Vundo

Vundo Description



Vundo is a Trojan that infects computers through misleading means and then sabotage the system by creating pop-ups, downloading other malware, or attacking security features. You may also find that your web browser or Internet connectivity in general are malfunctioning and should assume that Vundo is running as a hidden background process unless you’ve verified otherwise. The characteristics of any particular Vundo infection can be diverse, but removing Vundo is almost always a difficult task to accomplish through manual methods. Running suitable anti-malware software is more likely to result in deleting Vundo with no other problems.

Catching Vundo-Related Damage Before It’s Too Late


Although attacks by Vundo Trojans can take quite a few forms, many attacks are more widely-used than others. Here are some of the most prominent Vundo dangers:
  • The vast majority of Vundo variations will create pop-ups. Some may only create them when the relevant web browser is open, while others will create pop-ups regardless of your application usage. These pop-ups are very likely to contain links to dangerous websites or make false claims of analyzing your PC health.
  • Vundo will frequently disable many types of security-related functions on your PC. This is usually accomplished by corrupting the Windows Registry, and can include disabling Automatic Updates, disabling the Windows default firewall and shutting down widely-used anti-malware scanners. Different portions of your interface, particularly parts of the Control Panel, may also be hidden to prevent access.
  • Vundo may also supplement Vundo’s security-disabling features by provided remote administration tools for anonymous attackers. These tools allow remote attackers to control your PC for a variety of purposes, and completely jeopardize any semblance of security or privacy on the system while Vundo is present.
  • Other malware may join Vundo in attacking your computer after Vundo downloads and installs them. Vundo can do this without your permission and is almost certain to hide the actual process from you.
    Download SpyHunter Spyware Scanner
    Even the files themselves are likely to be hidden. The most common payloads installed by Trojans like Vundo are spyware that attempt to steal account login information and rogue security programs.
  • Vundo may also perform some spyware-related activities by itself, such as keylogging – recording keyboard keystrokes to a log that is later sent out to criminals for perusal. More advanced forms of spyware can also take screenshots of the monitor display and record microphone or webcam input.
  • Vundo may hijack your web browser to prevent you from accessing safe websites. This is typically done by creating a fake error that tells you a website is unsafe. Other known web browser hijacker traits include changing the user’s homepage and search engine results to force him or her to visit a dangerous website.

Healing the Vundo Wound After the Damage is Done


Most Vundo infections will manifest with signs of registering hidden .dll files on your PC, making harmful changes to your Registry, deleting various system tools and altering system settings without permission. Attempting to delete Vundo by simply tossing the files into your Recycle Bin is extremely likely to fail or cause other problems that continue to create system dysfunction, and deleting the wrong .dll file or Registry entry can permanently damage your operating system.

Since all of these possibilities make Vundo a sophisticated threat, Vundo requires a sophisticated removal method that can account for all possible side effects. The average PC user will find it simplest and best to use an anti-malware scanner to remove Vundo without risking the deletion of important files or entries. Any scanning software used should be updated to the last available update, since there are many varieties of Vundo and one can easily avoid detection methods that would catch another type of Vundo.

Vundo is also detected under the names of MS Juan, VirtuMonde and VirtuMundo.

Aliases


PSW.Generic10.BYML [AVG]W32/SpyVoltar.A!tr [Fortinet]Virus.Win32.Vundo [Ikarus]Suspicious.Cloud.7.F [PCTools]Trojan/Win32.Vundo [AhnLab-V3]W32/Backdoor.NVDQ-2921 [Commtouch]Gen:Variant.Kazy.1186 (B) [Emsisoft]TR/Kazy.1186.4 [AntiVir]Trojan.Win32.Generic.pak!cobra [VIPRE]Mal/Vundo-AJ [Sophos]

More aliases (4174)


Vundo Automatic Detection Tool (Recommended)


Is your PC infected with Vundo? To safely & quickly detect Vundo, we highly recommend you run the malware scanner listed below.




Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 ssqrp.dll 607
    2 lutazipu.dll 555
    3 fubatuzo.dll 548
    4 maweyeri.dll 527
    5 kuzogago.dll 321
    6 sohovaha.dll 262
    7 %TEMP%\_A00F[RANDOM CHARACTERS].exe 241
    8 %SystemRoot%\System32\byX[RANDOM CHARACTERS].dll 220
    9 tareyezu.dll 117
    10 jutizowi.dll 21
    11 fpfstb.dll N/A

