[HOWTO] Remove Vundo from your PC

calcal · January 21st, 2009

hello please help me, i ran a avira scan last night and i got two detections,

1. tr\vundo.gen it is located in C:\documents and settings\owner\temp\tmpbc.tmp
2. tr\patched.cl also in the same directory.
3. when i try to open my external hardrive it gives me the error code "C:\recycled\ntldr.com is not valid win32 application" which is a result of the vundo i believe.
*but i can open it when i right click - explore*

after the Trojan was triggered avira caught it and warned me i had the vundo trojen, i clicked delete on the pop up, i tried to go into my c drive to see if i could get it but when i clicked on it nothing happened and same with my external, after i realized my hard drives where locked i panicked and promptly wiped out my hard drive. which might have not been the best thing to do.

i had tried vundofix twice and both times did not get any detections, but when ever i run and avira scan it detects it and i select "delete" on the pop up. i have un-plugged my computer form the internet whether that helps or not and am currently running a full in-depth scan with nod32 on all my drives including my external hard drive, with no threats detected yet. the scan finished it scanned 367,938 files and 0 infected files and it is still giveing me the error code when i try to open my external hardrive.

i am currently doing a full Avira scan in safe mode

*i am more concerned about my external hard drive it has everything on it*

can someone help me please.

**tdinc** · January 21st, 2009

First I would unplug that External HD

second, if you can backup on a DVD, any personal files I would do that.

now you can go about this at many angles. you can start by doing a quick sweep for the trojan.

I follow this process by Mathew Rizos which works perfectly and will remove the Vundo/winfixer trojan

How to remove Vundo using free software - My Vundo Removal Kit.
Removing Vundo for free can be a little tough since there are so many Vundo variants and every free program has a different detection database and heuretics algorithm.

When I encounter Vundo and a client does not want to pay for any software I "break out" my free Vundo removal kit. This kit is currently comprised of:

-MalwareBytes AntiMalware (malwarebytes.org)
-SuperAntiSpware (superantispyware.com)
-VundoFix (from atribune.org)
-UnDLL (from eset.com)

To start the Vundo removal process:
1. Backup any personal data to CD, DVD or flash drive.
2. Download and install MalwareBytes Anti-Malware.
3. Load MalwareBytes Anti-Malware and click the update tab and then click update to receive the latest updates.
4. Download and install SuperAntiSpyware.
5. Load SuperAntiSpyware. SuperAntiSpyware will ask you if you want to check for new rules and definitions. Choose yes.
6. Close SuperAntiSpyware.
7. Download VundoFix.
8. Download UnDLL.
9. Reboot your PC in Safe Mode.
10. While in safe mode load MalwareBytes Anti-Malware and perform a full scan.
11. When the scan is complete click show results.
12. Remove any checked items.
13. Reboot if MalwareBytes asks you to.
14. Enter Safemode again.
15. Load SuperAntiSpyware.
16. Click Preferences and click the scanning control tab.
17. Check on "Terminate memory threats before quarantining".
18. Close preferences and click the "Scan your computer " button.
19. Select "Perform Complete scan" and click next
20. Let the scan complete and remove anything it finds.
21. Next, we'll finish up the Vundo detection and removal process by using VundoFix
22. Open VundoFix and click the "Scan for Vundo" button.
23. If any Vundo infections still remain click the "Fix Vundo" button.
24. At this point Vundo has most likely been neutralized.
25. Reboot your pc.
26. You should be Vundo Free now.
27. Download and install the latest copy of the Java Runtime Environment and keep it updated. (Remove all the other Runtime builds)

If you think any Vundo Trojans have been missed in c:windows or c:windowssystem32 then you scan submit those files to virustotal.com for analysis. If the file you submit comes back as a possible infection then you may forcibly remove it using UnDLL. If you're still getting popup ads then you may want to run a HiJackThis log

**LordOfLA** · January 21st, 2009

Thread stuck, renamed.

calcal · January 22nd, 2009

hello thank you for the response i will try it, but one question is it possible for me to have vundo or some other virus/Trojan on my external hard drive itself?

and :P im new to the forum i don't really know how to rename the thread

to back up my files is it okay to move to my computer then more the files the another hard drive or will that possibly spread the virus to another hard drive? also what if i plug my external into another computer will it infect that computer?

:P im going to have to be very selective on what i back up, have 500+ gigs on external :P

**LordOfLA** · January 22nd, 2009

it is possible it got to your external drive.

