Citat:
Vundo recreates DLLs so all of them must be removed at once otherwise Vundo will repopulate itself. Some programs may be able to fully remove Vundo such as VundoFix, Spyware Doctor, Windows Defender, or Hijackthis.
If you wish to remove the virus completely on your own or if these methods do not work for you, you will need to determine which DLLs are being used by the virus and remove them. The DLL names can change since Vundo creates random names for its files. First off, run MSConfig. Check the Start Up and Services and disable anything with gibberish names. To be safe, run a Google search to determine if these are actually non virus related DLLs or not. In addition to disabling these, search for these DLLs on your machine and delete them. If you are unable to delete these files, keep track of them for deletion later. In any case, keep track of the DLL name for later. These are half of the DLLs associated with the virus.
The primary root of the problem lies in the BHO (Browser Helper Object) and this is the tricky part of removing the virus. You can determine which DLLs are tied to the virus by going to Tools→Internet Options→Programs→Manage Add-Ons (IE7). Scan through the list of add-ons and keep note of the suspicious ones. Again, do a quick search on Google to determine if these are legitimate DLLs. If not, then keep track of the name and location of those DLLs (though they are likely in Windows\System32). Disable these just in case.
Next, you’ll need to reboot but utilize a clean bootup disk or alternative operating system (such as knoppix). Safe Mode may work for you, but some people will find Windows automatically loads the Browser Help Object DLLs even if you run in Safe Mode with Command Prompt only. In this case, it’s impossible to remove those DLLs since they’ll be “in use” and you must use a boot up disk or an alternative OS. Which ever the method you use, delete the all the DLLs you have noted as being associated with the virus.
Finally, reboot your machine in Windows normally. Run MSConfig to make sure nothing new is there (no more suspicious entries are enabled in your start up or services), then run Regedit. Run a search on every DLL associated with the virus and delete all keys tied to the DLL. Make sure you scan the entire registry for each one as they may show up more than once. Finally, do a search for “MS Juan” and delete all keys associated with that too. Reboot one more time and check to see if you can find any traces of the virus.