    More files

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, value: yayvtspSoftware\Microsoft\Internet Explorer\URLSearchHooks, value: {B6C621ED-821B-4311-4EF1-ACA0C115E707}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {06EEE729-30EC-4480-A5D2-89BB99A618FA}software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {1C72F7D4-A286-4B60-BDAD-438982FBB771}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {BE0FF150-C7FC-4E37-8F92-4E9AF1389238}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {F1C5B241-BFBE-4CFC-99A4-76823ADF23F6}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {1CF662BF-4AFD-4778-8306-1F0EB8284EBB}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {76CFB752-E1B5-45E5-871F-E696B997FFB1}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {48F2A76C-BCC4-4D15-97AC-2C78BC84CB45}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {C7BBDD18-4BD1-416D-877A-4EDB566A0054}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {C16CDB5C-2468-4116-AD60-868CA1368FA1}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, value: mgsvflkwSOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, value: SSODLHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}6B95DB4FabypofwhApachIncBat Wave Base Dalebuvwfklwbwtwhehq.exediclwdyADklvfdwdsregt.exehorymywej0221833j7251636j9221031.dllKvsc3lolgrmra.exeMemoryManagermevegaMicrosft Windows Adapter 5.1.3013Microsoft Windows Adapter 5.1.3214mjdsregl.exemjdsregs.exemlwfltyj.dllmndsregp.exemppdsmppds.exemsccrtmsdsregm.exeMsIMMs32MsIMMs32.exeMSOfficeownsuserpfrnnzxAPrintDriveQghrkqqm.exeRoogpcgrs2R3phTapicfg.exeTISKY009.exetmp5B.tmp.exeUninstall_CToolbaruzvdfoXriybkjufczzzb{09-93-30-07-ZN}{17-79-92-28-ZN}{32-2B-B3-32-ZN}{62-24-47-7E-ZN}{74-49-9C-CD-ZN}{9B-B6-64-4C-ZN}{A0-08-87-75-ZN}{AC-CA-A5-5A-ZN}{B1-1B-B5-58-ZN}{B5-54-43-3D-ZN}{B9-92-26-69-ZN}{D6-6B-BA-A5-ZN}{FA-AA-A9-90-ZN}{FC-CD-D6-62-ZN}
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} {A5BF49A2-94F1-42BD-F434-3604812C807D}{086f7b54-2ca1-4f41-beee-2dfd4e43c750}{dd02a4eb-4afd-4d60-99d8-e67f964ca813}{f12aa50a-a033-4dd6-a337-9d31d83212f2}{BD55E693-059F-4788-9C79-5D40456AAEE4}{AA9B2A35-386E-4F4E-8039-B3FD71ED5699}{C85195D8-8617-4CD3-815E-DBF7D2701A66}{95591C64-DE8C-F35C-8A0E-FEADA99029C4}{950E1E39-86DF-A75B-8A0E-FEADA99026C1}{2497288a-b7fd-495e-9c51-3dd8e0e6bb48}{B6C621ED-821B-4311-4EF1-ACA0C115E707}{4FE8A666-40D2-4A06-A338-6EE341C8FFB9}{6E245D87-17DC-4AF5-BCD5-7C29CEAF0EE1}{92a44a16-c56a-4506-b5cd-6fe05bdbe182}{123b62fe-b732-4f2b-9113-be756ab2afb2}{49B63F51-4116-4BF7-A2CD-EE58F776AF07}{BDD8F083-948A-422E-8479-F4F213052EB3}{67DAF2C9-E1C7-4F39-8D31-308033BF783A}{0843B602-E7DF-43D4-A68A-CD57AA7504BA}{9EE7369A-04FE-4BCE-B3B1-B419D3DE29CB}{287F4B2E-CE09-433F-A114-756EA51CD91A}{677980DC-F409-4E28-82DA-F0ED21D12104}{b42cd578-fedc-4295-8191-a688d8d82c6c}{51E30BDC-0E41-4AED-8FBE-7813CB42497B}{87d0d4c2-102f-4982-8abb-51605a7887fc}{402f36c6-7287-4663-8622-f0c1ba50d006}{95e1c610-3681-43cc-87a4-5cb151c0ea31}{43a7cc74-42e8-4b0c-8985-817513e9f31e}{581be782-64c8-4434-a150-3c28747f2abd}{B2B4ADCA-8F2E-4C3F-A3B5-DC222D9B5D99}{52CC18CF-8BC9-434E-9885-7A8DC2F49E49}{2236d1ca-6b18-4c56-b402-d45d812c4187}{2bc001c5-63f1-46ff-9138-2ec687eda471}{d83d605f-417b-431d-945c-0ce9012fa282}{310CEF0B-1E4E-44FE-BB3E-E2DA4BC8CF91}{5FCB5CD8-F7BD-4A71-A870-6B80DE1DC857}{be479701-7f21-4aad-a9a7-4623b44f44ec}{610F87CB-9244-6179-D493-1006C8942C74}{bcdad886-d2a2-4cf0-a1d8-da007a530515}{48ae78c4-2ec2-4cb9-9d92-bc729a49718a}{C87AEA51-C5B8-4BAD-813B-033EBA98954B}{d9ef81f4-7ef4-45e3-9dce-0165deb28940}{A98B74B3-3120-4334-9549-E52C99EB2DAF}{5867BD51-2C0B-4160-9B9E-0C1D09298758}{af6a817c-7ccf-42f4-a83e-7659bd31c3fb}{BB9EE723-262E-4F2C-83C2-DD4DAB4DCBF5}{41FED73A-D04E-459C-90FE-BA391B6E4686}{F1A8A148-946D-489D-84F6-8828E7FC734D}{281C27E9-237D-4350-8D50-F634B8F8DDE8}{f74500d4-08ce-4540-8a4b-437363cad2e3}
Posted: March 28, 2006 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 265

3 Comments

  • Charlie Smith says:
    September 8, 2011 at 10:06 am

    I was able to remove the vundo trojan thanks to your malware scanner program spyhunter. I bit the bullet and purchased it (took a chance) and thankfully it worked. Glad I can find an honest site and program to get rid of malware. Thanks people!

  • daniel says:
    February 5, 2009 at 7:56 pm

    i have windows xp and i could not find one of those registry entries. is there a new virus with the same name????

  • glitch says:
    May 20, 2008 at 10:48 am

    verry good explanation , but missing the part on how to find vxd files wich puts the dll’s back

Leave a Reply

What is 10 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)