Virtumonde/Vundo Problem on Windows XP

By Deafula
Feb 13, 2009
  1. I had a problem with the Vundo/Virtumonde trojan back in January and it took the combined efforts of Combo Fix, Vundo Fix, AVG and Spybot to remove it. After Combo Fix deleted the Vundo-related dll files, I had to manually enter my registry and remove "kihinuga.dll" and "memibubu.dll" from my start up options. Yet every time I start my computer, it tries to access those two dll files despite the fact that they were removed in the virus removal.

    I can go into my registry every single day and remove them from the start-up, but something is still on my computer creating those start-up commands after I delete them. It doesn't get in the way of anything, I have no other trace of Vundo on my system, it's just very annoying to have start-up errors every single time I start my computer.

    I also have very little experience in tweaking my computer, so this has been a long and agonizing process thus far. Any suggestions on how to find this weird lingering trace of Virtumonde?
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Here's 8-Steps:

    Download the following 4 tools, and print these instructions

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.

    But here's the one we ask you to do before doing anything else:
    UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    I'd say do both :grinthumb
  3. Deafula

    Deafula TS Rookie Topic Starter

    Thanks, this is much more detailed advice than I had been given up to this point. I appreciate it!
  4. Deafula

    Deafula TS Rookie Topic Starter

    Still having issues with Virtumonde

    Okay, so I can safely say that I've gone through this entire process with all four programs and not one of them says that I have Virtumonde left on my system. Yet when I start my computer, the same two error message pop up asking to access the dll files I listed above.

    Perhaps I'm not deleting these start up prompts from my computer properly? I'm entering the registry to delete them from the Start Up, and I'm going to MSconfig and unchecking them in the Start Up options. Neither trick is working, but as I said above, I'm not that computer savy so I could be missing something. Help!
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  6. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    vundo's been discussed on TS for quite some time. search some of threads for vundo. It's a real nasty malware and very difficult to remove. There are quite a few variants and not all solutions will work. I had a headache with this one trying to disinfect a buddy's system.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...