Instructions on Full Removal of Trojan Vundo
This section provides several sets of instructions found on the Internet to fully remove trojan Vundo.
If you search the Web for instructions for a full removal of Trojan Vundo, you will get many answers.
Here is a partial list of what I got out of the Web:
1. From http://vil.nai.com/vil/content/v_127690.htm. This is the official McAfee site. It suggests you to:
- Download Process Explorer (procexp.exe) from http://www.sysinternals.com/ntw2k/freeware/procexp.shtml.
- Reboot the infected machine
- Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet
- Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes
(right-click on these process names and choose suspend)
- Scan and clean with the current DAT files and engine (the Window launched in step 3 above)
[there will be clean failures, that is expected]
- Physically power the machine off and back on.(a hard reset is required as Windows
will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner).
This sounds like a very manual and risky process. Not suitable for regular home computer users.
Even myself, I don't want to try this with my system.
2. From http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99. This is the official Symantec site.
It suggests you to:
- Download the FixVundo.exe file from: http://securityresponse.symantec.com/avcenter/FixVundo.exe.
- Turn off System Restore if you using Windows Me or XP.
- Double-click the FixVundo.exe file to start the removal tool.
- Click Start to begin the process, and then allow the tool to run.
- Restart the computer.
This sounds like a safer process. I would try it, if my system gets infected.
3. From http://www.atribune.org/content/view/24/2/. It suggests you to:
- Download the VundoFix.exe file from its own site.
- Double-click VundoFix.exe to run it.
- When VundoFix re-opens, click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
This sounds not too bad. I would try it as the second option, if my system gets infected.
3. Other instructions on removing Vundo are available. But you need to be careful on using
- If an instruction asks you to touch system registries, don't use it unless you are an "expert" of
- If an instruction asks you to download and run a program, don't use it unless you fully
trust that site and that program.
Last update: 2006.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 System Recovery
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 System Recovery
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping Firefox Secure
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
►Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
What Is Trojan Vundo?
Partial Removal of Trojan Vundo
Detecting Trojan Vundo with McAfee VirusScan
►Instructions on Full Removal of Trojan Vundo
Removing xxxxxxxx.dll Files Generated by Vundo
What Is Vundo Related vtsts.dll?
Finding and Removing vtsts.dll Manually
Removing Trojan Vundo with FixVundo.exe from Symantec
Removing Trojan Vundo with VundoFix.exe from Atribune.org
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
Antivirus System PRO
PDF Printing Version