Advanced Vundo trojan Removal Guide

Computer Repair
Virtumonde.dll Removal

Advanced Vundo trojan Removal Guide

This is our Advanced vundo trojan removal guide. If you have not already tried the easy guide I sugest you do that first. Easy Vundo removal Guide

The first thing you need to do is book mark this page press (Ctrl+D) on the keyboard.

You need to disable system restore now. Many trojans and viruses hide there. Click the Windows Start Button and then right click on "My Computer" > Properties > Click the System Restore tab and then check the Turn Off System Restore. You will be asked if you really want to. Say YES.

Now reboot you computer into safe mode with networking. Just reboot and start pressing the F8 Key every other second. You will see a screen with about ten different options. Choose the "Safe mode with networking". Continue to boot into safe mode wit hnetworking and log in under the administrator account.

You will need to download the following.

Spyware Doctor With Anti-Virus
Spybot Search and Destroy

On to the fun parts. Disconnect your network cable from your computer and re-boot and enter into "safe mode" not safe mode with networking. Log into the administrator account again.

Run Vundofix. Just double click the icon and select run. Once done select clean. Now run ortons FXVmonde.exe program. Run and clean.

Log off and go under every account you have and run the vundofix, FXVmonde. This needs to be done on every account.

Log back into the admin account. Run Highjackthis. Do the scan and save log file option. It is always recommended you make a back up as well just in case.

Place a check mark next to any of the following.

Anything that says (file missing) in any part of the string.

O2-BHO:(noname)-{EFCB1D95-FFF6-47BB-B6C9-61A523F04322} C:\WINDOWS\system32\vturr.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll

More are being added all the time. Please post anything new to our blog so we can add them. We need your help to end Vundo. Please post at Vundo Highjackthis traces page

Once you checked the traces then hit remove. you will be asked if you are sure. Say yes.

Now run spybot Search and Destory. Install the program. You will be asked to create a registry back up. DO SO. you will be asked to update just hit next on that as you have not internet conection right now. Finish installing the program and then reboot.

Boot into "safe mode with networking". If you unplugged you network cable plug it back in. Log in under your normal user account. Open up the installed Spybot program. Make sure to update the program and then imunize. Now run a full scan. The scan should take around 30 minutes. once the scan is complete remove the traces found. If you are told that some traces could not be removed then you should allow spybot to run at startup. Chances are it will be able to remove them all.

Install Ad-ware and update the program. It will bug the help out of you to purchase the program but I would NOT buy it. The spyware portion is free and will do a gret job. Make sure the definitions are updated. If asked to re-boot then do so but boot back into safe mode with networking. Run a full scan for ad-aware. Remove what it finds. The cookies are not a big deal and it will find many but don't even worry about those. I personally like my cookies :). remove what traces the program finds. I would then uninstall this program after the scan. It's good for vundo removal but I don't really like the program and it has caused many of the computer I work on to crash so just remove it after the scan.

You are almost done. You should feel like an expert right about now!!

Now install Spyware Doctor. When installing the Spybot Tea Timer program will ask you tons of questions. Just hit yes you want to allow the change. Personally I turn off spybot tea timer during this process so I am not bothered. Update Spyware Doctor and then run a full scan. Spyware Doctor is the abolute best protection hands down. The scan is free but if it finds anything you have to buy the program to use it. The thing here is we want to run the scan so we know the vundo traces are gone. Even if it finds one or two vundo traces they might just be residual. If it finds nothing then you are vundo free!!!!! Yheaa.

Run Highjack this again and remove any thing that says (file missing)

You are all most done. Re-boot normal. Open up your web browser. Most likely your web browser still shows the highjacked web page. Go to tools then options and change your home page to your favorite site. Now close the browser and open it up again. Start surffing the web and see if you get any pop-ups.

Imortant notes: We have now removed the vundo trojan. You should not ever run more then one anti-virus client or more then one anti-spyware client as they will conflict and cause issues. If you purchase Spyware doctor then remove Spybot. I would encourage you to go out and purcahse a spyware program like Spyware Doctor or an all in one solution like Trend Micro.

Any free software is not good enough. I have fights all the time with clients over this. they like AVG and Avast. They like Spybot and ad-aware. There is a rason those programs are free. They are partial protection but not full protection. That is why you got the virus in the first place.

Make sure you go to and update your java program. The older one had some holes that were being exploited.

If you found this guide usefull please post your comments on our blog so we know what we need to to to improve this article. Post your comments at Advanced Trojen Removal Guide Blog.

Copyright © 2008, All Rights Reserved.
We can not be held acountable for any data loss or system errors that may happen when using the adivce on this site.