I renamed it so that its easier for people to find when searching google

calcal · January 22nd, 2009

okay, thank you... im really afraid of my external :P

also if i apply these steps provided by tdinc to my external hard drive will it clean it?
because iv tried vundofix and i cant get it to scan my external hard drive

calcal · January 22nd, 2009

than you to you all i removed the vundo, and also i got rid of the error thing when i open my hard rive i used ComboFix its very good

sonyvega · January 22nd, 2009

I found better solution. You have to click on "My Computer". Next click on "Explore". At this moment we have access to harddrive. Later click on "tools" and "Folders Options". Click on "view" and you have to fore tittle "hyde protect system pliks (recommended)" and you have to mark "show me hyde and protect pliks and folders". You have to confirm this changes. On harddrive you should find folder "recycled" and plik "autorun.inf". You must delete it. Later restart computer and thats it

(I think you understand what I mean:P I dont speak vey good english xP)

**LordOfLA** · January 22nd, 2009

replace hyde with hide, pliks with files and your golden

greggustin · February 9th, 2009

for the first time ever
I broke down and paid $ for an anti-virus program
got the ONLY one that detected Vundu in its trial version
(this was in early Jan)
StopZilla
got rid of all traces of vundu
and btw - I got it merely by visiting a site
I did NOT access any links or downloads

**LordOfLA** · February 9th, 2009

stopzilla is 32bit only. Needs to be 64bit as well to be any good, theres no excuse these days not to be.

**tdinc** · February 9th, 2009

stopzilla is garbage. plenty of freeware as mentioned above that does the job better.

greggustin · February 9th, 2009

Originally Posted by tdinc

stopzilla is garbage. plenty of freeware as mentioned above that does the job better.

as I said - NONE of the other programs found VUNDU
much less deleted it - this was a month ago - maybe others can now = and it is NOT garbage - it worked for me
grisoft and avast and several others did not
and yes - StopZilla has many bad reviews over the years
but I risked my 30 day money back guarantee (from my credit card bank) and spent the money - which I normally use freeware - but not this time

I am not pushing the program - just sharing what worked for me

zuno · February 23rd, 2009

hi there

You can also remove Vundo Trojen Manually if u like here are the instructions::
http://segmentnext.com/index.php/200...-vundo-trojan/

**Mastershakes** · March 19th, 2009

Originally Posted by greggustin

as I said - NONE of the other programs found VUNDU
much less deleted it - this was a month ago - maybe others can now = and it is NOT garbage - it worked for me
grisoft and avast and several others did not
and yes - StopZilla has many bad reviews over the years
but I risked my 30 day money back guarantee (from my credit card bank) and spent the money - which I normally use freeware - but not this time

I am not pushing the program - just sharing what worked for me

Stopzilla is still garbage. He is dead on. Uninstall, ask for refund.

Safe mode, a pair of eyes, hijackthis, spybot and adaware are the only tools you need for any of the vundu variety (spoofing DLLs and sticking silly, obvious hooks into the system - usually via rundll32, LOL these writers are getting dumber by the second)

If you still have it, please post hijackthis log and screens of full spybot (updated) and adaware from Windows Safe Mode.

At one point last week I loaded a girlfriend's lappie in safe mode, took a look at the RUN key in registry, and set about renaming the DLLs listed in it. bye bye vundu. Stumbled across it whilst browsing tunes at a party last Sunday eve.

The trick with this one - is you should go after it manually - no program stays current enough to track all the iterations of this trojan - it's every 13 year old's dream program - they piggyback it with whatever nefarious goals they have in their insignificant lives.

**Dark Atheist** · March 19th, 2009

nuke the pc

**Johnny** · March 19th, 2009

don't go to porn sites ...

**Dark Atheist** · March 19th, 2009

dont go to your porn sites

also it not just porn sites you have to watch out for any site and be hijacked and hosting drive by downloads

**tdinc** · March 19th, 2009

Originally Posted by 3Dfiend

dont go to your porn sites also it not just porn sites you have to watch out for any site and be hijacked and hosting drive by downloads

3D is right, thats why i stress to use Spywareblaster to block the drive by rouge hosts and malware active x

Punkrulz · March 20th, 2009

Hey guys,

I'm having a huge predicament here. Windows XP SP3. I know there is an instance of Vundo on this laptop that I'm using. I was able to successfully able to download SuperAntispyware (My initial go-to for removal of anything), however when it found 2 instances of Vundo, while it was scanning I would get a BSOD and it would say "Page_Fault_In_Nonpaged_Area".

Whenever I attempted to download Vundofix, or even google Vundo, both IE and Firefox close themselves down. Same with searching for Malwarebytes, but I can search for anything that wouldn't be related to fixing it. This happens in both normal mode and safe mode. I don't see any out of the ordinary processes under safemode, which I'm sure is because it tied itself into a normal process.

