Threat info:Vundo is a Trojan virus that attacks the user’s web browser and displays various pop-ups and advertisements. The Trojan Vundo is also known by the names Virtuemonde and Virtuemondo. Vundo reaches the user’s system via spam emails which contain links to malicious websites which exploit security weaknesses in the web browser and in browser plugin such as Java. There are many variants of Vundo and they act in different ways.
The main goal of Vundo is to attack the browser via Browser Helper Objects and change the user’s web-browsing experience in a way that certain rogue security applications get promoted. Once installed, the Trojan Vundo will display pop-ups within the infected web browser which gives false warnings of security threats and asks the user to install a rogue security application, which it claims to be legitimate. It also changes the desktop background to a fake warning that says that the computer is under threat.
The Trojan Vundo may also change the screensaver to the dreaded ‘blue screen’ of Windows, and it will show a fake security warning as well. Any anti-malware applications that are already installed at the point of Vundo installation will be severely blocked or deleted completely. The Trojan Vundo will also cause Google search to be redirected to malicious websites which peddle rogue security software. Downloads from the internet will also be slowed down drastically. Vundo also disables the Task Manager, Registry Editor and System Restore to prevent its removal.
As Vundo is a dangerous Trojan that harms your computer, you should take steps to remove it as soon as you find a copy on your system. For a professional approach, conducting a full system scan using genuine antivirus software such as Spyware Doctor with Antivirus may proof to be reliable as it can detect Vundo related infections.
Due to the fact that manual removal of Vundo is also possible in some cases, an attempt could prove to be successful. In order to do this, it is necessary to unregister its DLLs, delete its files and remove its registry entries. Before you attempt to remove Vundo, however, you must restart your system in safe mode.
The first step you must take in order to remove the Trojan Vundo is to unregister the following DLLs:
- vzbb.dll
- vturr.dll
Because Vundo constantly mutates you will need to run a scan using your favorite security client to find out what traces need to be unregistered.
Next, delete the following files:
- vzbb.dll
- vturr.dll
- dszigqd.dll
Again these traces will be different for you. They are listed simply as an example. This threat mutates so much it is impossible to provide an accurate list of what to remove. You should run a full scan using whatever security client you favor most.
Finally, remove the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WinLogon
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\*[filename]
- HKEY_CLASSES_ROOT\CLSID\{2316230A-C89C-4BCC-95C2-66659AC7A775}
- HKEY_CLASSES_ROOT\CLSID\{8109AF33-6949-4833-8881-43DCC232B7B2}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316230A-C89C-4BCC-95C2-66659AC7A775}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8109AF33-6949-4833-8881-43DCC232B7B2}
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
Outside Resources:
Speak Your Mind