This section provides several sets of instructions found on the Internet to fully remove trojan Vundo.
If you search the Web for instructions for a full removal of Trojan Vundo, you will get many answers.
Here is a partial list of what I got out of the Web:
1. From http://vil.nai.com/vil/content/v_127690.htm. This is the official McAfee site. It suggests you to:
Download Process Explorer (procexp.exe) from http://www.sysinternals.com/ntw2k/freeware/procexp.shtml.
Reboot the infected machine
Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet
Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes
(right-click on these process names and choose suspend)
Scan and clean with the current DAT files and engine (the Window launched in step 3 above)
[there will be clean failures, that is expected]
Physically power the machine off and back on.(a hard reset is required as Windows
will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner).
This sounds like a very manual and risky process. Not suitable for regular home computer users.
Even myself, I don't want to try this with my system.
2. From http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99. This is the official Symantec site.
It suggests you to:
Download the FixVundo.exe file from: http://securityresponse.symantec.com/avcenter/FixVundo.exe.
Turn off System Restore if you using Windows Me or XP.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
This sounds like a safer process. I would try it, if my system gets infected.
3. From http://www.atribune.org/content/view/24/2/. It suggests you to:
Download the VundoFix.exe file from its own site.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
This sounds not too bad. I would try it as the second option, if my system gets infected.
3. Other instructions on removing Vundo are available. But you need to be careful on using
them:
If an instruction asks you to touch system registries, don't use it unless you are an "expert" of
Windows system.
If an instruction asks you to download and run a program, don't use it unless you fully
trust that site and that program.
