locked
vundo trojan. restarts explorer.exe and imapi.exe. makes desktop icons and taskbar disappear. solved! RRS feed

  • General discussion

  • Hello.
    If you are experiencing the problems named in the topic thread you may be losing your patience and mind by now!
    I picked up this trojan 2 days ago and it has taken me one re-install and that long to fix it.
    Forget the advice from symantic and microsoft - the vundu removers do not work.

    The answer is to install and run 'superantispyware' - this spotted 4 vundo varients immediately, removed them ans all if working fine.

    I post this because I have encountered many confused solutions during the past 2 days and would like to spread the word about the solution. But now we must keep it out!




     
    Sunday, June 8, 2008 5:17 PM

All replies

  • I too am having the same exact issues. Luckily I searched the internet and stumbled upon this right away. I am running the superantispyware now and it has identified the 4 varients plus many more. I will repond back with the end results.

    Thursday, June 12, 2008 5:01 AM
  •  

    This also worked for me too found 4 instances and I now have explorer (desktop and icons etc back). All the other tools I spent a day downloading didnt find it - Live care online scanner found 1 instance but reported it could not fix it - take note Microsoft! - superantispyware is the one!
    Monday, June 30, 2008 4:31 PM
  • First of all I NEVER post comments but this really, really works!!!!  Yesterday, my computer started acting weird.  The desktop icons and bottom task bar began flashing then disappeared all together.  The only tool I was able to use was the ALT-CTRL-DEL -Task Manager.... I was able to get online so I searched the problem and found out this is pretty common.  (Unfortunatly, I didn't come across this website until this AM!!!) So anyway, I took all the advise from other sites...Safe Mode restart, System Restore (no dates were bolded), Creating a New User, Run Explorer.exe, Antivirus and spyware sweeps ..... I even called the "geek squad" 800#.  I was told the only option left was to re-install Windows which in turn would erase everything from my computer!!! Pics, music... everything! So as a last resort this AM (as I was packing my computer to bring to the local support center) I did one more seach on the problem. found this website, ran the "superantispyware" (I figured I had nothing to loose) and it worked!

     

    FYI - maybe the subject should be revised so this link would be easier to find.  The only reason I found this site was because based on the other sites, I was able to narrow down the name of the problem and then did my search.  I only wish I found this site yesterday it would have saved me hours of trying to figure this out!!!

     

    THANKS AGAIN!!!!!!!!!

    Saturday, July 5, 2008 6:42 PM
  • I am have the same problem as all of you as well. i have ran superantispyware, advanced windows care 3, ccleaner, sfc/runnow, avast antivirus, and all that many times and i have been able to delete many threats, mainly vundo threats. the only problem is that after a reboot, i get an error message saying (filename) could not be found. such as the most recent one, c/windows/system32/xxyxVpME.dll        what do i do about this? will these error messages go away or should i recover something that superantispyware removal deleted? any help would be great.
    Monday, July 7, 2008 9:32 PM
  •  subsonika wrote:
    Hello. ed here
    Having spent 3 very frustrating days trying to sole this problem i found this by subsonika.

    WOW I LOVE YOU MAN
    perfect problem solver
    SUPERANTISPYWARE works!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Find it at superantispyware.com
    Again THANKS SUBSONIKA

    If you are experiencing the problems named in the topic thread you may be losing your patience and mind by now!
    I picked up this trojan 2 days ago and it has taken me one re-install and that long to fix it.
    Forget the advice from symantic and microsoft - the vundu removers do not work.

    The answer is to install and run 'superantispyware' - this spotted 4 vundo varients immediately, removed them ans all if working fine.

    I post this because I have encountered many confused solutions during the past 2 days and would like to spread the word about the solution. But now we must keep it out!




     
    Wednesday, August 20, 2008 12:41 PM
  • Superantispyware does remove the Vundo Variant trojan after a full pc scan, but if it reappears again after reboot, then it's because the System Restore points were deleted by vundo and replaced with it's own, corrupted restore point.  In such cases, upon completion of your full spyware scan go to System Restore and clear/disable the feature under 'settings', thus deleting the infected restore point, and then re-enable this feature prior to rebooting.

     

    http://www.superantispyware.com?rid=3625

     

     

    .

    Tuesday, August 26, 2008 1:08 AM
  •  

    For clients I have run into with this problem I have followed the following process:

     

    Download and run VundoFix -- http://vundofix.atribune.org/

    Turn off System Restore (to remove potential infected restore points)

    Restart PC.

    Turn on System Restore

    Download and run Ad-Aware 2008 Personal to find/remove any other nasties that might be out there.

    Make certain their Anti-virus software is good and up-to-date.

     

    I have never tried "superantispyware" but it sounds to me like many of the others out there that are free downloads and just end up causing more harm than good.

    Wednesday, August 27, 2008 9:44 PM
  • My Lap was infected by this Vundo Trojan just yesterday. I installed spybot S$D, Ccleaner, Webroot, SpyNoMore....No gain....among this spynomore only detects d trojan but wont clean in free edition.Then i was about to format when I saw this thread. Woooowww...I tried SuperAntiSpyware toooooooo....Kewl...All was a piece of cake after instaling that...Thanks a lot to all who posted in this thread....cheeeerrrrsssssssssssssss...   guys visit my site.
    Sunday, August 31, 2008 11:39 PM
  •  drwbry wrote:
    I am have the same problem as all of you as well. i have ran superantispyware, advanced windows care 3, ccleaner, sfc/runnow, avast antivirus, and all that many times and i have been able to delete many threats, mainly vundo threats. the only problem is that after a reboot, i get an error message saying (filename) could not be found. such as the most recent one, c/windows/system32/xxyxVpME.dll        what do i do about this? will these error messages go away or should i recover something that superantispyware removal deleted? any help would be great.

     

    I think we completely forgot to reply to you ... if you are still having this problem, you can go into CCleaner and go to the "Tools" section and then "Startup" where is lists all the things starting up with Windows. In this list should be the one you are looking for, find it and either disable it (newer versions of CCleaner) or delete it. You should be find after a reboot.

     

    xxyxVpME.dll was just one of the infected dll files that one of the products removed for you but didn't clean up the registry. That would be the other way you could do it if you are comfortable editing registry --- do a Find for that file and you should be able to delete that registry entry.

    Wednesday, September 3, 2008 9:14 PM
  • OMG ANY ONE AND ANY ONE TY  THIS SOOOOOOOO HELPED ME  I WAS ALMOST OUT OF MY MIND  THE TASKBAR AND ICONS WERE DISAPEARING OMG TY!!!!!!!
    Wednesday, September 10, 2008 2:44 AM
  • THANKS A LOT!!!!!!
    Isn't advertising: SUPERAntiSpyware fix the vundo trojan with the free edition!
    Thanks!
    Thursday, September 11, 2008 9:13 AM
  • I was infected last night with Vundo and some other *** called AntiSpyware 2009, PCHealthCenter, MS Antivirus and more. My Windows Defender removed some, quarantined some, and permitted some and McAfee can't detect any. I deleted registry keys in regedit that were infected and other files. I tried safe mode, which helped me to delete more but didn't solve the prob and tried several times to do disk cleanup but my computer just freezes. I tried system restore but what happens is, I select the restore date and click next, and it just sits there no matter how many times I click next or how long I wait. I can't go to any anti-spyware sites such as superantispyware.com because it's as if the virus knows what site I'm going to, and it won't connect - I get an Internet Explorer error message. Yet if I go to any other type of site like this one, my e-mail, or MySpace, it works. When I go to Google and click on any search result, it re-routes me to other sites with no domains. Immediately upon my computer loading, there is a huge fake alert message titled "Windows XP Security Message" that I can't get rid of. My desktop background photo is no longer there. What the *** can I do?

    Monday, September 15, 2008 9:48 AM
  • I really got to give you lots of "THANKS!!" for this usefull antispy program!!! I spent more than 48 hours for searching a solution to this trojan. And eventually im so happy to see that this program really works!! i strictly recommend to all who has this or a similar problem.. Thanks to all commenters too for helping me believe that this really works. Because when i saw this thread, first i thought that it looks like an advertisement but i saw that many people solved the same problem by using this program. Anyway, MANY MANY THANKS TO WHOEVER MADE THIS THREAD!!
    Tuesday, September 30, 2008 2:20 PM
  • hi, subsonika

    Most malware is easily cut off now days if you delete the program it is using.. Speically if you keep your Windows Defender up-to-date on its updates..

     

      Something new i have seen, spammers using Voice over IP, threw proxys connections,  broadcasting theyre system off as a Voip domain controller.

     

     Basically the same way they will send spam email. Just instead of attaching information  to send spam mail. They seem to be just using temp cache flood poxy to link up an appear as a different phone number to call people on. I myself have seen couple applications that look capable of this.

