1. What is Trojan.Vundo?
It is a Trojan infecting computers through Java exploits in older versions of Java. Trojan.Vundo is also known as VirtuMonde, VirtuMondo or Vundo. After PC has been occupied by this trojan, a huge overflow of rogue related anti-spyware software (like WinAntiVirus Pro, Winfixer, SysProtect) pop-up windows is noticed. It is not recommended to download or install any of these rogue computer security programs, because of cheating on user. Fake anti-spyware programs will alert user that the computer system is infected, thus persuading him to buy full program version in order to remove found computer threats. Do not buy any of those programs!
VirtuMonde can also appear as an original Windows balloon notice in the taskbar area, popping up every few minutes and making user really frustrating. These balloon warnings will tell user that his PC is in danger and rogue virus/spyware scanner will be offered to make sure that the system is seemingly infected.
Trojan.Vundo creates many hidden files on computer system, as well as files with random names. Vundo virus may be hiding under different file names on each computer, that is why it's so complicated to delete Vundo infection manually.
VirtuMonde virus can be bundled with insecure applications, suspicious executable files or even screensavers.
VirtuMonde can also appear as an original Windows balloon notice in the taskbar area, popping up every few minutes and making user really frustrating. These balloon warnings will tell user that his PC is in danger and rogue virus/spyware scanner will be offered to make sure that the system is seemingly infected.
Trojan.Vundo creates many hidden files on computer system, as well as files with random names. Vundo virus may be hiding under different file names on each computer, that is why it's so complicated to delete Vundo infection manually.
VirtuMonde virus can be bundled with insecure applications, suspicious executable files or even screensavers.
2. How to remove Trojan.Vundo:
- Internet connection might be disabled or Internet browser might be blocked by Trojan.Vundo, so it won't be possible to download any files to infected computer. In this case please download all files required for Trojan.Vundo removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
- To remove Trojan.Vundo download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
-
After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:
-
After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Trojan.Vundo.
- Restart the computer to complete Trojan.Vundo removal procedure.
3. Hijackthis entries:
O2 Entries:* |
O2 - BHO: (no name) - {10b50180-1dd2-11b2-8c6a-f7825a53f0e2} - C:\WINDOWS\fohsbwtk.dll |
O2 - BHO: (no name) - {FD03C949-1F23-41EA-B53A-C31EE0154454} - C:\WINDOWS\system32\fccdefg.dll |
O2 - BHO: CATLEvents Object - {CA5DDFAC-93D0-46B0-973E-D25832A0D119} - C:\DOCUME~1\[username]\LOCALS~1\Temp\cg.dat |
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp**.tmp.dll |
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\okmuh.dll |
O2 - BHO: PsapiAnalyzer Object - {320F26E1-8F10-4143-B433-B2DB14896D1F} - c:\WINDOWS\system\cmdnet.dll |
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\ddaya.dll |
O2 - BHO: InfoDocReader Object - {A5B00A5B-073E-4246-AFF0-CCAE0D5BF6D1} - C:\WINDOWS\system32\tusqo.dll |
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\pmnnl.dll |
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\vturq.dll |
O2 - BHO: WTLHelper Object - {BD6CD737-34E1-4864-8697-83EC081F1989} - C:\WINDOWS\system32\ddaby.dll |
O2 - BHO: ADOUsefulNet Object - {80611854-49D7-47B4-9E5B-D8E56D77C6AB} - C:\WINDOWS\system32\awtqq.dll |
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\system32\rqono.dll |
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\system32\mlljg.dll |
O3 Entries:* |
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hbalvvkt.dll |
O20 Entries:* |
O20 - Winlogon Notify: rqrqool - C:\WINDOWS\system32\rqrqool.dll |
* These are examples of a Hijackthis entries related to Vundo virus. File names and CLSIDs may be different for particular instance. |