We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Vundo Virus
Options

General_Hogwart
Posts: 254 Forumite
in Techie Stuff
I picked up a Virus called Vundo recently which was causing my system to run slow and, lots of other problems and lots of pop-ups too.
Does anyone know where the virus may have come from and recommend a good anti-virus/anti malware to keep it and others away.
I hope it did not have a keylogger or anything else like that as I used a debit card whilst infected and really hope they didn't get the details! :-s
Does anyone know where the virus may have come from and recommend a good anti-virus/anti malware to keep it and others away.
I hope it did not have a keylogger or anything else like that as I used a debit card whilst infected and really hope they didn't get the details! :-s
0
Comments
-
have you removed it properly ??
http://www.majorgeeks.com/download4954.html
VundoFix is a [URL="javascript:void(0)"]removal tool[/URL] for Virtumonde - aka Winfixer.
To use Vundofix:
- Download the file and then double-click *VundoFix.exe* to run it.
- Put a check next to *Run VundoFix as a task.
- You will receive a message saying vundofix will close and re-open in a minute or less. Click *OK*
- When VundoFix re-opens, click the *[URL="javascript:void(0)"]Scan[/URL] for Vundo* button.
- Once it's done [URL="javascript:void(0)"]scanning[/URL], click the *Remove Vundo* button.
- You will receive a prompt asking if you want to remove the files, click *YES*
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click *OK*.
- Turn your computer back on.Ex forum ambassador
Long term forum member0 -
and there is a very good chance that it included a keylogger
follow posts 1 to 4 of
http://forums.moneysavingexpert.com/showthread.html?t=133269Ex forum ambassador
Long term forum member0 -
Thanks Browntoa,
I think it is all gone, a friend used a Vundofix tool but it wouldn't delete the files in windows, even in safe mode, he had to connect to a different o/s to remove it.
Just had a pop-up now but think that was from something else (real player maybe) it had the same colourings - something about movies.
Gutted if it does have a keylogger, hopefully thats all gone too.
I will have a good read through those threads. Thanks again!0 -
I too have Virtumonde on my computer which Adaware picked up tried to get rid of it as suggested using Vundofix which appeared ok.
Next time I used Adaware again it picked up the Virtumonde infection but when I scan with Vundofix it comes up all clear?
It has infected Reg Value ...\microsoft\windows\currentversion\explorer\shellexe
Also Reg Key ....software\microsoft\installer
Also if I use Adaware in safe mode it states the definitions are 106 days old and needs updating and does not pick up the Virtumonde but when run in normal mode it is up to date and does pick up the Virtumonde infection.
How can I get rid of this annoying infection.
I am using Windows Vista0 -
read post 2 again in this thread, follow that
then follow post 3 of this thread
you may need to run what is Vista compatable but run it in safe mode
Spybot is Vista compatable
To get into the Windows Vista Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" . Use your arrow keys to move to "Safe Mode" and press your Enter key.Ex forum ambassador
Long term forum member0 -
Tried vendofix a few times but finds nothing Adaware keeps finding it though also has found Adware.NaviPromo which Adaware cant fix.
Also having a few problems with my internet connection which keeps dis-connecting and going off line need to sort this out to download Spybot post etc0 -
it's important to run in safe mode
hit F8 on boot upEx forum ambassador
Long term forum member0 -
Try also running SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php0
-
SmitfraudFix doesn't target Vundo infections.
If VundoFix hasn't been updated to cover your variant yet, use ComboFix on the machine. That way, you'll see what extra Vundo files need deleting from the report log.
Download ComboFix from either of these links:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click Combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick Combofix's window whilst it's running. That may cause it to stall.0 -
Make sure you turn off system restore, it always backups the virus for you0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards