Many users who had to deal with a Vundo infection on their computer know how hard it is to remove. It usually copies itself into %windows%system32 with a 5 to 7 characters long random name, and executes at windows startup.
We. at Malware City, have taken a closer look at this threat and have come up with a removal guide for the latest versions. In order to do so, we have used two freely available applications: AutoRuns and process explorer. Before starting our guide, please download them from the links provided.
Now, in order to make sure you are indeed infected with the correct versions of Vundo this guide has been written for, please follow these steps:
1. Start AutoRuns
2. Navigate to the Winlogon tab
3. Locate a dll file with random name residing in %windows%system32 (often also without Description and Publisher)
4. Write down that filename
5. Start Process Explorer
6. In the upper menu navigate to the Find button and select