Last updated on October 2nd, 2013
“Trojan.Vundo” (Trojan:Win32/Vundo, Win32/Vundo) also known as Vundo, Virtumonde or Virtumondo, is a malicious Trojan horse that downloads malicious files to your computer and displays advertisements from malicious websites. The Vundo Trojan downloads and executes malicious programs on your computer, making your system unstable and uses random file names to hide itself from detection and removal.
Vundo is a very harmful Trojan and virus, because it modifies your computer registry and disables automatic update service and your firewall and prevents your antivirus or antimalware program to detect the infection.
The malicious “Trojan.Vundo” can infect your computer when:
a. you visit a malicious website.
b. you download infected files from file sharing networks (eMule, BitTorrent, Gnutella, etc.)
c. you open an e-mail attachment infected with this Trojan.
To remove “Trojan Vundo” virus from your computer, follow the steps bellow:
How to remove Trojan Vundo from your computer:
Step 1: Remove malicious running processes.
1. Download TDSSKiller Anti-rootkit utility from Kaspersky's website on your desktop.
2. When the download process is complete, go to your desktop and double click on “tdsskiller.exe” to run it.
3. At Kaspersky’s Anti-rootkit utility program click on “Change parameters” option.
4. At TDSSKiller settings, check to enable the“Detect TDLFS file system” option and press “OK”.
5. Press "Start scan" to start scanning for malicious programs.
When the scan process is complete, a new window opens with the scanning results.
6. Choose "Cure" and let the program finish the cure operation of the infected files.
7. When the "curing" operation is complete, reboot your computer.
8. After rebooting, run TDSSKiller again to scan one more time for Rootkits. If the previous curing job was completed successfully, the program now will inform you that "No Threats found".
Step 2: Clean you computer with RogueKiller
1. Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop)
Notice*: Download version x86 or X64 according to your operating system's version. To find your operating system's version, "Right Click" on your computer icon, choose "Properties" and look at "System Type" section
2. Double Click to run RogueKiller.
3. Let the prescan to complete and then press on "Scan" button to perform a full scan.
3. When the full scan is completed, press the "Delete" button to remove all malicious items found.
4. After RogueKiller removal process, continue to next step.
Step 3. Clean your computer from remaining malicious threats.
Download and install one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO:
1. Run "Malwarebytes Anti-Malware" and allow the program to update to it's latest version and malicious database if needed.
2. When the "Malwarebytes Anti-Malware" main window appears on your screen, choose the "Perform quick scan" option and then press "Scan" button and let the program scan your system for threats.
3. When the scanning is completed, press “OK” to close the information message and then press the "Show results" button to view and remove the malicious threats found.
4. At the "Show Results" window check – using your mouse's left button- all the infected objects and then choose the "Remove Selected" option and let the program remove the selected threats.
5. When the removal of infected objects process is complete, "Restart your system to remove all active threats properly"
6. Continue to the next step.
Advice: To ensure your computer is clean and safe, perform a Malwarebytes’ Anti-Malware full scan in windows “Safe mode“.*
*To get into Windows Safe mode, press the “F8” key as your computer is booting up, before the appearance of the Windows logo. When the “Windows Advanced Options Menu” appears on your screen, use your keyboard arrows keys to move to the Safe Mode option and then press “ENTER“.
Step 4: Clean remaining registry entries using “AdwCleaner”
1. Download and save “AdwCleaner” utility to your desktop.
2. Close all open programs and Double Click to open ”AdwCleaner” from your desktop.
3. Press “Scan”.
4. When scan is completed press “Clean” to remove all the unwanted malicious entries.
4. Press “OK” at “AdwCleaner – Information”and press “OK” again to restart your computer.
5. When your computer restarts, close "AdwCleaner" information (readme) window and continue to the next step.
Step 5. Clean unwanted files and entries.
Use “CCleaner” program and proceed to clean your system from temporary internet files and invalid registry entries.*
*If you don’t know how to install and use “CCleaner”, read these instructions.