     

     A grounded up copy of Yahoo! Vista Messenger re-verted for MacOSX was seen being sold on twitter..

     Skype grounded up, aswell could also be used to Voip an appear as what ever if reconfigured..

    Not to mention both Apps have the ability to change call settings, adjust information..

    if they are grounded up 

    ground up means when a program(s) are open an have variables removed..

     

     The true way anyone could ever really do this is to be using prepaid phone services to dialout from

     Then they just render there phone to appear as something else in the dialout sequence.. speically if its connected

     threw a computer, which as well they could also send a tempfile with the dialout contents to where ever after making a call an basically false lead someone in actions of calling/ making calls to somewhere..

     

    I found this out when i was using Yahoo! Messenger an started haven cell phones call my system out of no where..

    Which all the numbers were forgelent, and not real.. Someone could easily mimic someones phone number just by adjusting the call-settings threw a computer hiding behind proxys an most definatley.. any program that has VoIP configurations could be ground up to see how to do so..

     

     I never liked VoIp an yet i have found that spammers are already using  packet spoofing methods in forgeing phone calls..

     

    Web 2.0... WOW...

     

    Tuesday, October 7, 2008 3:55 AM
  • I just want to reiterate my thanks to whoever created this thread and solution Smile I had tried tons of other programs including ad-aware 2008, avg 8 free edition, spybot-search and destroy with limited to no results. Some wouldn't find the issue and others could but the missing startbar and flashing desktop would always reappear. I was minutes away from reinstalling windows when I stumbled upon this thread while searching for the process imapi.exe. Superantispyware really did work. I ran it long enough to check my registry and windows folders, paused it- continued without finishing the entire scan, selected to fix the issues and then did the reboot and miraculously it worked. No joke - no mess - what a relief to finally be able to use my startbar again. Thanks again.

    Tuesday, November 11, 2008 3:39 AM
  • To anyone else who made it this far, go with the SUPERantispyware (SAS) for Vundo Trojan and do it first.  I just spent a few frustrating days, just like these other posters, but now its over.  There is hope for you, too.

    I went through Ad-Aware, Norton 360, McAfee, VundoFix, VirtmudoneBeGone and FixVundo first, with no results at all and was about to do the hijack log posting on a forum thing when I came across this.  I think I used "vundo finally gone" to get here.  Now I can say the same.  Hang in there.

    I suggest you put SAS next on your list.  It takes a few runs and tinkering, depending on what else is going on from the virus, e.g., my computer kept shutting down while installing and running, but I just kept at it.  With a little patience and time, it eventually did work.  FYI, I'm talking about the free version, too. 
    Friday, November 28, 2008 12:02 AM
  • Thank you, thank you, thank you!
    Not only had I spent about 6 hours (literally!) on searching for a solution to this.
    I know, at first, I was like, i don't think I should download the software, but I did, and it was AMAZING.
    Words cannot express how you saved me (a 15 year old tech girl) from not having to hear her father argue and fuss about how I got a virus on the computer!
    THank you so much.
    SuperAntiSpyware is the way to go!!!
    -Kendra
    Wednesday, December 24, 2008 7:36 AM
  • Windows Is Basically A Target For Viruses Because Programmers,Coders Dont Like It Because OF WPA ETC And Its Silly Hybrid System Anyways I Have Had Many Problems With Viruses Before But I Now Use Kaspersky Why I Find To Be Quiet Good They Also Offer A Free Trial.
    Thursday, December 25, 2008 10:16 AM
  • so everybody seems to be telling me ms one care sucks!!!!! glad i didnt pay for it.....gates you ____ you should be ashamed after all the ____ installing onecare!!!!!!!!!!!!!!!!!!!!!
    Friday, December 26, 2008 6:25 AM
  • Ok, i dont usually like programs like his but i decided to give it a shot from all the good feedback found here. I tried and what do you know? IT WORKS!!!   This program really works, before windows explorer kept restarting and stuff, now it isnt restarting!!! This is an aweomse find, thx for posting :D:D:D:D:D:D:D:D:D:D:D


