How to Remove the Adware Vundo Variant
Vundo and its variations have often plagued computer users. Its initial purpose was to just pop up advertisements related to what a user was searching for. However, it now will download harmful information to your computer and change your Internet homepage. The adware uses a great deal of your computer's system resources and slows it down significantly. It can be caught through emails, links and unsecure security holes in Internet Explorer. The unfortunate downfall of this adware is that you must remove all facets of it, or it will reinstall itself on your computer within minutes.
Other People Are Reading
Things You'll Need
- Spybot -- Search and Destroy
- Avast Antivirus
- Windows Explorer
- Registry Editor
- Command Prompt
Instructions
-
-
1
Load Registry Editor by clicking "Start" and then "Run." Type "regedit" and press "Enter."
-
2
Back up your registry by going to "File" and then "Export." A box will pop up where you can save your backup file. Save it with the name "backup" or something that can be easily remembered. That way, you can find it easily and go back to it if you need to.
-
-
3
Locate the following paths in Registry Editor and delete the Vundo values:
HKEY_CURRENT_USER\Software\MicrosoftWindows\ CurrentVersion\RunOnce*WinLogon
HKEY_LOCAL_MACHINE\ Software\MicrosoftWindows CurrentVersion\RunOnce*[filename]
HKEY_CLASSES\ROOTCLSID\{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_CLASSES\ROOTCLSID\{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_LOCAL_MACHINE\ SOFTWARE\Classes\ATLEvents.ATLEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents.1
HKEY_LOCAL_MACHINE\ SOFTWARE\Classes\CLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows CurrentVersion\Explorer\Browser Helper Objects\{8109AF33-6949-4833-8881-43DCC232B7B2}
HKEY_CURRENT_USER\ Software\Microsoft\Internet Explorer\MainActive State -
4
Load Window's search file function by going to "Start" and then "Search."
-
5
Click "All files and folders" once the search option comes up.
-
6
Type "Vundo" into the search window and delete the Vundo files,like "virtumonde," that come up. If you cannot delete them, take note of the file to delete in the next step.
-
7
Press "Start." Click "Run" and then type "cmd" and press "Enter." This will load command prompt.
-
8
Uninstall the DLL files in the command prompt by typing "regsvr32 /u <enter vundo dll file here.dll>" and press "Enter" for each vundo dll file. Go back to the search files and look for the files you uninstalled. Manually delete the files from the computer.
-
9
Check your browser and make sure Vundo has not altered your browser's homepage. Click "Start," "Control Panel" and "Internet Options." At the Internet Options box, type in the web page URL you want as your homepage. Close and restart your browser, and make sure the web page you selected still opens up as your homepage.
-
10
Install Avast Antivirus and Spybot-Search and Destroy. Update these programs and run them before rebooting to make sure that there is no more Vundo on the system. These programs will prompt you to upgrade and run them once they are installed. Reboot the computer once Avast Antivirus and Spybot verify there are no traces of Vundo on your computer.
-
1
Tips & Warnings
Make sure to register Avast to give you full usage of it. You will be able to use it for free on your home computer once you have registered it.
If there is one file that survives the Vundo removal process, you will need to walk through all the steps again to make sure that not even one file shows up.
Resources
- Photo Credit Stock Exchange (sxc.hu)
