How to remove Vundo Trojan with CESAM Anti-Malware

1. First you should click on the "Settings" button in the top menu and change the value for Disable objects using the driver option to Always, as it is shown below:

CESAM Anti-Malware

2. Now look through the list of the objects and find the randomly-named .DLL files under the following registry keys:

Internet Explorer section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Winlogon section:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

Explorer section:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Randomly-named .DLL files means something like that: nnnkLcCU.dll, opNdccDV.dll, hgGxyXQH.dll, yfcfqtfd.dll, cbxvttsR.dll, pmnkLCSk.dll. And these files should be located in the WINDOWS\system32 directory.

Use the CESAM Online Malware Scanner function, if you have problems with finding the right ones:

CESAM Anti-Malware

Some versions of the trojan could be also located under the following registry keys:

AppInit DLLs section:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows

Logon section:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

LSA Providers section:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa

3. Disable the trojan entries by removing the checkmarks in the checkboxes next to these randomly-named .DLL files. You should disable all of the malware entries before the next step. If something will be left behind, it could restore all the rest entries after the system reboot.

4. Once you have finished with the disabling the items, press the Apply button:

CESAM Anti-Malware

You will see the list of the disabling items (press the Close button) and then the following message will be displayed:

CESAM Anti-Malware

Press the "Reboot now" button.

Once your computer will be rebooted, the Vundo Trojan will be disinfected.

1. Start the CESAM again - you will see the report about deleted entries.

2. Press the "Settings" button to change the value for Disable objects using the driver option back to For undeletable objects only.

3. Also you can use the Jump to file function to delete the inactive trojan files:

CESAM Anti-Malware

4. And then use the "Delete from storage" function to delete the disabled items from the list of the objects:

CESAM Anti-Malware

If you still need help or have any questions - you are welcome to our forum. To register on forum please follow this instruction. Comments and discussion are here.

Step-by-step Vundo removal video instruction:

Latest version: 4.0

Released: 27-Sep-2008
Size: 10.1 Mb
Download:
Installer | Portable

View changelog...

Trojan Vundo removal

Vundo trojan (also known as Virtumondo) is a widespread malware that displays pop-up advertisement messages. And the main problem is that most antivirus software could find it, but cannot remove.
If you also are the victim of Vundo trojan, see our manual Vundo removal instructions to get rid of this malware.

Manual malware removal with CESAM Anti-Malware

See our manual malware removal guide to get an expression of how the CESAM Anti-Malware works.