Vista 0x7E STOP error and Vundo trojan

I removed the Vundu trojan (plus several others) from a Vista user’s laptop successfully recently, but met a snag not covered in any of the howtos. Since this virus was able to raise up a BSOD storm on the user’s computer, I found its removal relevant for the webz. In my particular case the user had not installed Service Pack 1, and the BSOD didn’t occur until 5-10 minutes after startup. This gives you some time to install the removal software needed before it crashes again. I suggest downloading the software to another machine and install them on the infected system using a pendrive. The simple steps:

  1. Download & install: , and  
  2. Boot up into safemode (F8 before the Vista logo appears) 
  3. Run CCleaner 3-4 times (with interval reboots into safemode) 
  4. Run MBAM’s full scan first in safe then normal mode, remove problems found 
  5. Lastly, run Combofix in normal mode 

When CCleaner or Combofix asks you if you’d like to make a backup, you really really want to make a backup. Each time. Remember that CCleaner has two types of scans . Run both of them. For ComboFix, read this HOWTO. Simple enough, ain’t it? Well, it can take a lot longer when there are unknown factors. The version of Vundo this client had was seemingly aware of MBAM and consequently denied it to run. Very frustrating when a few sweeps are all there is between you and a relatively healthy OS. Luckily the virus only denies static filenames, so renaming the file(s) is all you need to do.

The MBAM installation file is called mbam-setup.exe. If you aren’t able to install it as Administrator, then rename it to mbaladam-setup.exe or whatever.exe. In Safe Mode at first sweep, go to the MBAM program directory (usually in Program Files). There you’ll find a chm (HTML Help file) with MBAM’s commandline commands. Rename the mbam.exe file to something-else.exe, open cmd.exe as Administrator and run something-else.exe /fullscan to run a full system scan. Don’t worry n00bz, the GUI will popup by itself. If this doesn’t work, try copying the entire MBAM program directory to another directory and adjust/produce any required registry entries.

By the way, the simple instruction at the top needs three more steps:

  • Back up your important data 
  • Migrate to GNU/Linux, install and configure iptables 
  • Enjoy your freedom 

2 thoughts on “Vista 0x7E STOP error and Vundo trojan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.