16th April 2010
Discovered: November, 2004
Virus Type: Trojan
Also Know As: VirtuMonde, VirtuMundo, and MS Juan
Infection Length: Varies
Threat Level: Low
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows 2000
Trojan.Vundo is a Trojan horse that exploits a browser vulnerability to download files from a remote server and display pop-up advertisements. It is commonly distributed as an attachment to an email, p2p file sharing, free downloads etc. and may also be downloaded by other malware which currently reside on your computer system.
The advertisements and pop-ups that are displayed include those for fraudulent or misleading applications; intrusive pop-ups, fake scan results, and so-called alerts that masquerade as being from legitimate security software appear on the desktops of compromised computers in an attempt to frighten users into clicking buttons for ‘further information’.
These false advertisements generally link to sites offering non-functional programs that purport to be capable of ridding the computer of non-existent malware in return for a fee payable by credit card.
Advertisements for adult web sites and services may also be displayed by the threat. It has also been known to add pornography icons to the desktop.
In order to make it more difficult to remove, Trojan.Vundo also lowers security settings, to prevent access to certain web sites related to the removal of the virus. Some variants attempt to disable antivirus programs and firewalls leaving your computer completely vulnerable to more infections.
Recent Trojan.Vundo variants have more sophisticated features and payloads, including rootkit functionality, the capability to download misleading applications by exploiting local vulnerabilities, and extensions that encrypt files in order to extort money from the user.
Here are a few screen captures of fake software advertisements trojan vundo uses. Trojan Vundo may use a different one every time. One of the most recent ones that has been reported is called “PC Protector”.
17th April 2010
The first step in the removal process of any type of virus is to run a scan. Whether you are online for only 10 minutes a day or 8 hours a day, it does not matter. Scanning your system for spyware, maleware and viruses should be a scheduled task.
Although it may seem like this is a virus sent from hell, it can easily be removed with a few scans and reboot.
1. Download Spyware Doctor with AntiVirus (free download) Click Here
2. Download Malwarebytes’ Anti-Malware (free download) Click Here
3. Download CCleaner (free download) Click Here
1. If you are running Windows XP, disable “System Restore”. This option is located under the “properties” tab.
START > MY COMPUTER > PROPERTIES.
2. Close all running programs and browser windows
3. Open Spyware Doctor with AntiVirus and run a full system scan
4. After Spyware Doctor has completed the scan, open Malwarebytes and run a full system scan
5. If Malwarebytes has detected any infections, it will ask you to reboot your computer
6. After reboot, Run CCleaner
If your system is still infected with Trojan Vundo, reboot your computer in “Safe Mode” and repeat the steps above.
How To Reboot In Safe Mode
Loading ...
