Q.
Hi, recently my computer started acting weird. Some of the icons on my desktop were different (white paper icons?) when I tried to click the programs they wouldn’t work. I did a scan with (norton antivirus) but got nothing. I still suspected something here, so the only thing I could think of was a system restore. Although my icons came back, many of my originally installed programs (hp media programs) were there but could not work when I clicked them! I had to reinstall programs like mixcraft, because it was corrupt. I searched to find what was it that was making the software impossible to run, and the only thing that I have found for now is the Vundo Trojan, and so far nothing is working for me… I tried FixVundo.exe, I’m not sure how to manually delete it from the registry (I’m not really sure how to get rid of it at all), but so far nothing works, and I’m a complete nooby, and worried my new laptop will just crash on me. I have an hp envy 14, windows 7, and I’m in dire need to get rid of this dreaded pest! Thank you!
A.
Ahh, Vundo (or, Virtumonde)… It’s been around for a long time, in a variety of “mutations”, but the song remains the same. Vundo is a pain to remove, but it is possible.
First, you’ll need to download a few things.
If you have any networked computers (other PC’s connected together), you’ll need to run through this list on all of them – this spyware/virus can infect shared folders on networks.
You already have a Vundo remover, but just to make sure it’s the correct one, download it here.
Download this one as well.
Download CCleaner.
Download SuperAntiSpyware (cheesy name, I know, but it works).
Finally, download SpyBot Search and Destroy.
Now for the fun part. As an Administrator (not a limited user), install ALL these programs, then update them. Get a cup of coffee, it’s going to take a while. When you install them, right-click on each file and select “run as administrator”. This should make the programs available to each user on the PC. And yes, you have to run the programs under each user.
Now that the installs and updating are done, go in to your Control Panel and disable System Restore. This needs to be done as Vundo / Virtumonde often hides in the System Restore directory, which can’t be effectively scanned by virus and spyware scanners.
Next, restart the computer in safemode / without networking. While the computer is rebooting, keep tapping the F8 key, you’ll get a menu. Safe mode, without networking. Once Windows starts, log in as the same user you installed all the software as.
First, run CCleaner, checking in every checkbox except Wipe Free Space. This will take some time as CCleaner removes all the temporary files from the computer (removes some of the virus, and makes further scanning faster).
Next, run both the Vundo removers.
After that, run SpyBot, then SuperAntiSpyware. Both will take some time to run.
After they are done running, log out, and log in as any other users and re-run Spybot and SuperAntiSpyware.
You’ll need to do this on any other computers that are connected to this one (laptops included). All PC’s on the same network could possibly be infected.
After all is said and done, Vundo should be completely gone. Make sure to turn System Restore back on, and you can remove the installed programs if you wish.
In the future, make sure you have a good AnitVirus / AntiSpyware program running, because whatever you have now either dosn’t work, or is in need of updating. AVG Internet Security does a good job of stopping these kinds of threats, and isn’t horribly expensive.
Last but not least, don’t click on anything, EVER, that says “click here to scan your PC” or “click here to make your PC faster” if it comes up in a web browser – your web browser will never tell you that your computer is “infected” and offer to fix it – hence, a Trojan.
Happy hunting!