What is Virtumonde

Virtumonde, also known as Vundo, is a type of malware/adware that often requires special help, or tools, to remove. It hooks itself into the system and then displays pop-ups. It has also been seen, though not as commonly, popping-up fake alerts for rogue anti-spyware.

There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine. Some Virtumonde variants are known to resist removal.

Technical Details of Virtumonde

  • Full name: Win32/Vundo [VET], Vundo.dll [McAfee], TrojanDownloader.Win32.Agent.cv[Kaspersky], Spyware/Virtumonde[Panda], Win32/Vundo.DLL!Trojan[Computer Associates], Win32.Vundo[Computer Associates], Win32/Vundo!Trojan[Computer Associates], Win32.Vundo.H[Computer Associates]
  • Date Appeared: Variants from January, 2004 to December, 2004
  • Characteristic: Adware
  • URL:

Do I need to remove Vundo

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

> > >Download< < <

Free Scanner for Vundo

.

How to Uninstall Vundo scam

The best way for the removal of Vundo is to install a good quality Anti-spyware Program and scan your system for any Vundo infections.

Automatic removal of Vundo is always good and complete as compared to any attempts to manually remove xxxxx, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Vundo .

Instructions to get rid of Vundo

If you really want to remove the Vundo infection on your system manually then proceed as follows.

Step 1: Kill the Vundo ProcessesLearn how to do that

…..

Step 2: Remove Vundo files, folders and all associated Vundo DLL files: Learn how to do that

%system%\pmkhe.dll
%system%\mlljh.dll
%system%\khfecdb.dll
%system%\cidrules.dll
%system%\jiijyilm.dll
_sasa_20070830.dll
_affvm.dll

