1 2 Previous Next 11 Replies Latest reply on Mar 26, 2008 6:58 PM by exbrit

    Help with removing Vundo Trojan

      I can not seem to rid this Vundo Trojan from my computer..... I downloaded Process Explorer from Sysinternals, turned off system restore , and followed the instructions for removal. I have done this 3 times already. After the scan is done it says it has been removed and I need to restart pc. When I restart it is still there???? HELP??? Anything else that I can do to get rid of this.????
        • 1. RE: Help with removing Vundo Trojan
          kdrohan1

          Vundo is ever changing and has done so recently, follow instructions below and they`ll be able to assist you.

          Register at this Forum then follow these Steps post the required log in that forum,not here.
          • 2. RE: Help with removing Vundo Trojan
            In addition to paullotion's good advice, I've removed Vundo using the tools below:

            First, Download and run the "SDFix.exe" program to extract the files to the C:\SDFix folder.. Next, restart into Safe Mode, navigate to the C:\SDfix folder, then run the "RunThis.bat" file inside. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
            Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

            Next, run the "VundoFix.exe" tool. After "VundoFix" starts, click on the "Scan for Vundo" button and after the files are found, then click on the "Remove Vundo" button.

            SDFix (Clicking on the link below will immediately start the download dialogue box.)
            http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

            VundoFix
            http://www.atribune.org/content/view/24/2/

            Hope this helps.

            Grif
            • 3. Re: Trojan Vundo
              Thanks for replying....I am going to try and remove Vundo by downloading the tools you advised. I truly hope that they will work for me. I do not know at this point which has become more annoying, having the Trojan, or the pop-up warning constantly telling me that I have it, lol. I will post back and let you know how it goes....Thanks again.:)
              • 4. Thank You....Vundo Trojan Removed!
                Grif Thank you SO much for replying to this post.....I used the links to the removal tools that you posted and I have successfully removed Vundo from my system!:D Thanks
                • 5. Vundo.Trojan
                  Hi All, I'm not so lucky, I followed all the steps but I can't remove vundo tronjan.
                  At the end, it does not found any virus, and the virus still on my machine...

                  First Alert from McAfee:
                  McAfee has automatically blocked and removed a Trojan.
                  About this Trojan
                  Detected: Vundo (Trojan), Vundo (Trojan)
                  Location: C:\WINDOWS\system32\mllml.dll
                  Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

                  Second Alert:
                  McAfee has automatically blocked and removed a Trojan.
                  About this Trojan
                  Detected: Vundo (Trojan), Vundo (Trojan)
                  Location: C:\Documents and Settings\Toni Almeida\Local Settings\Temporary Internet Files\Content.IE5\CESCSP1F\css4[1]
                  Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

                  This message from McAfee telling that I'm infected happens all day, by 1 in 1 hour, the only thing that's modified is the name of the file of the first virus "Location: C:\WINDOWS\system32\mllml.dll" it have some kind of random name, mllml.dll, vlqml.dll ...

                  Could some one help me please?
                  Thanks from Portugal.
                  • 6. RE: Vundo.Trojan
                    So you've tried cleaning out the Temporary Internet Files folder manually..?

                    Have you run the free spyware removal from the link below. After downloading, installing, and updating the program below, then restart the computer and run a full system scan while in Safe Mode.:

                    Antispyware Tool #2

                    If the above tool doesn't clean it, then remove the "mllml.dll" file manually.. First, try rebooting into Safe Mode and delete the file.. If that doesn't remove it, then use the instructions below:

                    http://www.filehippo.com/download_unlocker/

                    Hope this helps.

                    Grif
                    • 7. Can't Remove Vundo Trojan
                      Hi Grif, sorry but I do all the stuff again, but this time I scan my computer in safe mode with "SUPERAntiSpyware", for some time I think the Vundo was away of my computer, but then I saw that the virus is still running, but now I saw that:

                      There are always two files created by the virus on the Temporary internet files folder ...
                      The name of virus on system32 folder "???.dll" is always a random name...
                      And The virus is "activated" hourly...
                      Here is an image explaining all: "promatik.no.sapo.pt/temp/vundovirus.jpg"

                      I don't know what this could be ... but I think the virus is some kind of extractor, that hourly send the virus with random name to system32 folder

                      Well, If you have any sugestion please tell me, I'll do everything to remove this trojan.
                      Thanks from Portugal
                      • 8. RE: Can't Remove Vundo Trojan
                        exbrit
                        Promatik, follow the steps in post # 2.
                        • 9. RE: Can't Remove Vundo Trojan
                          Yep, Time for running HijackThis, then posting a log to one of the specialized forums where they can interpret the results.

                          Hope this helps.

                          grif
                          1 2 Previous Next