- Новости
- Продукты
- Компания
- » О компании
- » История
- » Форум
- » Контактная информация
- Работа
Новости компании
24.10.2023
31.12.2022
Vundo trojan removal
How to remove the Vundo Trojan (also known as Virtumonde, Virtumondo, Virtumundo, Monder, Monderb, MS Juan) in 3 minutes using the OSAM Autorun Manager (Переносимая версия, 3.63mb or Установочный пакет, 8.84mb) [FREEWARE].
Comments and discussion are here.
Please note! These steps are only for the Windows XP / 2003 / 2000 users.
1. First you should click on the “Settings” button in the top menu:
And then change the value for “Disable objects using the driver” option to “Always“, as it is shown below:
2. Now look through the list of the objects and find the randomly-named .DLL files under the following registry keys:
Internet Explorer section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Winlogon section:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Explorer section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Randomly-named .DLL files means something like that: nnnkLcCU.dll, opNdccDV.dll, hgGxyXQH.dll, yfcfqtfd.dll, cbxvttsR.dll, pmnkLCSk.dll. And these files should be located in the WINDOWS\system32 directory.
Use the OSAM Online Malware Scanner function, if you have problems with finding the right ones (if the file is unknown - just rescan it in some minutes):
Some versions of the trojan could be also located under the following registry keys:
AppInit DLLs section:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
Logon section:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LSA Providers section:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Explorer section:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Common section:
%SystemRoot%\Tasks (.job-files with random name, like: utbvmvde.job, ehjhbzqf.job, dnwzjlks.job)
3. Disable the trojan entries by removing the checkmarks in the checkboxes next to these randomly-named .DLL files. You should disable all of the malware entries before the next step. If something will be left behind, it could restore all the rest entries after the system reboot.
4. Once you have finished with the disabling the items, press the “Apply” button:
You will see the list of the disabling items (press the “Close” button) and then the following message will be displayed:
Press the “Reboot now” button.
Once your computer will be rebooted, the Vundo Trojan will be disinfected.
1. Start the OSAM again - you will see the report about deleted entries.
2. Press the “Settings” button to change the value for “Disable objects using the driver” option back to “For undeletable objects only“.
3. Also you can use the “Jump to file” function to delete the inactive trojan files:
4. And then use the “Delete from storage” function to delete the disabled items from the list of the objects:
If you still need help or have any questions - you are welcome to our forum. To register on forum please follow this instruction.
Comments and discussion are here.
Step-by-step Vundo removal video instruction:
Comments and discussion are here
Мировые события
18.10.2023
Сотрудники заражают систему пытаясь пробиться в социальную сеть
Политика закрытия доступа к социальным сетям, провоцирует сотрудников компании скачивать потенциально опасное ПО....
07.10.2023
Сертификат, украденный у правительства Малайзии, использовался для подписи вредоносного ПО
Исследователи обнаружили свободно циркулирующее вредоносное ПО, которое использует цифровую подпись, принадлежащую правительству Малайзии....
17.09.2023
Арестован румынский хакер, взломавший серверы NASA
Румынские власти арестовали 26-летнего хакера, ответственного за взлом нескольких серверов NASA....