Virtumonde is a pernicious Adware Trojan that is usually installed into your windows pc (Windows 2000, Windows XP, or Windows Vista) via an outdated Java Runtime Environment. Vundo, also known as Virtumonde and Virtumondo creates random letter DLL's in C:windowssystem32 (tyeyavv. dll for example) that inject themselves into the winlogon. exe process as well as the explorer. exe process. Since Vundo injects itself into winlogon. exe removal can be very hard because winlogon. exe is in use almost every second. The biggest problem with Vundo is not necessarily the removal process, but it's actually the detection process since Vundo creators make hundreds of variants a day in an effort to evade detection (which seems to be working unfortunately).
What are the symptoms of a Vundo Infection?
Vundo displays unblockable popup and popunder ads even when users are not actively browsing the internet. Vundo has also been known to display fake system alerts that try to scare a user into buying a fake antivirus application. Vundo is essentially a platform for delivering scams to your PC on a massive not-stop scale.
How to remove Vundo using free software - My Vundo Removal Kit.
Removing Vundo for free can be a little tough since there are so many Vundo variants and every free program has a different detection database and heuretics algorithm.
When I encounter Vundo and a client does not want to pay for any software I “break out" my free Vundo removal kit. This kit is currently comprised of:
-MalwareBytes AntiMalware (malwarebytes.org)
-VundoFix (from atribune.org)
-UnDLL (from eset.com)
To start the Vundo removal process:
1. Backup any personal data to CD, DVD or flash drive.
2. Download and install MalwareBytes Anti-Malware.
3. Load MalwareBytes Anti-Malware and click the update tab and then click update to receive the latest updates.
4. Download and install SuperAntiSpyware.
5. Load SuperAntiSpyware. SuperAntiSpyware will ask you if you want to check for new rules and definitions. Choose yes.
6. Close SuperAntiSpyware.
7. Download VundoFix.
8. Download UnDLL.
9. Reboot your PC in Safe Mode.
10. While in safe mode load MalwareBytes Anti-Malware and perform a full scan.
11. When the scan is complete click show results.
12. Remove any checked items.
13. Reboot if MalwareBytes asks you to.
14. Enter Safemode again.
15. Load SuperAntiSpyware.
16. Click Preferences and click the scanning control tab.
17. Check on “Terminate memory threats before quarantining".
18. Close preferences and click the “Scan your computer " button.
19. Select “Perform Complete scan" and click next
20. Let the scan complete and remove anything it finds.
21. Next, we'll finish up the Vundo detection and removal process by using VundoFix
22. Open VundoFix and click the “Scan for Vundo" button.
23. If any Vundo infections still remain click the “Fix Vundo" button.
24. At this point Vundo has most likely been neutralized.
25. Reboot your pc.
26. You should be Vundo Free now.
27. Download and install the latest copy of the Java Runtime Environment and keep it updated.
28. Do yourself a favor and buy Spyware Doctor with Antivirus (one license protects 3 PC's). It's the only antivirus that I've tested this year to successfully detect and remove almost every variant of Vundo with very little effort.
If you think any Vundo Trojans have been missed in c:windows or c:windowssystem32 then you scan submit those files to virustotal.com for analysis. If the file you submit comes back as a possible infection then you may forcibly remove it using UnDLL. If you're still getting popup ads then you may want to run a HiJackThis scan and email me the log file or just install Spyware Doctor with AntiVirus.
Matthew Rizos writes daily articles on how to remove malware using free anti-malware software.
For the best antivirus go here.