Virtumundo (Vundo) Trojan

You do not get this Trojan randomly, you got it because you installed rogue programs on your computer, namely WinAntiVirus2009, WinFixer, SysProtect and WinAntiSpyware or one of the various other 'programs' that are rogue anti-spyware and anti-virus programs produced by cyber-criminals.  Users are normally targeted using fake scans which report false positives, then pop up fake warnings and alerts, which tell users that their computers are infected.

An example of this type of misleading advertisement would be pop-ups alerting users that they are infected with a malicious program, Spyware, Trojan, or Virus. Once you install one of these 'Vundo' variant rogue programs, your computer is infected.

Virtumundo is highly evolved and hard to remove because it uses many different methods to first, avoid detection and second, avoid removal. Some of these methods are installing files with random names, installing to random Auto Run locations, installing random CLSID's, and installing root kits. The only reason for all of these methods is to prevent Virtumundo and its variants from detection and removal tools, i.e. anti-spy-ware and anti-software.

Because Virtumundo has so many variants, and because new variants are released so often, sometimes several times a day, they often manage to stay one step ahead of most anti-virus and anti-spy-ware software. This is the reason for the frequent updates and why they produce so many variants.

And because Virtumundo variants install files to so many places on a user's hard drive and because the file names are constantly changing, Virtumundo is very difficult to remove, as you may have so frustratingly discovered?

The Vundo variants have been on the web since the early 1990's, they have had plenty of time to evolve into sophisticated Trojans that specialize in being hard to detect and even harder to remove. Virtumundo and its variants have generated millions, perhaps even billions of dollars/pounds for the miscreants who produce them. The more it evolves the harder it becomes for anti-virus and anti-spy-ware software to prevent, detect and remove them.  This has fortunately, created a demand for specialized tools to target these specific kinds of infections and remove them.

The seriousness of the infection and it's propensity to spread itself on your hard drive makes it imperative that you remove it as soon as possible. The longer you leave it on your computer the more it will spread on your hard drive, the more locations it will find to hide in, and therefore, the more difficult it will be for you to remove.

You will need the following tools to remove Virtumundo and its variants from your computer. Please be sure to read the instructions that come with these tools carefully. Following the instructions will ensure that you will be able to get rid of the infection entirely.

Click on the below link to obtain the FREE fix for this Trojan;

 

'VundoFix'  Tool (Freeware)

 

Normal Instructions for Removal:

* Download 'VundoFix' to your desktop.
* Double left click the VundoFix.exe file to run it.
* When 'VundoFix' opens, click the 'Scan for Vundo button'.
* Once it is done scanning, click the 'Remove Vundo button'.
* You will receive a prompt asking if you want to remove the files, click 'YES'.
* Once you click YES, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click 'OK'.

Please Note:  

It is possible that 'VundoFix' may encounter a file it could not remove.
In this case, 'VundoFix' will attempt run on reboot, simply follow the above instructions starting from;

Click the 'Scan for Vundo button', when 'VundoFix' appears at reboot.

If 'VundoFix' gives an runtime error on start up you are most likely missing the file:   comdlg32.ocx

A new copy and instructions on where to put it can be found HERE.