So who has had luck removing Vundo?

[Raziaar]

My uncle has his computer infected with the trojan virus Vundo. Also known as MS Juan.

http://en.wikipedia.org/wiki/Vundo

I have run the computer through my typical battery. I go into safe mode, I find and remove suspicious entries with hijackthis... I use CCleaner and Glary Utilities to fix problems and find suspicious things. I was unable to use Ad-Aware and Antivirus... and I was unable to use Microsoft Malware Removal Tool. Why? Vundo prevented this.

I ran some programs called Vundofix that I found on wikipedia... and I've also run Spybot Search & Destroy.

Vundofix found nothing... yet I know Vundo is on there. I've encountered so many of it's DLL files that were still there.

Things like

zukuzibi.dll
kuyubuza.dll
kovabova.dll
davotudo.dll
tarifuya.dll

These are classical filenames for Vundo. Spybot search and destroy detected these and more. And it purported to get rid of them. However... the computer performance is still horribly degraded... I cannot run ad-aware or Windows Malware Removal tool. Windows Update STILL doesn't work... and I can't get those processes to even be able to launch. Basically the system was still acting like Vundo was still on there... after hours of messing with it.

This isn't on my computer, and I was hoping my regular battery of cleanup tools would get rid of the problem, but this is one persistent ****er.

Has anybody had any luck and experiences with it?

 

[Kadayi]

Can't say I have, but if in doubt save the women and children (the necessary files) and then nuke the site from orbit (full format and full reinstall) as it's the only way to really be sure, and tell your uncle to lay off the goat Pr0n in future

 

[_-_-SELAS-_-_]

malwarebytes worked for me, but you never know if it is totally removed, also I recommend running ccleaner, but only spybot has the awsome immunize feature so shit never gets in. I run all these to get the huge database from malwarebytes and the immunization from spybot, and ccleaner is better at cleaning up the registry.

 

[soulslicer]

Download Avast On-access scanner through download.com or their direct site. Most viruses close the browser window once the word "virus" is detected anywhere. So Avast does not have this issue.

Once you install and update avast, it will ask you to run a boot scan. Click Yes, and restart. It solved my virus problems.

Installs adware that 25% of the time is pornographic

lol, good for some I guess

 

[Laivasse]

I got it off my girlfriend's computer with my own convoluted method, using hijackthis and SuperAntiSpyware in safe mode. I hear Malwarebytes is also pretty handy.

SAS has an installer designed to get around Vundo's blocking of it too, here (the file is just renamed, essentially).

Remember to never rely on any one program. They all have holes which you need to compensate for with a combination of other AVs and your own knowhow. On my girlfriend's comp, Vundo got right past her NOD32 active protection, and Spybot was completely useless in removing it.

 

[AtomicSpark]

lol Windows. You could try re-installing. ;3

 

[Raziaar]

Can't say I have, but if in doubt save the women and children (the necessary files) and then nuke the site from orbit (full format and full reinstall) as it's the only way to really be sure, and tell your uncle to lay off the goat Pr0n in future

Heh heh... Trying to avoid reformatting and doing all that shit.

malwarebytes worked for me, but you never know if it is totally removed, also I recommend running ccleaner, but only spybot has the awsome immunize feature so shit never gets in. I run all these to get the huge database from malwarebytes and the immunization from spybot, and ccleaner is better at cleaning up the registry.

I'll check out malwarebytes. What is it exactly? You don't have to answer, I will research it.

I do have ccleaner and it's a regular in my cleanup process.

Download Avast On-access scanner through download.com or their direct site. Most viruses close the browser window once the word "virus" is detected anywhere. So Avast does not have this issue.

Once you install and update avast, it will ask you to run a boot scan. Click Yes, and restart. It solved my virus problems.

lol, good for some I guess

Yeah, I use avast. Though I didn't install it while i was there at the time. got too distracted and totally forgot.

I got it off my girlfriend's computer with my own convoluted method, using hijackthis and SuperAntiSpyware in safe mode. I hear Malwarebytes is also pretty handy.

SAS has an installer designed to get around Vundo's blocking of it too, here (the file is just renamed, essentially).

Remember to never rely on any one program. They all have holes which you need to compensate for with a combination of other AVs and your own knowhow. On my girlfriend's comp, Vundo got right past her NOD32 active protection, and Spybot was completely useless in removing it.

SuperAntiSpyware? Sounds like a rogue software name. lol. I'll certainly check it out though.

lol Windows. You could try re-installing. ;3

Noes! I only like reformatting my own computer.

 

[Laivasse]

Recent account on the SAS forums from someone who claims a Vundo-like infection:

Your infection sounds like exactly what I got in my computer last Wednesday. I could not get my Windows system restore to work and it disabled Malwarebytes. I started SuperAntiSpyware in regular mode and after one minute I got the Windows failer blue screen of death! I tried again in SAFE MODE and it caught enough of the infection (but not all) to allow Mawarebytes to work. I ran Mawarebytes and then disabled my system restore, and dumped my cache to make certain the virus/malware/trojan was gone from the restore area. Ran Malwarebytes, Superantispyware and Trend Micro. I also ran CCleaner and Glary Utilites. Result = a cleaned system. I checked the system restore to make certain it was working again and also ran a Hijack This log and checked it.