Vundo Trojan Removal

The Vundo family of malware is a trojan horse infection that will install fake anti-virus/spyware programs and cause pop ups on the infected computer claiming there are infections that need to be removed. This malware is very advanced and always changing, because of this we have a specific tool used to remove it.

Killing the programs with RKill:

Step 1: Download RKill from http://www.bleepingcomputer.com/download/rkill/dl/10/
*If you cannot download it from there or it will not run, try downloading it from http://www.bleepingcomputer.com/download/rkill/dl/11/
Step 2: Run the “RKill.exe” or “iExplore.exe” to kill any rogue malware. If you get an error or dialogue claiming it is a virus, disregard it and run the program again, until no malware is active.
*Do not reboot your computer during or after running RKill

Removing the infection with VundoFix:

Step 1: Download VundoFix from http://www.atribune.org/ccount/click.php?id=4
Step 2: Run “VundoFix.exe” and click “Scan for Vundo”
Step 3: Once it is finished, click “Remove Vundo” and “Yes” when it asks to removes the files.
Step 4: It will ask to reboot your computer, click “OK”

Perform a final scan with Malwarebytes:

Step 1: Download Malwarebytes Anti-Malware from https://www.malwarebytes.org/mwb-download/
Step 2: Run the setup files and install Malwarebytes.
*When installing Malwarebytes you will have the option to enable a free 30 day trial of their premium service, this is not required.
Step 3: Click the ÔÇ£Scan NowÔÇØ button in green, if an update is available then click the ÔÇ£Update NowÔÇØ button in the bottom right. The scan will begin once the update is finished.
Step 4: The scan may take some time, depending on your computer and the number of infections, but once it is finished click the ÔÇ£Apply ActionsÔÇØ button in green.
Step 5: Malwarebytes may or may not request that you reboot your computer after it has removed the infections, if it does you may proceed to reboot.