NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
Title: Vundo
Type: Trojans

Remove Vundo. Removal instructions


 
Also known as: Vundo.b, Vundo.celldorado
Severity scale:Vundo severity is 92  (92 / 100)
 
Vundo trojan is a widely-spread trojan that displays large amount of unsolicited pop-up advertisements. Vundo is hard to remove, removal process is very compicated. Vundo and its mutated clones: Vundo.b, Vundo.celldorado also silently downloads aditional files from the Internet and runs arbitrary potentially harmful files, mostly adware components.
Vundo is distributed by e-mail in messages containing links to insecure web sites, which exploit certain security vulnerabilities of the Internet Explorer web browser. Once the user clicks on such a link, Internet Explorer opens a dangerous site that automatically installs the Vundo trojan into the system without user knowledge and consent.
Vundo is responsible for the severe decrease of the amount of system virtual memory available. This results in noticeable computer performance slowdowns. Vundo secretly runs on every Windows startup. Vundo creates a DLL file in the Windows system32 directory and writes registry entries, causing Windows to inject the file into winlogon.exe and many other programs.

There are some tools created to remove Vundo trojan. They called vundofix, they can fix certain variants of Vundo trojan.

Related files: vturr.dll, vzbb.dll, dszigqd.dll

Vundo properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Vundo removal:

remover for Vundo
SpyHunter is recommended remover to uninstall Vundo. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Vundo using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
STOPzilla
download | review
We are testing STOPzilla's efficiency at removing Vundo (2012-01-01 08:16:26)
Malwarebytes Anti Malware
download | review
We are testing Malwarebytes Anti Malware's efficiency at removing Vundo (2012-01-01 08:16:26)
Spyware Doctor
download | review | tutorial
We are testing Spyware Doctor's efficiency at removing Vundo (2012-01-01 08:16:26)
XoftSpySE Anti Spyware
download | review

Vundo manual removal:

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WinLogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\*[filename]
HKEY_CLASSES_ROOT\CLSID\{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOT\CLSID\{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HELP:
how to remove registry entries

Unregister DLLs:
vzbb.dll, vturr.dll
HELP:
how to unregister malicious DLLs

Delete files:
vzbb.dll vturr.dll dszigqd.dll
HELP:
how to remove harmful files

Misc:
[filename] is a name of the trojan's main file.

The parasite creates infected executable files with random names. These files can be found in different folders inside C:\Windows or C:\Winnt directory.
Remove Vundo by following there steps. Manual and automated Vundo Fix.
Information added: 2005-10-12 13:15:37
Information updated: 2012-01-01 05:39:11

Additional resources related to Vundo:

Attention: If you know or you have a website or page about Vundo removal, feel free to add a link to this list: add url
more resources
0
0
Guest
ok
2007 02 04
0
0
removed Vundo
Thank you for the instructions. I was able to remove Vundo succesfully
2008 03 19
0
0
<Guest>
running spybot search&destroy now and so far it has found most if not all the items above also. i picked this little sucker up off a ps2 emulator .rar file i got from a torrent down load also so be careful of .rar files that may be suspicious.
2008 07 03
0
0
biggot
hey thats funny. i got my vundo there too. mine was from mininova.

PEOPLE, AVOID DOWNLOADING PS2 EMULATORS FROM TORRENT SITES. GO TO THE ORIGINAL SITES INSTEAD.
2008 09 05
0
0
<Guest>
Spybot finds vundo but didnt actually remove it for real, I ran it several times.

Malwarebytes Malware remover killed it for real.

Both are free.
2008 09 28
0
0
<Guest>
I have vundo from MININOVA
2008 10 17
0
0
<Guest>
Thanks, even though spyaware doctor isn't free and doesn't remove anything unless you buy it it detected some smaller adware I didn't know I had and I was able to remove it.
2009 10 13
0
0
<Guest>
Mine came via Skype as message from a friend! went to all my contacts. Uninstalled AVG and will not let me to reinstall it.
2009 12 27
0
0
<Guest>
The Vundo virus I had unchecked the "automatically detect DNS server" and added two bogus entries. Rechecking the box got rid of a redirection to an antivirus site.
2010 02 28

Post Comment:

Attention: Use this form only if you have additional information about Vundo parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Related news:
Similar parasites:
Related articles:
Related discussions:
Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

I failed to remove Vundo using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.