Oh, let me say it out loud... Trojan.Vundo IS A BLOODY ANNOYING VIRUS!!!
My PC was infected with this damned virus last week, and only after a long and hard process was I able to fix it. The fix, as I discovered the hard way, was simple. But the process of finding the fix was torturous.
Thanks to a kind soul who has made a post on a public forum, I managed to get this annoying virus out of my system.
What does Trojan.Vundo do? The moment an internet connection is established, it keeps popping up ads on the web browser.
I'm sure you are asking what so difficult about cleaning this, it is a mere adware that needs something like AdAware or Spybot to clean. It is not that simple, my friend. The virus adds some entries to the registry, and also copies some files (usually some DLLs, but I have found other extensions as well), which are randomly named, into the PC (mainly into the C:\windows\system32 directory). Once it is there, it loads itself up. The anti-virus software is able to detect the virus when it decides to show itself, but the dll is not able to be deleted because the file is locked (since it is a running process).
Your immediate reaction would be to clean the registry of the offending entries and stop the process and delete the dll. Once again, it is easier said that done. If you have file sharing on, this is the breeding ground of this virus. Before starting any cleaning attempt, my suggestion to any of you would be to disable the following:
My PC was infected with this damned virus last week, and only after a long and hard process was I able to fix it. The fix, as I discovered the hard way, was simple. But the process of finding the fix was torturous.
Thanks to a kind soul who has made a post on a public forum, I managed to get this annoying virus out of my system.
What does Trojan.Vundo do? The moment an internet connection is established, it keeps popping up ads on the web browser.
I'm sure you are asking what so difficult about cleaning this, it is a mere adware that needs something like AdAware or Spybot to clean. It is not that simple, my friend. The virus adds some entries to the registry, and also copies some files (usually some DLLs, but I have found other extensions as well), which are randomly named, into the PC (mainly into the C:\windows\system32 directory). Once it is there, it loads itself up. The anti-virus software is able to detect the virus when it decides to show itself, but the dll is not able to be deleted because the file is locked (since it is a running process).
Your immediate reaction would be to clean the registry of the offending entries and stop the process and delete the dll. Once again, it is easier said that done. If you have file sharing on, this is the breeding ground of this virus. Before starting any cleaning attempt, my suggestion to any of you would be to disable the following:
- System Restore (sorry, it just has to be done cos restoring the system to an earlier snapshot will not kill off this virus)
- Stop all forms of file and printer sharing (2 primary steps for this need to be done)
Once you are done with the steps above, proceed to fix it using the link below.
If any of you are affected with the Trojan.Vundo or Trojan.Vundo.B virus, the cleaning process can be found here:
http://www.bleepingcomputer.com/forums/topic18610.html
Well, at least, I can enjoy the weekend surfing and downloading all the crap I want without having the annoying pop-ups streaming in. ;)
No comments:
Post a Comment