I can not seem to rid this Vundo Trojan from my computer..... I downloaded Process Explorer from Sysinternals, turned off system restore , and followed the instructions for removal. I have done this 3 times already. After the scan is done it says it has been removed and I need to restart pc. When I restart it is still there???? HELP??? Anything else that I can do to get rid of this.????
In addition to paullotion's good advice, I've removed Vundo using the tools below:
First, Download and run the "SDFix.exe" program to extract the files to the C:\SDFix folder.. Next, restart into Safe Mode, navigate to the C:\SDfix folder, then run the "RunThis.bat" file inside. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Next, run the "VundoFix.exe" tool. After "VundoFix" starts, click on the "Scan for Vundo" button and after the files are found, then click on the "Remove Vundo" button.
Thanks for replying....I am going to try and remove Vundo by downloading the tools you advised. I truly hope that they will work for me. I do not know at this point which has become more annoying, having the Trojan, or the pop-up warning constantly telling me that I have it, lol. I will post back and let you know how it goes....Thanks again.
Hi All, I'm not so lucky, I followed all the steps but I can't remove vundo tronjan. At the end, it does not found any virus, and the virus still on my machine...
First Alert from McAfee: McAfee has automatically blocked and removed a Trojan. About this Trojan Detected: Vundo (Trojan), Vundo (Trojan) Location: C:\WINDOWS\system32\mllml.dll Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.
Second Alert: McAfee has automatically blocked and removed a Trojan. About this Trojan Detected: Vundo (Trojan), Vundo (Trojan) Location: C:\Documents and Settings\Toni Almeida\Local Settings\Temporary Internet Files\Content.IE5\CESCSP1F\css4 Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.
This message from McAfee telling that I'm infected happens all day, by 1 in 1 hour, the only thing that's modified is the name of the file of the first virus "Location: C:\WINDOWS\system32\mllml.dll" it have some kind of random name, mllml.dll, vlqml.dll ...
Could some one help me please? Thanks from Portugal.
Hi Grif, sorry but I do all the stuff again, but this time I scan my computer in safe mode with "SUPERAntiSpyware", for some time I think the Vundo was away of my computer, but then I saw that the virus is still running, but now I saw that:
There are always two files created by the virus on the Temporary internet files folder ... The name of virus on system32 folder "???.dll" is always a random name... And The virus is "activated" hourly... Here is an image explaining all: "promatik.no.sapo.pt/temp/vundovirus.jpg"
I don't know what this could be ... but I think the virus is some kind of extractor, that hourly send the virus with random name to system32 folder
Well, If you have any sugestion please tell me, I'll do everything to remove this trojan. Thanks from Portugal