If I use a thumb drive to download the stuff from one computer and place it on the laptop, will Vundo infect my thumb drive?

January 21st, 2009	Top \| #1
calcal OSNN Junior Addict Joined: January 2009 Posts: 6 Reputation: 0 Power: 41	[HOWTO] Remove Vundo from your PC hello please help me, i ran a avira scan last night and i got two detections, 1. tr\vundo.gen it is located in C:\documents and settings\owner\temp\tmpbc.tmp 2. tr\patched.cl also in the same directory. 3. when i try to open my external hardrive it gives me the error code "C:\recycled\ntldr.com is not valid win32 application" which is a result of the vundo i believe. but i can open it when i right click - explore after the Trojan was triggered avira caught it and warned me i had the vundo trojen, i clicked delete on the pop up, i tried to go into my c drive to see if i could get it but when i clicked on it nothing happened and same with my external, after i realized my hard drives where locked i panicked and promptly wiped out my hard drive. which might have not been the best thing to do. i had tried vundofix twice and both times did not get any detections, but when ever i run and avira scan it detects it and i select "delete" on the pop up. i have un-plugged my computer form the internet whether that helps or not and am currently running a full in-depth scan with nod32 on all my drives including my external hard drive, with no threats detected yet. the scan finished it scanned 367,938 files and 0 infected files and it is still giveing me the error code when i try to open my external hardrive. i am currently doing a full Avira scan in safe mode i am more concerned about my external hard drive it has everything on it can someone help me please.

January 21st, 2009	Top \| #2
tdinc █▄█ ▀█▄ █ Joined: December 2003 Location: Sterling Heights, MICHIGAN Posts: 3,507 Blog Entries: 19 Reputation: 2905 Power: 168	Re: please help me, i got trojens and maybe a virus First I would unplug that External HD second, if you can backup on a DVD, any personal files I would do that. now you can go about this at many angles. you can start by doing a quick sweep for the trojan. I follow this process by Mathew Rizos which works perfectly and will remove the Vundo/winfixer trojan How to remove Vundo using free software - My Vundo Removal Kit. Removing Vundo for free can be a little tough since there are so many Vundo variants and every free program has a different detection database and heuretics algorithm. When I encounter Vundo and a client does not want to pay for any software I "break out" my free Vundo removal kit. This kit is currently comprised of: -MalwareBytes AntiMalware (malwarebytes.org) -SuperAntiSpware (superantispyware.com) -VundoFix (from atribune.org) -UnDLL (from eset.com) To start the Vundo removal process: 1. Backup any personal data to CD, DVD or flash drive. 2. Download and install MalwareBytes Anti-Malware. 3. Load MalwareBytes Anti-Malware and click the update tab and then click update to receive the latest updates. 4. Download and install SuperAntiSpyware. 5. Load SuperAntiSpyware. SuperAntiSpyware will ask you if you want to check for new rules and definitions. Choose yes. 6. Close SuperAntiSpyware. 7. Download VundoFix. 8. Download UnDLL. 9. Reboot your PC in Safe Mode. 10. While in safe mode load MalwareBytes Anti-Malware and perform a full scan. 11. When the scan is complete click show results. 12. Remove any checked items. 13. Reboot if MalwareBytes asks you to. 14. Enter Safemode again. 15. Load SuperAntiSpyware. 16. Click Preferences and click the scanning control tab. 17. Check on "Terminate memory threats before quarantining". 18. Close preferences and click the "Scan your computer " button. 19. Select "Perform Complete scan" and click next 20. Let the scan complete and remove anything it finds. 21. Next, we'll finish up the Vundo detection and removal process by using VundoFix 22. Open VundoFix and click the "Scan for Vundo" button. 23. If any Vundo infections still remain click the "Fix Vundo" button. 24. At this point Vundo has most likely been neutralized. 25. Reboot your pc. 26. You should be Vundo Free now. 27. Download and install the latest copy of the Java Runtime Environment and keep it updated. (Remove all the other Runtime builds) If you think any Vundo Trojans have been missed in c:windows or c:windowssystem32 then you scan submit those files to virustotal.com for analysis. If the file you submit comes back as a possible infection then you may forcibly remove it using UnDLL. If you're still getting popup ads then you may want to run a HiJackThis log

January 21st, 2009	Top \| #3
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: [HOWTO] Remove Vundo from your PC Thread stuck, renamed. If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

