W32.Vundo/MS Juan Trojan Virus Description
The Vundo Trojan is also known as Virtumonde, Virtumondo, and MS Juan. It will infect your computer with pop-up advertisements for rogue anti-spyware programs, conduct random malicious behaviour, and can permit your computer to be used in distributed denial of service attacks against Google, Facebook, and other large websites.
W32.Vundo/MS Juan Infection Techniques
The Vundo/MS Juan Trojan Virus will typically infect a computer through an infected email attachment or through exploiting web browser security vulnerabilities. It will attach itself to your Operating System using Browser Helper Objects and DLL Files associated with Winlogon and Explorer.exe on your computer. Newer variants of the virus will attach themselves to lsass.exe in place of the winlogo.exe infection. In order to confuse antivirus programs, Vundo will use dynamically created filenames for the the files created in addition to the Virtumonde.prx and Virtumonde.dll files placed in the system32 directory on your computer.
W32.Vundo/MS Juan Malware Symptoms
There is a wide range of W32.Vundo Trojan Virus variants on the Internet. Almost all of them have pop-up advertising associated with the virus and they take on the symptoms of a rootkit, embedding themselves deep within your computer’s operating system. Other Vundo infection symptoms are:
- An increase in Browser Pop-Up ads claiming you need a new software package to fix your system degredation.
- Changed desktop background that states you are infected with Adware
- The computer’s screen saver gets changed to a fake “Blue Screen of Death
- The tabs to change the background and screen savers are missing in the Display Settings tab.
- Windows Automatic Updates is disabled and can not be turned back on.
- It may disable the task manager, registry editor, and msconfig in order to prevent you from rebooting the computer in safe mode.
- It will attempt to disable major anti-virus programs such as Norton Antivirus, Malwarebytes, Anti-Malware, and Spybot- Search and Destroy. Norton will be disabled and will be used to attempt to download additional malware to your computer.
- Google Search links can be redirected to rogue sites.
- You may see periodic Operating System freezes.
- If you enter safe mode after trying to run “HijackThis” anti-spyware tool, you will get a “Blue Screen of Death” and the safe mode registry keys will be deleted requiring a restore of the keys of a reinstall of Windows.
- Installs pornographic adware
- Adds itself to the following program executables on your computer if they are installed: Ad-aware.exe, Wrsssdk.exe, and Hijackthis.exe.
W32.Vundo/MS Juan Trojan Virus Payload
When W32.Vundo/MS Juan has infected your computer, there will be a registry entry for “MS Juan” in the computer’s registry. This entry will hijack the web browser, and will disable access to Google search, Hotmail, Gamil, MySpace, and Facebook. It has been known to attempt to connect to the following IP addresses in order to download additional advertisements or malware to your computer:
– 69.31.80.180
The pop-up advertisements associated with Vundo/MS Juan are related to the following anti-spyware web sites:
– Outlook Express Accounts
- Crash log
Other Win32.Vundo/ MS Juan Trojan Virus Information
W32.Vundo/MS Juan Trojan Virus Basic Removal Steps
The W32.Vundo/MS Juan is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal, however, if you’re antivirus is disabled by the Vundo Trojan, then you will likely need to use the Microsoft Malicious Software Removal tool in order to remove Vundo from your computer.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
