFix may be unable to remove a Vundo trojan infection if a new variant of it is spreaded over the Web. If that happen to you, visit VundoFix forum and report about your issue.
Go to: VundoFix Download Page.
Don't Get Infected with Vundo Trojan
As simple as it sounds, using VundoFix may be too late. A usual restart may end in system not booting, and even Safe Mode (for those who are familiar with Windows Advanced Controls) may be of no help.
Therefore I stick to the idea of "better safe than sorry". Removing Vundo is more difficult than preventing its devastating attack.
A German manufacturer of security software, called Avira, holds a part of the market with its Avira AntiVir package. I've always trusted this great antivirus because of a very pleasant interface and highest detection rate in the industry (both in on-demand and proactive tests). It's not an exaggeration - Avira beats McAfee, Norton and Kaspersky* with ease. But knowing the malicious nature of Vundo virus, I though that even Avira might be missing this particular infection. Remember I told in the begining that McAfee hasn't developed a proper algorithm to remove Vundo? Well, I had a chance to test McAfee VirusScan Enterprise 8.5i (Patch 5) Antivirus+Antispyware against a Vundo trojan infection. McAfee failed. It was able to detect a couple of files allegedly related to Vundo, but missed the main executables completely. A windows error began popping up stating that Windows could not find a proper program to open software.php file - that's one of the signs of Vundo virus presence. Yet McAfee On-Access scan showed no messages of detection, and On-Demand scan reported the system was clean - while it was evident that Windows got a serious infection. McAfee even didn't notice a new folder created by Vundo in Program Files folder.
On the contrary, Avira AntiVir tackled the Vundo problem pedantically, like a German would ;) With a sound coming from system speaker it informed about Vundo staying at the gates of the PC, and asked if I'd like to Ignore it, Delete or Quarantine. Definitely you have the option to ignore the threat, but I wouldn't advise you to play that game ;)
* According to AV comparatives, 2007-2008.
How Much does it Cost to Remove Vundo?
Simple question? Yes and no. Free vundo removal will not cost a single penny. But for the majority of PC users, this should be a relatively easy case.
Severe infections followed by system-wide damage may take hours to repair, and still end in Windows reinstall. If you don't have any software installed except for Email client and MSN Messenger, then it's not a big deal. For users of Photoshop, Vegas Video and AutoCAD, it's a nightmare. Therefore many people can't remove vundo. No giggles - this is a very stubborn trojan.
This is where a paid vundo removal may be needed. But can you guess how much would it cost?
Vundo Virus Removal for $89
- Malwarebyte's Anti-Malware v1.46 (Released 4/29/2010)
We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.
- EMSISOFT anti-malware
Remove Trojans, Dialers, Keyloggers, Worms, Spyware. Prevent future infections and stay protected against 1.2 million threats! Latest version released: 188.8.131.52 (Latest core update: 7/19/2010)