January 22nd, 2009	Top \| #4
calcal OSNN Junior Addict Joined: January 2009 Posts: 6 Reputation: 0 Power: 41	Re: [HOWTO] Remove Vundo from your PC hello thank you for the response i will try it, but one question is it possible for me to have vundo or some other virus/Trojan on my external hard drive itself? and :P im new to the forum i don't really know how to rename the thread to back up my files is it okay to move to my computer then more the files the another hard drive or will that possibly spread the virus to another hard drive? also what if i plug my external into another computer will it infect that computer? :P im going to have to be very selective on what i back up, have 500+ gigs on external :P

January 22nd, 2009	Top \| #5
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: [HOWTO] Remove Vundo from your PC it is possible it got to your external drive. I renamed it so that its easier for people to find when searching google If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

Latest News Posts

Latest Forum Posts

Latest Member Blogs

January 22nd, 2009	Top \| #6
calcal OSNN Junior Addict Joined: January 2009 Posts: 6 Reputation: 0 Power: 41	Re: [HOWTO] Remove Vundo from your PC okay, thank you... im really afraid of my external :P also if i apply these steps provided by tdinc to my external hard drive will it clean it? because iv tried vundofix and i cant get it to scan my external hard drive

January 22nd, 2009	Top \| #7
calcal OSNN Junior Addict Joined: January 2009 Posts: 6 Reputation: 0 Power: 41	Re: [HOWTO] Remove Vundo from your PC than you to you all i removed the vundo, and also i got rid of the error thing when i open my hard rive i used ComboFix its very good

January 22nd, 2009	Top \| #8
sonyvega I'am weightless ;) Joined: January 2009 Location: Poland Posts: 1 Reputation: 0 Power: 0	Re: [HOWTO] Remove Vundo from your PC I found better solution. You have to click on "My Computer". Next click on "Explore". At this moment we have access to harddrive. Later click on "tools" and "Folders Options". Click on "view" and you have to fore tittle "hyde protect system pliks (recommended)" and you have to mark "show me hyde and protect pliks and folders". You have to confirm this changes. On harddrive you should find folder "recycled" and plik "autorun.inf". You must delete it. Later restart computer and thats it (I think you understand what I mean:P I dont speak vey good english xP)

January 22nd, 2009	Top \| #9
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: [HOWTO] Remove Vundo from your PC replace hyde with hide, pliks with files and your golden If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

February 9th, 2009	Top \| #10
greggustin OSNN Addict Joined: January 2006 Posts: 166 Reputation: 50 Power: 79	Re: [HOWTO] Remove Vundo from your PC for the first time ever I broke down and paid $ for an anti-virus program got the ONLY one that detected Vundu in its trial version (this was in early Jan) StopZilla got rid of all traces of vundu and btw - I got it merely by visiting a site I did NOT access any links or downloads

February 9th, 2009	Top \| #11
LordOfLA Godlike! Joined: February 2004 Location: Salisbury, Wiltshire, UK Posts: 7,031 Blog Entries: 5 Reputation: 4137 Power: 213	Re: [HOWTO] Remove Vundo from your PC stopzilla is 32bit only. Needs to be 64bit as well to be any good, theres no excuse these days not to be. If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

February 9th, 2009	Top \| #12
tdinc █▄█ ▀█▄ █ Joined: December 2003 Location: Sterling Heights, MICHIGAN Posts: 3,507 Blog Entries: 19 Reputation: 2905 Power: 168	Re: [HOWTO] Remove Vundo from your PC stopzilla is garbage. plenty of freeware as mentioned above that does the job better.

February 9th, 2009	Top \| #13
greggustin OSNN Addict Joined: January 2006 Posts: 166 Reputation: 50 Power: 79	Re: [HOWTO] Remove Vundo from your PC Originally Posted by tdinc stopzilla is garbage. plenty of freeware as mentioned above that does the job better. as I said - NONE of the other programs found VUNDU much less deleted it - this was a month ago - maybe others can now = and it is NOT garbage - it worked for me grisoft and avast and several others did not and yes - StopZilla has many bad reviews over the years but I risked my 30 day money back guarantee (from my credit card bank) and spent the money - which I normally use freeware - but not this time I am not pushing the program - just sharing what worked for me

February 23rd, 2009	Top \| #14
zuno OSNN One Post Wonder Joined: February 2009 Posts: 1 Reputation: 0 Power: 0	Re: [HOWTO] Remove Vundo from your PC hi there You can also remove Vundo Trojen Manually if u like here are the instructions:: http://segmentnext.com/index.php/200...-vundo-trojan/

