What is Trojan.Vundo

Trojan.Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google.

As the Trojan.Vundo virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, as when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojan, but Apple Safari seems to be unaffected by the Trojan’s .dll file. The trojan’s DLL files are named with eight random upper- and lower-case characters and stored in the Windows system32 directory. Many virus removal programs will remove some of the trojan-created hidden files but not the actual running DLL. The DLL cannot be removed because the file is in use as soon as Winlogon starts. If some but not all of the trojan’s files are removed, it will make a new DLL with a different random name.

Technical Details of Trojan.Vundo

  • Full name: Trojan.Vundo, Trojan.Vundo
  • Date Appeared:
  • Characteristic: Trojan
  • URL:

Do I need to remove Trojan.Vundo

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > >Download< < <

Free Scanner for Trojan.Vundo

.

How to Uninstall Trojan.Vundo scam

The best way for the removal of Trojan.Vundo is to install a good quality Anti-spyware Program and scan your system for any Trojan.Vundo infections.

Automatic removal of Trojan.Vundo is always good and complete as compared to any attempts to manually remove Trojan.Vundo, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Trojan.Vundo.

VAriations of Vundo.Trojan

Trojan.Vundo.B
Vundo!12334F06
Vundo!40F01AF8
Vundo!5431D0AE
Vundo!7e18dec2
Vundo!8E1F90B9
Vundo!BC1FAAB8
Vundo!D722760F
Vundo.dldr
Vundo.dll
Vundo.dr
Vundo.gen.a
Vundo.gen.b
Vundo.gen.c
Vundo.gen.d
Vundo.gen.e
Vundo.gen.f
Vundo.gen.g
Vundo.gen.h
Vundo.gen.i
Vundo.gen.j
Vundo.gen.k
Vundo.gen.l

Instructions to get rid of Trojan.Vundo

If you really want to remove the Trojan.Vundo infection on your system manually then proceed as follows.

Step 1: Kill the Trojan.Vundo ProcessesLearn how to do that

Step 2: Remove Trojan.Vundo files, folders and all associated Trojan.Vundo DLL files: Learn how to do that

