Vundo is an extremely dangerous Trojan, and Vundo has the potential to be extremely destructive. Often, the only thing you can do is protect your computer from getting Vundo in the first place, by taking proper preventative measures. Once Vundo has infected your PC, it may be impossible to remove, depending on which version of the Trojan is causing the infection. Vundo is also known as MS Juan, Virtumonde, and Virtumundo.
How Can You Tell if Vundo has Infected Your Computer?
Depending on which variety of Vundo infects your PC, you may or may not notice any symptoms. Primarily, Vundo's purpose is to generate advertisements, which usually promote fake anti-virus software such as WinFixer, AntiVirus 2009, AntiSpywareMaster, SysProtect, and WinAntiSpyware, WinAntiVirus, System Doctor, and Drive Cleaner, among others. Therefore, it is common for Vundo to cause pop-up alerts that say that your computer is infected with some kind of malware and that you should remove Vundo using a certain rogue security program. In general, Vundo has a strong connection to rogue security applications. Vundo always promotes at least one or two of these fake security programs once Vundo is installed; also, Vundo may come bundled with the downloads of some fake anti-virus programs.
Vundo's Downloading and Information-Stealing Capabilities
A common problem with Vundo is that Vundo can download other files. That is one of the reasons that Vundo is sometimes identified as a Trojan Downloader. (Otherwise, Vundo is often categorized as a File Dropper.) Sometimes, the other files that Vundo downloads are malicious, such as updates to the Vundo malware, or additional components that will allow Vundo to do greater harm. Other times, it may be difficult to determine what Vundo is downloading, since the files downloaded may be relatively arbitrary.
Other greater concern than Vundo's downloading capability is Vundo's ability to steal and upload information. Vundo is known to collect information from your computer and send it to a remote server. will look for any email login information and account information that you have saved in any email programs you use (especially targeting Outlook Express), Vundo will try to gather account information for any other Windows-based account Vunco can find on your PC, and Vundo will try to squeeze information out of the operating system itself. Vundo will record and report which version of Windows you're using, when you installed it, what your keyboard layout is, who the registered owner is, and even what is in the crash log. Furthermore, Vundo will try to steal information about your network adapter, and your MAC address. If a piece of information is potentially useful to some malicious person who spreads Vundo, and that information is accessible through the Windows operating system, Vundo will try to steal it.
More Changes Caused by Vundo
Vundo also disrupts Internet usage in a variety of ways. Vundo blocks .mil and .gov sites entirely, and Vundo causes redirections when you try to visit a variety of other websites. Vundo is known to block Google, Hotmail, and Facebook, making it so that you can't navigate to them at all. Additionally, for certain sites that might normally display pop-up advertisements, Vundo disables their pop-ups. Occasionally, Vundo may cause the infected computer to be unable to get online at all. Also, Vundo is known to delete the Network Places icon from My Computer.
On top of all of this damage, and in order to cause all of this damage, Vundo makes a huge number of changes to the infected computer. In particular, Vundo makes a copious amount of changes to the Registry, some are: turn off features that would threaten its presence, gives itself access to certain things, hides some files, and sets itself up to run when Windows starts – among many, many other things. Vundo typically cannot be removed by using Task Manager, Regedit, or msconfig, because Vundo disables all of them. Depending on whether Vundo hooks into the Winlogon service or lsass.exe, Vundo may cause Winlogon to access the hard drive so constantly that the disk perpetually cycles up and down, causing the system to freeze. Vundo is also capable of causing Explorer to go into an infinite reboot loop, where Windows can never fully load, and the system keeps shutting down and restarting.
If you've ever heard of the Blue Screen of Death, Vundo's use of the Blue Screen of Death takes the cake. Vundo can change your screen saver to an image of the Blue Screen of Death, and Vundo may also change your desktop wallpaper. You will be unable to delete the files for these, even though you may be able to locate them in Windows. Furthermore, Vundo is sometimes known to cause a Blue Screen of Death from which there is no recovery, because there is no way to fix it except to reinstall Windows. (This is reportedly associated with the use of HijackThis to try to find all of the changes that have been made to a computer by Vundo.) Generally, Vundo is capable of disabling or deleting almost anything in Windows, once Vundo has rooted itself in the system. Vundo can even disable Windows Updates.
Where Does Vundo Come From, and How it Spreads?
As previously mentioned, Vundo is a Trojan. That means that Vundo does not spread itself; Vundo is not, strictly speaking, a virus. In order to get Vundo, you have to download Vundo, and realistically, that means that you have to be tricked into downloading Vundo. So, Vundo is frequently hidden in spam email attachments, and bundled with downloads from peer-to-peer services and pirating sites. Vundo may also be installed via drive-by-download, by exploiting a security hole in old versions of Java, among other methods.
Vundo mostly infects computers in the United States. Vundo has been around since 2004, but Vundo is more dangerous now than ever, because with time Vundo has grown, evolved, and incorporated new elements. Two people are blamed for creating Vundo, supposedly just for the purpose of causing chaos, and they are known as "Hirishima" and "#[TTEH]Germany." As Vundo grows and changes, the best way to protect yourself is to keep Windows and your anti-malware software up-to-date, and to avoid pirating and file sharing sites or services. That vigilance is a small price to pay compared to what Vundo can do to your computer once Vundo finds a way into the system.
Do You Suspect Your PC May Be Infected with Vundo & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Vundo as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.