March 19th, 2009	Top \| #15
Mastershakes OSNN Veteran Addict Joined: July 2004 Location: Montreal Posts: 1,721 Reputation: 1040 Power: 124	Re: [HOWTO] Remove Vundo from your PC Originally Posted by greggustin as I said - NONE of the other programs found VUNDU much less deleted it - this was a month ago - maybe others can now = and it is NOT garbage - it worked for me grisoft and avast and several others did not and yes - StopZilla has many bad reviews over the years but I risked my 30 day money back guarantee (from my credit card bank) and spent the money - which I normally use freeware - but not this time I am not pushing the program - just sharing what worked for me Stopzilla is still garbage. He is dead on. Uninstall, ask for refund. Safe mode, a pair of eyes, hijackthis, spybot and adaware are the only tools you need for any of the vundu variety (spoofing DLLs and sticking silly, obvious hooks into the system - usually via rundll32, LOL these writers are getting dumber by the second) If you still have it, please post hijackthis log and screens of full spybot (updated) and adaware from Windows Safe Mode. At one point last week I loaded a girlfriend's lappie in safe mode, took a look at the RUN key in registry, and set about renaming the DLLs listed in it. bye bye vundu. Stumbled across it whilst browsing tunes at a party last Sunday eve. The trick with this one - is you should go after it manually - no program stays current enough to track all the iterations of this trojan - it's every 13 year old's dream program - they piggyback it with whatever nefarious goals they have in their insignificant lives. So many idiots - so little time

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Auto Update wont switch on - Popups - Vundo ?	cojo	Windows Desktop Systems	4	September 23rd, 2008 5:32pm
Sitemap howto	Heeter	Web Design & Coding	6	January 30th, 2008 7:36pm
Lockdown 11B howto	Heeter	General Hardware	2	September 23rd, 2003 12:49pm
Howto: .html reading .xml	lieb39	Web Design & Coding	2	September 6th, 2003 2:22am
howto? - Backup ViceCity cds	lieb39	Windows Desktop Systems	53	May 19th, 2003 10:39pm

March 19th, 2009	Top \| #16
Dark Atheist OSNN Veteran Addict Joined: April 2003 Location: In The Void Posts: 6,373 Blog Entries: 9 Reputation: 1877 Power: 193	Re: [HOWTO] Remove Vundo from your PC nuke the pc

March 19th, 2009	Top \| #17
Johnny Paul Reed Smith Joined: January 2004 Location: Happy Valley Posts: 4,869 Reputation: 2369 Power: 173	Re: [HOWTO] Remove Vundo from your PC don't go to porn sites ... Paul Reed Smith.

March 19th, 2009	Top \| #18
Dark Atheist OSNN Veteran Addict Joined: April 2003 Location: In The Void Posts: 6,373 Blog Entries: 9 Reputation: 1877 Power: 193	Re: [HOWTO] Remove Vundo from your PC dont go to your porn sites also it not just porn sites you have to watch out for any site and be hijacked and hosting drive by downloads

March 19th, 2009	Top \| #19
tdinc █▄█ ▀█▄ █ Joined: December 2003 Location: Sterling Heights, MICHIGAN Posts: 3,507 Blog Entries: 19 Reputation: 2905 Power: 168	Re: [HOWTO] Remove Vundo from your PC Originally Posted by 3Dfiend dont go to your porn sites also it not just porn sites you have to watch out for any site and be hijacked and hosting drive by downloads 3D is right, thats why i stress to use Spywareblaster to block the drive by rouge hosts and malware active x

March 20th, 2009	Top \| #20
Punkrulz Somewhat eXPerienced Joined: December 2001 Location: Woodbury, NJ Posts: 790 Reputation: 50 Power: 134	Re: [HOWTO] Remove Vundo from your PC Hey guys, I'm having a huge predicament here. Windows XP SP3. I know there is an instance of Vundo on this laptop that I'm using. I was able to successfully able to download SuperAntispyware (My initial go-to for removal of anything), however when it found 2 instances of Vundo, while it was scanning I would get a BSOD and it would say "Page_Fault_In_Nonpaged_Area". Whenever I attempted to download Vundofix, or even google Vundo, both IE and Firefox close themselves down. Same with searching for Malwarebytes, but I can search for anything that wouldn't be related to fixing it. This happens in both normal mode and safe mode. I don't see any out of the ordinary processes under safemode, which I'm sure is because it tied itself into a normal process. If I use a thumb drive to download the stuff from one computer and place it on the laptop, will Vundo infect my thumb drive? CPU: Intel C2D E8400 {3.0GHz} \| Mobo: Gigabyte GA-EP45-UD3R \| RAM: GSkill DDR2-1000 2x2gb \| HDD: Western Digital 640gb SATA \| GFX: EVGA Geforce GTX-260 216c \| Speakers: Creative Inspire 5200 \| Operating System: Windows Vista Business x64 If you're happy with my assistance, please click on the on the left side under my name!