Virtumonde - Vundo Trojan Virus Removal Guide

Virtumonde – Vundo Trojan Virus Removal Guide

Virtumonde, also known as trojan.vundo, is adware and part of the vundo trojan which infects your computer and creates popups. Many of the popups may take you to sites which can be dangerous. The trojan sometimes gets into a user’s PC through outdated programs of Sun Java. To protect yourself in the future, always update programs that are used in your web browser.

Type: Adware (Click Here To Learn More)
Risk: Medium

Below is our recommended removal tool for Virtumonde, also known as trojan.vundo. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Manual Removal – It is challenging to manually remove it since it has many different variants. However, if you post your hijackthis log below, we will be happy to help out. Uninstalling Sun Java may help remove it since this trojan does sometimes exploit old versions of the program. If you would like to learn more about HijackThis, please Click Here. Please use HijackThis with caution since removing improper entries can damage your computer if they are needed.

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us. If you need any help, also feel free to comment below. Feel free to post your hijackthis log below if you need assistance.

Posted in: Malware Removal |

Tags: Virtumonde

This entry was posted on Wednesday, December 24th, 2023 at 2:45 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Virtumonde – Vundo Trojan Virus Removal Guide”

Tom December 29th, 2023 at 1:42 pm

Hi, I seem to have a tenacious version of this that Spyware Doctor seems unable to deal with – it finds the bugs and fixes them, but only temporarily. Ad-watch is also going crazy, blocking attempted registry modifications every 3 seconds or so. Please help if you can! Many thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:20, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Browser mouse\1.1\mouse32a.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS\Probe\ASUSPROB.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\verclsid.exe

R3 – URLSearchHook: Winamp Search Class – {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: (no name) – {b48c4da4-69df-42ba-9d16-8b4819f03a90} – C:\WINDOWS\system32\bafekefe.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 – HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
O4 – HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.1\mouse32a.exe
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\smax4.exe” /tray
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 – HKLM\..\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 – HKLM\..\Run: [PMP-100] C:\Program Files\iRiver\PMPSeries\PMPDetect.exe
O4 – HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 – HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 – HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [melumilega] Rundll32.exe “C:\WINDOWS\system32\tosofove.dll”,s
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
O4 – HKCU\..\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 – HKCU\..\Run: [Nokia.PCSync] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe” /NoDialog
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [melumilega] Rundll32.exe “C:\WINDOWS\system32\tosofove.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User ‘Default user’)
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 – Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 – Global Startup: BTTray.lnk = ?
O4 – Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 – Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 – Extra context menu item: &Winamp Search – C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 – Extra context menu item: Convert link target to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert link target to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert selected links to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert selected links to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Convert selection to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert selection to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 – Extra context menu item: Send To &Bluetooth – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 – DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) – https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – https://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 – DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) – https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230472496796
O16 – DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) – https://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – https://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) – https://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: C:\WINDOWS\system32\viyutoni.dll c:\windows\system32\kisojaze.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kisojaze.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\kisojaze.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Bluetooth Service (btwdins) – WIDCOMM, Inc. – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 – Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Logitech Bluetooth Service (LBTServ) – Logitech, Inc. – C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

–
End of file – 11508 bytes

Trojan Vundo (Trojan.Vundo) Threats 1/22/2009 | Virus Removal Guru January 22nd, 2024 at 10:53 pm

[...] Trojan.Vundo, also known as Trojan.Virtumonde, please view our guide to remove Trojan.Vundo by clicking HERE. There is a automatic and a manual method to remove it. If you have any questions, please [...]

Trojan Vundo (Trojan.Vundo) Threats 1/24/2009 | Virus Removal Guru January 24th, 2024 at 9:52 pm

Trojan Vundo (Trojan.Vundo) Threats 1/25/2009 | Virus Removal Guru January 25th, 2024 at 2:08 pm