I removed the Vundu trojan (plus several others) from a Vista user’s laptop successfully recently, but met a snag not covered in any of the howtos. Since this virus was able to raise up a BSOD storm on the user’s computer, I found its removal relevant for the webz. In my particular case the user had not installed Service Pack 1, and the BSOD didn’t occur until 5-10 minutes after startup. This gives you some time to install the removal software needed before it crashes again. I suggest downloading the software to another machine and install them on the infected system using a pendrive. The simple steps:
- Download & install: MBAM, CCleaner and ComboFix
- Boot up into safemode (F8 before the Vista logo appears)
- Run CCleaner 3-4 times (with interval reboots into safemode)
- Run MBAM’s full scan first in safe then normal mode, remove problems found
- Lastly, run Combofix in normal mode
When CCleaner or Combofix asks you if you’d like to make a backup, you really really want to make a backup. Each time. Remember that CCleaner has two types of scans . Run both of them. For ComboFix, read this HOWTO. Simple enough, ain’t it? Well, it can take a lot longer when there are unknown factors. The version of Vundo this client had was seemingly aware of MBAM and consequently denied it to run. Very frustrating when a few sweeps are all there is between you and a relatively healthy OS. Luckily the virus only denies static filenames, so renaming the file(s) is all you need to do.
The MBAM installation file is called mbam-setup.exe. If you aren’t able to install it as Administrator, then rename it to mbaladam-setup.exe or whatever.exe. In Safe Mode at first sweep, go to the MBAM program directory (usually in Program Files). There you’ll find a chm (HTML Help file) with MBAM’s commandline commands. Rename the mbam.exe file to something-else.exe, open cmd.exe as Administrator and run something-else.exe /fullscan to run a full system scan. Don’t worry n00bz, the GUI will popup by itself. If this doesn’t work, try copying the entire MBAM program directory to another directory and adjust/produce any required registry entries.
By the way, the simple instruction at the top needs three more steps:
- Back up your important data
- Migrate to GNU/Linux, install and configure iptables
- Enjoy your freedom