    P.S. i only signed up to say this, im not sticking around though :D
    Friday, December 26, 2008 12:30 PM
  • Vundo`s manual removal can be used instead of downloading a software to remove vundo. Vundo is a trojan that shows irritating pop-up advertisements and secretly downloads harmful files onto your PC. Because Vundo can run lots of advertisements, Vundo can severely decrease your system memory and slow down your computer. Vundo spreads through emails with links to insecure websites that exploit security holes of Internet Explorer. Once you click on a link in a Vundo-laced email, Internet Explorer launches a site that secretly installs the trojan into your computer. Vundo can run every time you startup Windows.
    Heres how to get Rid of Vundo Manually
    http://www.darfuns.com/remove-vundo-trojan/index.html
    Sunday, January 4, 2009 4:36 AM
  • Thank you Thank you "Thank you. I've had the vundo trojan for over a week. superantispyware found 5 variations of it and cleaned it up.

    thanks,

    mikey2323superantispyware
    Sunday, January 4, 2009 8:29 AM
  • I don't know who you are, or where you're from, but THANK-YOU, THANK-YOU, THANK-YOU!!  I'm not very computer savy, buy I got the superantivirus thing and it worked great!  Thanks, again.
    Monday, January 5, 2009 9:42 PM
  • Picked this dam vundo thing up last night from a link on reddit.com   Not sure exactly what one.   ( I will have to start surfing anonymously with Google chrome when reading the news at least until Firefox 3.5 is realeased)

     I used superantispyware and it worked like a charm   Cleaned it out.   I had to run  it a couple of times.    

    BIG THING to check out in addition to your startup items.    CHECK YOUR out your "TASK MANAGER".    Start --> Program Files -->  Accessories --> System Tools -->  Task Manager

    I found something in there with a wierd name that wanted to run every hour!   I checked its properties them promptly deleted it.     Most likely was there to reinfect the system after it was cleaned out!     You don't need anything in the Task Manager for you computer to run.    Google puts stuff in there and so does JAVA.  Mostly checks to update their software.

    I have run my AVG, Spybot, Ad-Aware and superantispyware and it seems to be cleaned up. (don't forget to do a chkdsk /f if you hard booted a few times)  First time I have picked up anything like this ever.   Only thing I have been seeing is mainly cookies and ad-ware on my PC.     I have seen and worked on many other peoples computers that were seriously infected with the worst infections you can imagine and just were a waste of time to try and fix by cleaning them up.   Backing up data (externally backing up the drive from another non-infected system and wiping are the best options in those cases)

    This vundo trojan was just a small pain  at least it was fairly easy to remove.

    Good luck and may your days be virus trojan and spyware free!
    Wednesday, January 14, 2009 6:56 AM
  • I think all of you may have just saved me an expensive trip to the Geek Squad or elsewhere.  Thank you a million to all those who recommended superantispyware.com.  I had a bad Vundo infection I picked up earlier this week, and AdAware didn't fix it, and my TrendMicro PC-cillin was useless.  I ran SAS once and it seems to have cleaned it completely but I am going to run it again before I really use my machine.

    Thanks so much to all the helpful posters!
    Sunday, February 15, 2009 4:28 AM
  • Hello friends

    I am Joseph from London.
    Trojan virus is very dangerous for PC we should update our antivirus.
    In my opinion AVG is best for our PC.

    Joseph
     

    Tuesday, February 17, 2009 12:08 PM
  • Trojan is very dangerous for our PC.
    AVG antivirus is the best suited antivirus for our PC. Install the latest vesion of AVG.

    Joseph

    Tuesday, February 17, 2009 12:32 PM
  • Hi there,

    Actually i have been mugging up my mind with this problem from last several days googleing it up and all but here i think my problem is more serious, as i cant go into safe mode, i tried safe mode with cmd and networking also but cant get into.

    I am having this problem in DL380 g5 webserver. Please help me as i cant even run from task manager as i goes into it try to run New Task(RUn) and as soon as i hit any word in that box it disappears.

    Please guys any one of you please do help me as i really need the help i cant format it.

    Please help me
    Thanks.
    Thursday, April 23, 2009 8:54 AM
  • Hi Folks,
    I don't normally post online but I found this sight and thought as a last effort before reformatting I would give this adware a try before reformatting. What did I have to loss? Well, this worked. I thought I would bookmark this and if it worked I'd come back and post. I have tried all kinds of things to remove this variant. I even run programs claiming to be "The ultimit fix" and it didn't even detect the problem. I downloaded and installed the software. Run a complete scan while I ate dinner and watched the evening news. When I came back, It found 72 infected files. I had it quarentine and delete them and now my PC is running like a champ. Thanks!
    Friday, August 14, 2009 11:40 PM
  • Ive had the virus (its removed now) but I made the taskbar and desktop icons run on a seperate process, and they stayed on even though the virus closed explorer.exe
    Wednesday, September 16, 2009 3:27 AM