[%SYSTEM%]\WinCtrl32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\awtqo.dll
[%SYSTEM%]\awtqq.dll
[%SYSTEM%]\awvtt.dll
[%SYSTEM%]\awvvu.dll
[%SYSTEM%]\ddcca.dll
[%SYSTEM%]\ddccb.dll
[%SYSTEM%]\ddcya.dll
[%SYSTEM%]\ddcyv.dll
[%SYSTEM%]\drivers\blank.gif
[%SYSTEM%]\drivers\box_2.gif
[%SYSTEM%]\drivers\button_buynow.gif
[%SYSTEM%]\drivers\button_freescan.gif
[%SYSTEM%]\drivers\cell_bg.gif
[%SYSTEM%]\drivers\cell_footer.gif
[%SYSTEM%]\drivers\cell_header_block.gif
[%SYSTEM%]\drivers\cell_header_remove.gif
[%SYSTEM%]\drivers\cell_header_scan.gif
[%SYSTEM%]\drivers\detect.htm
[%SYSTEM%]\drivers\download_btn.jpg
[%SYSTEM%]\drivers\download_now_btn.gif
[%SYSTEM%]\drivers\footer_back.jpg
[%SYSTEM%]\drivers\header_1.gif
[%SYSTEM%]\drivers\header_2.gif
[%SYSTEM%]\drivers\header_3.gif
[%SYSTEM%]\drivers\header_4.gif
[%SYSTEM%]\drivers\header_red_bg.gif
[%SYSTEM%]\drivers\header_red_free_scan.gif
[%SYSTEM%]\drivers\header_red_free_scan_bg.gif
[%SYSTEM%]\drivers\header_red_protect_your_pc.gif
[%SYSTEM%]\drivers\infected.gif
[%SYSTEM%]\drivers\main_back.gif
[%SYSTEM%]\drivers\product_2_header.gif
[%SYSTEM%]\drivers\product_2_name_small.gif
[%SYSTEM%]\drivers\product_features.gif
[%SYSTEM%]\drivers\pt.htm
[%SYSTEM%]\drivers\rating.gif
[%SYSTEM%]\drivers\screenshot.jpg
[%SYSTEM%]\drivers\sep_hor.gif
[%SYSTEM%]\drivers\sep_vert.gif
[%SYSTEM%]\drivers\shadow.jpg
[%SYSTEM%]\drivers\shadow_bg.gif
[%SYSTEM%]\drivers\spacer.gif
[%SYSTEM%]\drivers\star.gif
[%SYSTEM%]\drivers\star_gray.gif
[%SYSTEM%]\drivers\star_gray_small.gif
[%SYSTEM%]\drivers\star_small.gif
[%SYSTEM%]\drivers\style.css
[%SYSTEM%]\drivers\s_detect.htm
[%SYSTEM%]\drivers\v.gif
[%SYSTEM%]\drivers\warning_icon.gif
[%SYSTEM%]\drivers\win_logo.gif
[%SYSTEM%]\drivers\x.gif
[%SYSTEM%]\geeda.dll
[%SYSTEM%]\geedc.dll
[%SYSTEM%]\geedd.dll
[%SYSTEM%]\jkkjg.dll
[%SYSTEM%]\kj.exe
[%SYSTEM%]\mljgh.dll
[%SYSTEM%]\mljjk.dll
[%SYSTEM%]\mllmj.exe
[%SYSTEM%]\pmkhe.dll
[%SYSTEM%]\pmnlk.dll
[%SYSTEM%]\ssqpn.dll
[%SYSTEM%]\vtsqo.dll
[%SYSTEM%]\vtsqp.dll
[%SYSTEM%]\vtutq.dll
[%SYSTEM%]\monln.dll
[%SYSTEM%]\pmkjk.exe
[%SYSTEM%]\WinUpdating.exe
[%SYSTEM%]\awtoolb.dll
[%SYSTEM%]\nnnliJdA.dll
[%SYSTEM%]\A0380mon.exe
[%SYSTEM%]\zxmscwin.dll
[%SYSTEM%]\mail.exe
[%SYSTEM%]\msxml71.dll
[%SYSTEM%]\IfxWlxEN.dll
[%SYSTEM%]\explore.exe
[%SYSTEM%]\avtap.dll
[%PROFILE_TEMP%]\xatD4.tmp
[%SYSTEM%]\VIE1.exe
[%SYSTEM%]\VIE4.exe
[%SYSTEM%]\VIE3.exe
[%SYSTEM%]\VIE2.exe
[%SYSTEM%]\Cpl32ver.exe
[%SYSTEM%]\lpov32i.dll
[%SYSTEM%]\efcBrSiI.dll
[%SYSTEM%]\prkkhifl.dll
[%SYSTEM%]\aoeklfpw.dll
[%SYSTEM%]\kyhlgpns.dll
[%SYSTEM%]\__c00A9A08.dat
[%SYSTEM%]\__c007725E.dat
[%SYSTEM%]\sups.dll
[%SYSTEM%]\dfax32i.dll
[%SYSTEM%]\__c00DA344.dat
[%SYSTEM%]\__c0043473.dat
[%SYSTEM%]\VIE17BF.exe
[%SYSTEM%]\__c00AC806.dat
[%SYSTEM%]\bmakwrtd.dll

[%PROGRAM_FILES%]\akl
[%PROGRAM_FILES%]\3721
[%PROGRAM_FILES%]\amsys
[%PROGRAM_FILES%]\p2pnetworks
[%PROGRAM_FILES%]\accoona
[%SYSTEM%]\sznf.ascii
[%PROGRAM_FILES%]\e-zshopper

Step 3: Uninstall Trojan.Vundo registry entries: Learn how to do that

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State

Free Scan for Trojan.Vundo