Windows Security Tutorials - Herong's Tutorial Examples
Dr. Herong Yang, Version 3.00

Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

This chapter provides a quick introduction of what is trojan Vundo on Windows systems. Topics include finding the root Vundo file: vtsts.dll, removing Vundo generated DLL files, detecting infected files with VirusScan, removing vtsts.dll with VundoFix from Atribune.org

What Is Trojan Vundo?

Partial Removal of Trojan Vundo

Detecting Trojan Vundo with McAfee VirusScan

Instructions on Full Removal of Trojan Vundo

Removing xxxxxxxx.dll Files Generated by Vundo

What Is Vundo Related vtsts.dll?

Finding and Removing vtsts.dll Manually

Removing Trojan Vundo with FixVundo.exe from Symantec

Removing Trojan Vundo with VundoFix.exe from Atribune.org

Conclusion:

  • Vundo is one of the widely-spread trojans that shows large amount of unsolicited pop-up advertisements with Internet Explorer.
  • Vundo creats DLL files in c:\windows\system32 directory with 8-random-letter names.
  • Partial removal of Vundo is not hard. But full removal of Vundo is very difficult.
  • VirusScan detected Vundo DLL files correctly. But I did not try to use it to clean the victim machine.
  • vtsts.dll was hidden root cause of the Trojan Vundo infection on my friend's Windows system.
  • This instance of Trojan Vundo had no Winlogon Notify registry entry of vtsts.dll like other reported cases.
  • FixVundo.exe from Symantec failed to detect this instance of Trojan Vundo.
  • VundoFix.exe from Atribune.org did a nice job to detect and remove this Trojan Vundo. Thanks to all the people at Atribune.org for this great tool!

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

 MS08-001 Vulnerability on Windows Systems

 Antivirus System PRO

 References

 PDF Printing Version

Dr. Herong Yang, updated in 2013
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal