Trojan Vundo Removal Instructions
Below, I've listed the steps of a very basic malware removal technique that has proven to be effective in removing many types of viruses including Vundo and its variants. These instructions make the assumption that you are familiar with using system utilities such as RegEdit and MSConfig. Also, before you begin, bookmark this web page and if possible print these directions. You're going to reboot your computer a couple of times and you'll want to return to this page. Now, if you're ready, let's get started:
1. You should start by backing up any important data, if possible.
2. Next, reboot the computer into safe mode with networking by tapping the F-8 key repeatedly while the computer is starting. (Often times, booting to safe mode will allow you to run system utilities and commands that are otherwise disabled by the Vundo infection.)
3. Use the MSCONFIG utility to temporarily stop ALL listed auto-start (startup) entries. After the computer is clean, you can re-enable any auto-start entries that you think are necessary (with the exception of your antivirus software though, most of them aren't).
4. Using the steps listed next, remove any hidden or suspicious auto-start entries with RegEdit. WARNING!! editing the registry incorrectly can cause major problems with your computer (you have been warned.)
4a. Before making any edits, make a full backup of the registry. In the FILE menu, choose Export. Make sure the option to export the entire registry is selected and then save the .reg file (to removable media, if possible).
4b. After the registry has been successfully backed up, navigate to the following key:
HKLMSOFTWAREMicrosoftWindowsCurrent VersionRun
4c.In the right-hand pane, delete any values that are obviously associated with Vundo. They will usually refer to dll or sys files with random character names, such as "ybbdym.dll" or "yzhyyf.sys" (if you're not absolutely sure, don't delete anything. They're usually pretty obvious, though).
4d. You can now close RegEdit.
5. While still in safe mode, download and run Malwarebytes Anti-malware. Just 'Google' it. It's easy to find. The free version will be sufficient for now, but I can't stress enough how great this program is and I HIGHLY recommend purchasing the full version after your computer is clean. Make sure that after you install MBAM, you update the definitions and then run a COMPLETE SCAN of your system.
6. When the scan is finished, Malwarebytes will prompt you to reboot the computer (let it boot into normal mode this time. At this point, you should update and run your regular antivirus software to do some final cleanup. Often times, you'll be left with antivirus software that's been damaged by the Vundo infection. If that's the case, simply uninstall and re-install it before running any scans. PLEASE NOTE: Malwarebytes is NOT intended to be a replacement for your regular antivirus suite. MBAM is only meant to enhance the protection that you get from your regular antivirus software.
Well that's it... You're done! With Luck (and if you followed these steps closely), you've successfully cleaned your PC of the Vundo infection. If you were unsuccessful in removing the Vundo virus, you should seek the help of a computer professional who specializes in malware removal. If your PC is clean, it's important that you take all the necessary precautions to protect yourself from future malware attacks...but that's another topic.
