I am unable to remove the Trojan Vundo virus from my computer. The Norton removal tool does not recognize it is there and but Norton Antivirus does but is incapable of quarantining or removing the file. I've tried to use the removal tool in "safe" mode, but I can't even get to my desktop in safe mode, just a black screen. I've disabled the add-on which infected the file in Internet Explorer. It seems this is infecting one file and 34 registry keys...explore.exe process and winlogon.exe process. Can anyone help? I have a hijack this log file if you need me to post that. Thanks.

DJChe,Download SpySweeper from this link http://www.spywaredb.com/remove-win32-vundo-522752trojan/ Choose download SpySweeper from this line: Delete Win32/Vundo.522752!Trojan automatically >>> Get PestPatrol or Download SpySweeper at the above link Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so. Then post a HT log.

Hey DJChe I recently found an article which states the actual way to remove Vundo... It helped me remove Vundo from the system in my Office... Hopefully it will help you too... I warn you, its a Loooong Step... Step One: Turn off System Restore. (DO NOT SKIP) The latest variant of Vundo loves to put an entry into the Restore folder. In XP: 1. Click the Start button. 2. Right-click My Computer, and then click Properties. 3. On the System Restore tab, put the check in Turn off System Restore. 4. Click Yes, then OK. In ME: 1. Click Start > Settings > Control Panel. 2. Double-click the System icon. (If the System icon is not visible, click View all Control Panel options on the left to display it). 3. On the Performance tab, click File System. 4. On the Troubleshooting tab check Disable System Restore. 5. Click OK. Then Yes to restart the computer. Step Two: Look for Winfix in Add/Remove Programs and Program Files 1. Click Start, Control Panel. (In 98 and ME, Start, Setting Control Panel). 2. Double-click Add/Remove Programs icon. 3. Look for Winfix. If there, click remove, or change/remove, depending on the OS. 4. Once deleted, or if it is unable to delete it, navigate to the C:\Program Files directory and delete the Winfix Folder, if there. Do not reboot. Step Three: Download the necessary tools NOTE: if you cannot get online in Normal mode in XP, go to Safe mode with Networking. XP Only. First we need the removal tool from Symantec. It is located here: http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html Then we need the Process Explorer tool. It is located here: http://www.sysinternals.com/Utilities/ProcessExplorer.html It is at the bottom of the page. Save both of them to the Desktop. Step Four: Boot to Safe Mode Restart the computer. Tap F8 at the Dell screen. Choose Safe Mode from the menu. DO NOT choose Safe Mode with Networking, unless you cannot get to Normal mode to download the tools as stated in step three. Step Five: Removal process 1. Open the Symantec Vundo Removal Tool. DO NOT click Start! Move the window to the upper left corner of the screen so it is not blocked by the next tool. 2. Open the Process Explorer tool. Right-click the following processes and choose Suspend. Explorer.exe Winlogon.exe rundll32.exe (may not be listed) 3. Once Explorer is suspended, you will not be able to open any programs because Explorer is required to do so. This is why we already opened the Vundo Removal tool. 4. Click the Start button on the Vundo removal tool. The tool should detect and remove the main Vundo components. Step Six: Clean up Run an Antivirus scan again. If any files are discovered, try to manually delete the found files. If you get Access Denied error, follow this process: 1. Write down the file name and the directory it lives in. 2. Boot to the Recovery Console. NOTE: If 98, boot to Command prompt only by tapping F8 and choosing that. If ME, boot to the ME cd and choose Start computer without CDROM support. 3. Once at the prompt, type cd\ and press <enter>. This should put us to a C:\ prompt. 4. Navigate to the directory of the file that cannot be deleted. For example, if the file is in the system32 folder, type cd windows\system32 and press <enter>. 5. Once in the directory, we will need to remove the attributes on the file. We will use awvvs.dll as an example. EXAMPLE: To remove all attributes on awvvs.dll, at the prompt we will type attrib -r -a -s -h awvvs.dll and press <enter> 6. Next we will rename the file. We will use awvvs.dll as an example again. EXAMPLE: To rename awvvs.dll, at the prompt we will type ren awvss.dll awvss.old and press <enter> 7. Once we have renamed it, we simply type del awvss.old and press <enter> 8. At the next prompt, type exit. Take out the CD and let the system reboot. NOTE: If 98 or ME, press CRTL+ALT+DEL. Take out the CD. Step Seven: Turn on System Restore and create a fresh restore point. Just follow the reverse of Step One in this article to turn on System Restore. Once back on, click Start, Programs, Accessories, System Tools, System Restore. Put the dot in Create a Restore Point. Click Next. Let us know if this helped DJ Take Care and Good Luck, Nick Windows is not a Virus. Viruses actually DO something, where as Windows Do Nothing.

DJche spysweeper official site is webroot Download it from there, not from the Scraper sites of pestpatrol. thats lame.

Hi Jaback: Thanks very much for your help (and to everyone else who was kind enough to post suggestions). Spysweeper seems to have worked the trick and the file is gone from my registry. Happy happy joy joy. DJChe

Glad we could help DJChe.

Dear jabuck I had the Trojan Vundo on my computer for like 2 monthes and kept on freezing all my videos, i tried almost every removal and did not work. then i came across your way of removal and it took me around 40 mins and before i knew it the virus was gone. Thank you very much.. Jonathon Jonathon Hamlyn