How to delete the Vundo virus/spyware trojan
There's an older but nasty little piece of spyware/adware out there that's making a resurgence, called "Vundo", and it's a tough one to kill. My anti-virus picked it up on one machine in the office, but it's taken two days to kill the stupid thing.
My Trend Micro AV told me it was the "aahsfu.dll" file that was infected, but I couldn't get rid of it, no matter what I tried. It's self healing, self replicating, hooks deep into the registry, it's one nasty piece of work. Spybot S&D didn't get it, AdAware failed, and my AV couldn't delete it. So I downloaded Symantec's Vundo Removal Tool, ran it in Safe Mode as per the instructions, but even that didn't fully get rid of it. A couple of reboots, and the thing was back with a vengence. Searched and searched online, but there's virtually no useful help out there for it. Then I had a bit of a brainwave... why not employ some old school skills to kill this high-tech little bug?
That wonderful little file that's so seldom used anymore... AUTOEXEC.BAT. Just put one simple little command in the AUTOEXEC.BAT to run on the next boot up, and the bug was finally dead...
del C:\WINDOWS\SYSTEM32\aahsfu.dll
That's it. The best part is, that command will work for anyone else who's having the same problem, all they have to do is substitute the file name in italics above. (and the path, if your AV tells you the file is located in a different location) Since there's so little useful help out there, I figured I'd post the solution, and hopefully some other poor soul who's got it will stumble across this little solution.
Ahh DOS, how I miss you sometimes...
My Trend Micro AV told me it was the "aahsfu.dll" file that was infected, but I couldn't get rid of it, no matter what I tried. It's self healing, self replicating, hooks deep into the registry, it's one nasty piece of work. Spybot S&D didn't get it, AdAware failed, and my AV couldn't delete it. So I downloaded Symantec's Vundo Removal Tool, ran it in Safe Mode as per the instructions, but even that didn't fully get rid of it. A couple of reboots, and the thing was back with a vengence. Searched and searched online, but there's virtually no useful help out there for it. Then I had a bit of a brainwave... why not employ some old school skills to kill this high-tech little bug?
That wonderful little file that's so seldom used anymore... AUTOEXEC.BAT. Just put one simple little command in the AUTOEXEC.BAT to run on the next boot up, and the bug was finally dead...
del C:\WINDOWS\SYSTEM32\aahsfu.dll
That's it. The best part is, that command will work for anyone else who's having the same problem, all they have to do is substitute the file name in italics above. (and the path, if your AV tells you the file is located in a different location) Since there's so little useful help out there, I figured I'd post the solution, and hopefully some other poor soul who's got it will stumble across this little solution.
Ahh DOS, how I miss you sometimes...
Labels: IT
posted by Christian Conservative @ 4:32 p.m.
2 Comments:
At Tue Mar 10, 05:57:00 p.m. EDT,
Anonymous said…
My solution....Ghost. Poof gone. heh
Thanks for this though it will be usefull next time.
At Wed Mar 11, 09:58:00 p.m. EDT,
Drew Costen said…
My solution: keep using my MacBook so I don't get infected with said virus in the first place. ;)
But yes, I do often miss DOS too. :)
Post a Comment
<< Home