"How To" Virus Removal for Virtumonde / Vundo / Winfixer / PC Antispyware / Ultimate Defender



The Vundo family of malware and trojans are one of the most common virus infections we find on our customer's computer. This Malware causes advertising pop-ups for rogue security software that scares the user into downloading and purchasing fake antivirus and registry cleaner programs.

Most Antivirus and security software doesn't recognize the Vundo trogan until it's too late to stop the infection. Once the virus is installed on the computer, it attaches to Windows Explorer and is always loaded into memory when you turn the computer on.Vundo usually disables Windows Security Center and Anti-Virus software that protects your computer (Note: Anti-virus software will appear to be running but Vundo has turned it off). If an attempt is made to remove Vundo, it replicates and reloads itself appearing to be an unremovable virus. Vundo will also block Security sites such as Microsoft Norton, etc. and will often display a rogue advertising site instead.

The Vundo virus is constantly improving it's protection methods making it very difficult to remove. It uses random names, random autorun locations, random CLSID's, and rootkits to hide it's location from removal tools. The following guide will help you remove this pesky trogan, please note that severe infections may require professional assistance or a system re-install.

This is a self help guide, use at your own risk. Computer Professionals of Pittsburgh can not be held responsible for problems that occur by using this information.


Virus Removal Instructions:




  1. Print out these instructions so they can be refered to throuhout the removal process.

  2. It is possible the Virus will not let you download the programs needed to remove it on the infected computer. If you have this problem, you will need to download the necessary programs to a non infected computer and transfer them to the infected computer. You can transfer the files via CD, external hard drive or a USB flash drive.

  3.  First we must end all the Vundo processes that are running. This will prevent the virus from interfering with the software we need to run for complete virus removal. Download rkill.exe to accomplish this task.

  4. Doubleclick on rkill.exe which will attempt to stop all processes associated with the Vundo Virus. When rkill is finished it's window will close and you can continue to the next step. If you get a message that rkill is infected, ignore the message, the Vundo Virus is giving you a false warning so you terminate the program it thinks may remove it.

  5. Download Malwarebytes' Anti-Malware and save it.

  6. Close all running programs and windows on your computer.

  7. Double-click on the mbam icon on your desktop to install Malwarebytes' scanner mbam.exe on your computer.

  8. Follow the installation prompts. Do not make any changes to the default settings. When the program finishes installing uncheck the "Update Malwarebytes' Anti-Malware" and "Launch Malwarebytes Anti-Malware" check boxes. Then click the finish button. If Malwarebytes' prompts you to reboot, DO NOT REBOOT.

  9. Double-click on Malwarebytes' to start the program. before scanning you must update the program. click on the Update tab, click on "Check for Updates" button. After updating click the OK button.

  10. Click on the Scanner tab and click on the Perform Full Scan option. Then click the Scan button to begin scanning.

  11. Malwarebytes' will scan your computer for Malware, the scan can take an hour or longer depending on the size of your hard drive. When the scan completes, you will receive the following message:
    The scan completed successfully. Click "Show Results" to display all objects found.
    Click the OK button and you will now be back at the main scanner screen. You should now click on the "Show Results" button.

  12. You will see a screen displaying the malware found on your computer. Click on Remove Selected button to delete the malware. You may get a message that Malwarebytes' needs to reboot, click on the Reboot Now button.

  13. After your computer reboots, Malwarebytes' will display a scan log in Notepad. You can review this log that lists the malware removed from your system. Exit Malwarebytes' .

  14. Download Spybot Search And Destroy, double-click to install the program. At the finish screen "Uncheck all Boxes Except Leave Run SpybotSD.Exe Checked". Click "Finish". You will get a legal stuff box, read and click OK.

  15. Spybot S&D Wizard will ask if you want a registry backup click on "Create Registry Backup". It may take a few minutes to create the backup. Click "Next" when the backup completes. The Spybot S&D Wizard will display that you are at step 7 of 7. Click on "Start Using The Program". Close all browser windows before continuing.

  16. Spybot Search And Destroy main menu will now be displayed. Click on "Search For Updates". Click on a "Download location". The next screen should have all checkboxes under "Important Files" checked, click "Download". After the files download, "Exit" the Update Menu. At the Main Menu click on "Search And Destroy" and then click on "Check for problems". Spybot will scan your computer for additional traces of malware lurking on your system. Spybot will run for 20 minutes to an hour depending on your system.

  17. When Spybot finishes it's scan, you will either get a message that no threats have been found, this is good, end the program, or you will have a list of  problems each with a checkbox. Check the boxes for all problems with red lettering and click on "Fix Problems". End the program.

  • Your computer should now be free of the Vundo Trogan.



    • Follow Computer Professionals On Facebook

    Site Contents :      1995-2010 by Pittsburgh Computer Pros.       All Right Reserved       Pittsburgh Computer Repair