_sasa_20070830.dll
000e4f61.ex$
00161a48.ex$
001b7e29.ex$
001e08c5.ex$
001fcf2d.ex$
00256767.ex$
002a2161.ex$
003e9260.ex$
0042a2fd.ex$
004d3375.ex$
00516767.ex$
0055a19b.ex$
0084b04c.ex$
009da2c0.ex$
00a69b8d.ex$
00a7b847.ex$
00ac3c54.ex$
00acda0e.ex$
00af628c.ex$
00b5979d.ex$
00bc1789.ex$
00c8ae04.ex$
00c9e387.ex$
00ce0fb8.ex$
00d21e05.ex$
00d90d38.ex$
00e73b4c.ex$
00e890c0.ex$
00faa8cd.ex$
00fae174.ex$
00fc36e3.ex$
012c3584.ex$
01362370.ex$
0141f8d9.ex$
0147f3d3.ex$
01515944.ex$
015265a1.ex$
0156feb7.ex$
01583a1e.ex$
01590d31.ex$
0165d9df.ex$
01666477.ex$
017752bb.ex$
01776832.ex$
017a18ee.ex$
017b85ab.ex$
017d0567.ex$
017db3ac.ex$
0187a64a.ex$
01906ad3.ex$
019381ac.ex$
019da99b.ex$
01a5a495.ex$
01ac07e1.ex$
01b0be9b.ex$
01b23704.ex$
01b2b26c.ex$
01d27b27.ex$
01d7528a.ex$
01dcc298.ex$
01e51896.ex$
01e8737c.ex$
01ee2caf.ex$
01ee3e09.ex$
02136531.ex$
02162d14.ex$
021acf82.ex$
02494be3.ex$
024ea9b9.ex$
0253905e.ex$
0258db8c.ex$
0261f0f3.ex$
026569f9.ex$
02705704.ex$
0272bf79.ex$
0274388b.ex$
02889836.ex$
028c6e25.ex$
029974c6.ex$
029f59cd.ex$
02a6aa9b.ex$
02aeceb1.ex$
02b58f73.ex$
02c6346c.ex$
02c63b55.ex$
02cee1c6.ex$
02d33236.ex$
02e6978f.ex$
02eb98a4.ex$
02ecf9fe.ex$
02edeb29.ex$
02f076e4.ex$
02f23d9b.ex$
02f40795.ex$
02f7bc98.ex$
02fcd8b8.ex$
030440a9.ex$
0327f927.ex$
0334515e.ex$
0338d568.ex$
033ff837.ex$
035a727d.ex$
03624d6f.ex$
037576a6.ex$
03795a93.ex$
037b2a94.ex$
0383f664.ex$
038c348b.ex$
0390d001.ex$
0393f29f.ex$
039aa5d7.ex$
039fabe2.ex$
03abe77a.ex$
03b61ecc.ex$
03b67224.ex$
03b9c7c1.ex$
03ba8d38.ex$
03ba9134.ex$
03c0f590.ex$
03c99921.ex$
03cbd587.ex$
03d05dc6.ex$
03d39a12.ex$
03d87f10.ex$
03d94442.ex$
03df1957.ex$
03f6756c.ex$
03fda07c.ex$
0410ac1d.ex$
041bf2d5.ex$
0422a285.ex$
042b685b.ex$
043b4a2b.ex$
043b6adf.ex$
04450079.ex$
0446697e.ex$
044d13ad.ex$
045f1ee3.ex$
0462186c.ex$
046724bf.ex$
046e6126.ex$
047171a0.ex$
0473eb16.ex$
047cf137.ex$
0481810d.ex$
049b39b1.ex$
049b6b0b.ex$
04a4b40a.ex$
04a5e379.ex$
04aec56f.ex$
04af4e91.ex$
04b1aed7.ex$
04b7668e.ex$
04befd3b.ex$
04c4005f.ex$
04c45294.ex$
04c54d36.ex$
04d7ea81.ex$
04e15a67.ex$
04e58a03.ex$
04f634ea.ex$
04f7676d.ex$
04f7986f.ex$
0507dae3.ex$
050e2ad6.ex$
05103871.ex$
0510d401.ex$
0512b0bd.ex$
0521b008.ex$
05232611.ex$
052a2d59.ex$
05325a8c.ex$
0535c7f9.ex$
05374ba2.ex$
0539686b.ex$
053fbbe8.ex$
0545f102.ex$
054dce93.ex$
0552a9e9.ex$
055c3098.ex$
056c8f73.ex$
0574686d.ex$
057b2aa2.ex$
05818d5a.ex$
0588315d.ex$
05899202.ex$
058b4b35.ex$
058e181e.ex$
059106e7.ex$
0593ff48.ex$
059447c0.ex$
05971b2e.ex$
059b2fdc.ex$
059cac8d.ex$
05aec3ab.ex$
05c2749b.ex$
05c91563.ex$
%profile%\local settings\temp\nursar.dat
__c0022221.dat
_affvm.dll
%system%\cidrules.dll
%system%\hjllm.bak1
%system%\hjllm.ini
%profile%\local settings\temp\svci.exe
%profile%\local settings\temp\vmtemp.tmp
%system%\jiijyilm.dll
%system%\khfecdb.dll
%system%\mlljh.dll
%system%\pmkhe.dll
%system%\svci.exe
%windows%\inf\psdrv.exe
%windows%\inf\vrdsp.ini
%system%\pmkhe.dll
%system%\mlljh.dll
%system%\khfecdb.dll
%system%\cidrules.dll
%system%\jiijyilm.dll
_sasa_20070830.dll
_affvm.dll
%windows%\inf\psdrv.exe
%system%\svci.exe
%profile%\local settings\temp\svci.exe

%program_files%\earn

Step 3: Uninstall Vundo registry entries: Learn how to do that

HKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_CLASSES_ROOT\atlevents.atlevents.1
HKEY_CLASSES_ROOT\atlevents.atlevents.1\clsid
HKEY_CLASSES_ROOT\atlevents.atlevents\clsid
HKEY_CLASSES_ROOT\atlevents.atlevents\curver
HKEY_CLASSES_ROOT\clsid\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\clsid\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_CLASSES_ROOT\clsid\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_CLASSES_ROOT\clsid\{2538878e-873a-48e7-85a6-c53acd0da915}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{2538878e-873a-48e7-85a6-c53acd0da915}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_CLASSES_ROOT\clsid\{bb54de33-e539-4749-bfac-cc49617e8f2a}
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6} appid
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}\progid
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}\typelib
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}\versionindependentprogid
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder.1
HKEY_CURRENT_USER\software\microsoft\sysupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run sysupd
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe asynchronous
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe dllname
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe impersonate
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe logoff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe startup
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2316230a-c89c-4bcc-95c2-66659ac7a775}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run windowsupd
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce *catw
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce *winlogon
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce *winlogon
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce *catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run sysupd

Free Scan for Vundo