How to Manually Remove the Vundo Trojan? Step-by-Step Instructions

In this guide, we have detailed everything you need to know about manually removing Vundo Trojan from your PC and deleting it from Registry Files.

By Zawad Iftikhar

Vundo is a prevalent Trojan virus that causes a huge amount of unsolicited advertisements to pop-up on your screen. It silently downloads from the Internet and runs potentially harmful files that are mostly adware components. The Vundo Trojan is spread by e-mails messages that contain links to unsafe websites that exploit some of the security vulnerabilities of the browsers. When you click on these unsafe links, your iNet browser automatically installs the Vundo Trojan without you even noticing.

How to Manually Remove Vundo Trojan

Vundo affects your PC in several negative ways, as it automatically starts running on every Windows startup. You will notice issues like performance slowdown and a significant decrease in your PC’s virtual memory.

To remove Vundo, find Vundo Path by using the Windows File Search Tool:

  • Type in “Vundo” in the search bar.
  • When your search results show up, hover over the “In Folder” of “Vundo” and highlight the file then copy/paste the path into the address bar. Save the file’s path on a clipboard because it will be required in the forthcoming steps.

Remove Vundo Registry Values by Using Registry Editor

  1. Open the “Registry Editor” by clicking on Start > Run > type “regedit”, and then click “OK”.
  2. Locate and delete the entry whose date value (in the rightmost column) matches the date value of the spyware file you detected earlier. There will likely be multiple entries so repeat this step for each of them.
  3. To delete the “Vundo” value, right-click on it and select the “delete” option.
  4. Locate and delete these “Vundo” registry entries:
  • HKEY_CURRENT_USERSoftwareMicrosoftInterneExplorerMainActive State 02F96FB7-8Af6-439B-B7BA-2F952F9E4800
  • HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents. 1
  • HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents 8109AF33-6949-4833-8881-43DCC232B7B2 231 6230A-C89C-4BCC-95C2-66659AC7A775
  • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion RunOnce*[filename]
  • HKEY_CURRENT_USER SoftwareMicrosoftInternetExplorerMainActive State
  • HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionRun Once*WinLogon
  • HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser
    Helper Objects{8109AF33-6949-4833-8881-43DCC232B7B2}
  • HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser
    Helper Objects{2316230A-C89C-4BCC-95C2-66659AC7A775}
  • HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser
    Helper Objects{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
  • HKEY_LOCAL_MACHINE SOFTWARE ClassesCLSID{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
  • HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents. 1
  • HKEY_LOCAL_MACHINE SOFTWAREClassesATLEvents.ATLEvents
  • HKEY_CLASSES_ROOTCLSID{8109AF33-6949-4833-8881-43DCC232B7B2}
  • HKEY_CLASSES_ROOTCLSID{2316230A-C89C-4BCC-95C2-66659AC7A775}
  • HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunOnce*[filename]
  • HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunOnce*WinLogon

Unregister Vundo Dll Files by Using Windows Command Prompt

  1. To open the Windows Command Prompt click on Start > Run > type “cmd”, and then click “OK”.
  2. To change the current directory type “cd”, press the “space” button, and then enter the full path to where you believe the Vundo DLL file is located (which you copied to your clipboard earlier) and press the “Enter” button on your keyboard. In case you do not know where the Vundo DLL files are located, use the “dir” command to display the directory’s contents.
  3. To unregister “Vundo” DLL file, type in the exact directory path + “regsvr32/u” + [DLL_NAME] (For example, c://VundoSpy-folder > regsvr32 /u Vundo.dll) and then press “Enter” on your keyboard. A message will pop up to inform you that the file has been successfully unregistered.
  4. Search and Unregister “Vundo” DLL files: vzbb.dll

Detect and Delete Other Vundo Files

  1. Open the Windows Command Prompt by clicking on Start > Run > type “cmd”, and then click “OK”.
  2. To display the folder’s contents including the hidden files, type in “dir /A name_of_the_folder” (For example, c://Vundospy-folder).
  3. Type in “cd name_of_the_folder” to change the directory.
  4. Once you have the file you are looking for type in “del name_of_the_file”.
  5. Type in “del name_of_the_file” to delete a file that is in the folder.
  6. Type in “rmdir /S name_of_the_folder” to delete the entire folder.
  7. Select the “Vundo” processes and click on the “End Process” option to wipe it in Task Manager.
  8. Remove the “Vundo Process files: vzbb.dll”.

This is how you can easily remove the Vundo Trojan from your PCs. If you have any further questions, feel free to let us know!

About the Author
Avatar photo
Zawad Iftikhar

Zawad Iftikhar is the founder of SegmentNext.com, an FPS enthusiast and a Call of Duty veteran, having participated multiple eSports competition.