Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help with removal request

  • Please log in to reply
2 replies to this topic

#1 xelak75s


  • Members
  • 3 posts
  • Local time:03:02 AM

Posted 29 December 2008 - 01:21 AM


I've been reading plenty of previous posts and tried resolving this myself using the following tools (in safe & normal modes - where possible)
Malwarebytes antimalware
ATF Cleaner
Super Antispyware
I've even gone into the registry and C:\windows\system32 and manually deleted keys & files

No matter what I do it always comes back

XP Home SP3


Scan type: Quick Scan
Objects scanned: 53883
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\garopudu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gukuyesa.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2530985-4b45-465a-92ea-6b52d08f97a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2530985-4b45-465a-92ea-6b52d08f97a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dirasogike (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\garopudu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\garopudu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\garopudu.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yegilazu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gukuyesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\garopudu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mayonibe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vurotipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\horijige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\golosufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetahadu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)


#2 xelak75s

  • Topic Starter

  • Members
  • 3 posts
  • Local time:03:02 AM

Posted 29 December 2008 - 07:13 AM

Fixed - just perservered and ran them all multiple times and eventually it (seems to have) went away

#3 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests

Posted 29 December 2008 - 08:04 AM


The problem that you had was that those applications you were using to remove Vundo did not remove Vundo all the way. If Vundo is damaged, it can repair itself. There are very few that are able to remove Vundo completely. Vundo is a dangerous trojan horse.

I see that you did use MalwareBytes' Anti-Malware which is good. One thing to remember also is that when a bad software program is removed, your computer should be restarted. When registry keys are modified (when bad software gets removed), the registry keys remain unchanged until the computer restarts.

Edited by Jay-P VIP, 29 December 2008 - 08:31 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users