Home Malware Programs Trojans Vundo


Posted: March 28, 2006

Vundo is a Trojan that infects computers through misleading means and then sabotage the system by creating pop-ups, downloading other malware, or attacking security features. You may also find that your web browser or Internet connectivity in general are malfunctioning and should assume that Vundo is running as a hidden background process unless you've verified otherwise. The characteristics of any particular Vundo infection can be diverse, but removing Vundo is almost always a difficult task to accomplish through manual methods. Running suitable anti-malware software is more likely to result in deleting Vundo with no other problems.

Catching Vundo-Related Damage Before It's Too Late

Although attacks by Vundo Trojans can take quite a few forms, many attacks are more widely-used than others. Here are some of the most prominent Vundo dangers:

  • The vast majority of Vundo variations will create pop-ups. Some may only create them when the relevant web browser is open, while others will create pop-ups regardless of your application usage. These pop-ups are very likely to contain links to dangerous websites or make false claims of analyzing your PC health.
  • Vundo will frequently disable many types of security-related functions on your PC. This is usually accomplished by corrupting the Windows Registry, and can include disabling Automatic Updates, disabling the Windows default firewall and shutting down widely-used anti-malware scanners. Different portions of your interface, particularly parts of the Control Panel, may also be hidden to prevent access.
  • Vundo may also supplement Vundo's security-disabling features by provided remote administration tools for anonymous attackers. These tools allow remote attackers to control your PC for a variety of purposes, and completely jeopardize any semblance of security or privacy on the system while Vundo is present.
  • Other malware may join Vundo in attacking your computer after Vundo downloads and installs them. Vundo can do this without your permission and is almost certain to hide the actual process from you. Even the files themselves are likely to be hidden. The most common payloads installed by Trojans like Vundo are spyware that attempt to steal account login information and rogue security programs.
  • Vundo may also perform some spyware-related activities by itself, such as keylogging – recording keyboard keystrokes to a log that is later sent out to criminals for perusal. More advanced forms of spyware can also take screenshots of the monitor display and record microphone or webcam input.
  • Vundo may hijack your web browser to prevent you from accessing safe websites. This is typically done by creating a fake error that tells you a website is unsafe. Other known web browser hijacker traits include changing the user's homepage and search engine results to force him or her to visit a dangerous website.

Healing the Vundo Wound After the Damage is Done

Most Vundo infections will manifest with signs of registering hidden .dll files on your PC, making harmful changes to your Registry, deleting various system tools and altering system settings without permission. Attempting to delete Vundo by simply tossing the files into your Recycle Bin is extremely likely to fail or cause other problems that continue to create system dysfunction, and deleting the wrong .dll file or Registry entry can permanently damage your operating system.

Since all of these possibilities make Vundo a sophisticated threat, Vundo requires a sophisticated removal method that can account for all possible side effects. The average PC user will find it simplest and best to use an anti-malware scanner to remove Vundo without risking the deletion of important files or entries. Any scanning software used should be updated to the last available update, since there are many varieties of Vundo and one can easily avoid detection methods that would catch another type of Vundo.

Vundo is also detected under the names of MS Juan, VirtuMonde and VirtuMundo.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

fpfstb.dll File name: fpfstb.dll
File type: Dynamic link library
Mime Type: unknown/dll

Related Posts


  • glitch says:

    verry good explanation , but missing the part on how to find vxd files wich puts the dll's back

  • daniel says:

    i have windows xp and i could not find one of those registry entries. is there a new virus with the same name????

  • Charlie Smith says:

    I was able to remove the vundo trojan thanks to your malware scanner program spyhunter. I bit the bullet and purchased it (took a chance) and thankfully it worked. Glad I can find an honest site and program to get rid of malware. Thanks people!