Question:

How can i get rid of a Vundo/Virtumonde Spyware?

by  |  earlier

0 LIKES UnLike

its on my computer and i can not get rid of it. Spybot S&D detects and deletes it and it just comes back. It bypasses Ad-Aware, McAfee, Norton, & Spyware Terminator, and is marked as safe.

 Tags:

   Report

10 ANSWERS


  1. To avoid the unnecessary risk of damaging your computer, we highly recommend you use a good spyware cleaner/remover to automatically detect and remove Vundo and other spyware on your PC.

    1. Download Spyware Removal Tool.(http://toptenantispyware.com)

    2. Run a scan to detect and remove any Vundo infection.

    3. Restart your PC and run another scan for any remaining traces of Vundo. .


  2. I suggest using this spy-ware program as it will get rid of it for you, just click on the link to install and run a scan right away ok. (http://www.superantispyware.com)  This program is very good at protecting our computer from (spyware, malware, adware, and trojan horses) So give it a try as I am sure that you will be happy with the end results. Good Luck.

  3. Turn off System Restore

    - http://support.microsoft.com/kb/310405

    -------------------

    Download SuperAntiSpyware

    - http://www.superantispyware.com

    - Update and Scan

    ----------------------

    Download SDFix

    - http://www.bleepingcomputer.com/forums/t...

    - follow the directions to do a scan

    ---------------------

    If that doesn't work try this

    - http://www.bleepingcomputer.com/forums/t...

  4. it is better to format your c drive because this virus is contained forever their is 1 way to terminate is to install fresh window xp or vista then there will be no trouble

  5. You need to disable System Restore before you do anything. Vundo likes to reside in your system restore files. To do this, right-click on "My Computer" and select Properties. Then click on the System restore tab, and disable system restore. Next, download SuperAntispyware. You can do so for free at :

    http://www.superantispyware.com/download...

    Once installed, be sure to  update your virus definitions. Next boot into safe mode (tap F8 while system is booting up) and pull up SuperAntispyware. Before you do a scan, click on Preferences, then the Scanning Control tab. Uncheck the top two boxes (Ignore non-exe/ files larger than 4mb), and hit close. Finally, click Scan your computer, and make sure to fill in the bubble for a full scan on the right. Hit next, and the scan should get rid of Vundo. Just warning you though, the scan is going to take awhile....

  6. To remove spyware,there are many solutions exist, all of them with their own strengths and weaknesses.

    Top 5 anti-spywares reviews,comparisons and download links on

    http://anti-spyware-center.net

    You can download and scan your computer for free.

  7. try manual removal instructions

    http://removers.volyn.net/2007/08/16/rem...

  8. Vundo is one of the trickiest forms of spyware out there.  It can be very difficult to remove manually because it creates a DLL file that attaches to Winlogon which is used by the computer to startup.  You can conceivably remove all Vundo files in your hard drive and registry but if you do not delete the DLL file then the spyware will simply regenerate itself.  Pretty cunning program!  Here are the steps to remove Vundo.

    1. Turn off system restore

    2. Remove "Winfix" program through Add/Remove

    3. Remove associated DLL file (usually vzbb.dll, vturr.dll)

    4.  Delete the following registry files:

    HKEY_CURRENT_USER\Software\Microsoft\W...

    HKEY_LOCAL_MACHINE\Software\Microsoft\...

    HKEY_CLASSES_ROOT\CLSID\{2316230A-C89C...

    HKEY_CLASSES_ROOT\CLSID\{8109AF33-6949...

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AT...

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AT...

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CL...

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\... Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9...

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\... Helper Objects\{2316230A-C89C-4BCC-95C2-66659AC...

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\... Helper Objects\{8109AF33-6949-4833-8881-43DCC23...

    HKEY_CURRENT_USER\Software\Microsoft\I... Explorer\Main\Active State

    5. Restart your computer in safe mode

    6. Run an antispyware program that can remove Vundo (for a list go here http://www.spyware-fix.net)

    With a good antispyware program you should be able to skip most of these steps!


  9. You can free download antispyware 2008

    http://www.anti-spyware-2008.com which is an essential tool to keep your system free of dangerous spywares, protecting your privacy and your PC.

    It also works very well for me


  10. Ok. I finally fixed this myself. This rootkit is one tricky mfer. To fix the issue follow these steps..

    1 Run VundoFix.exe tool.. you can download it all over the place

    2 Edit your boot.ini file and add a second boot option and set it as safe mode

    3 download barts pe and create a basic XP preinstallation CD

    4 If you're not going to attempt a system restore you should turn it off and delete the restore points.

    Then....

    Boot normally. .... run vundofix, when you computer reboots itself, select the safe mode from the boot loader.

    in safe mode open the registry with regedit,

    go to HKLM>Software>Microsoft>Windows>Current Version>Run - delete all values that start with rundll32.exe

    do the same scrub under HKCU and HKEYUSERS>SID to make sure you remove it from all profiles

    put the Barts PE cd in the computer then reboot and boot to the CD.

    once in barts open the a43 file management utility and navigate to C:\Windows\System32

    you will see several DLL's that are hidden and possibly marked as readonly. Delete them.. If fact I recommend deleting all files that are hidden in this directory. Search for RUNDLL32.exe and rename it to RUNDLL32.EXEBAD

    restart the computer (remove the cd) and boot back to safe mode. Run VundoFix again and HijackThis scan and fix of BHO objects and any BS services that were added. Also reverify that the registry scrub done earlier still looks clean. If so reboot into normal mode and install all the latest MS security patches and update your antivirus and run one final scan.

    If you do this in the right order you should be clean.

    As a final step you might want to download the rootkit revealer tool from microsoft and run it to double check you have not missed anything.

    Hope this helps.. it will work if done properly.

Question Stats

Latest activity: earlier.
This question has 10 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Unanswered Questions