Vundo Description:Vundo is a widely-spread trojan that shows large amount of unsolicited pop-up advertisements. The spyware also silently downloads from the Internet and runs arbitrary potentially harmful files, mostly adware components. Vundo is distributed by e-mail in messages containing links to insecure web sites, which exploit certain security vulnerabilities of the Internet Explorer web browser. Once the user clicks on such a link, Internet Explorer opens a dangerous site that automatically installs the trojan into the computer without user knowledge and consent. Vundo is responsible for the severe decrease of the amount of computer virtual memory available. This results in noticeable PC performance slowdowns. Vundo secretly runs on every Windows startup.Vundo Manual Removal Instructions:
Step 1 : Use Windows File Search Tool to Find Vundo Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "Vundo" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "Vundo", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Vundo in the following manual removal steps.
Step 2 : Use Registry Editor to Remove Vundo Registry Values
To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
To delete "Vundo" value, right-click on it and select the "Delete" option.
Locate and delete "Vundo" registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainActiveState 02F96FB7-8AF6-439B-B7BA-2F952F9E4800
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINESOFTWAREClassesATLEvents.ATLEvents 8109AF33-6949-4833-8881-43DCC232B7B2 2316230A-C89C-4BCC-95C2-66659AC7A775
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainActive State
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce*WinLogon
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon
Step 3 : Use Windows Command Prompt to Unregister Vundo DLL Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Vundo DLL file is located and press the "Enter" button on your keyboard. If you don't know where Vundo DLL file is located, use the "dir" command to display the directory's contents.
To unregister "Vundo" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Vundo.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
Search and unregister "Vundo" DLL files: vzbb.dll
Step 4 : Detect and Delete Other Vundo Files
To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in "del name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "Vundo" process and click on the "End Process" button to kill it.
Remove the "Vundo" processes files: vzbb.dll
Add this code
No comments:
Post a Comment