Christian Conservative Christian "Independent"

I'm an evangelical Christian, member of the CPC, but presently & unjustly exiled to wander the political wilderness.
All opinions expressed here are solely my own.

Tuesday, March 10, 2009

How to delete the Vundo virus/spyware trojan

There's an older but nasty little piece of spyware/adware out there that's making a resurgence, called "Vundo", and it's a tough one to kill. My anti-virus picked it up on one machine in the office, but it's taken two days to kill the stupid thing.

My Trend Micro AV told me it was the "aahsfu.dll" file that was infected, but I couldn't get rid of it, no matter what I tried. It's self healing, self replicating, hooks deep into the registry, it's one nasty piece of work. Spybot S&D didn't get it, AdAware failed, and my AV couldn't delete it. So I downloaded Symantec's Vundo Removal Tool, ran it in Safe Mode as per the instructions, but even that didn't fully get rid of it. A couple of reboots, and the thing was back with a vengence. Searched and searched online, but there's virtually no useful help out there for it. Then I had a bit of a brainwave... why not employ some old school skills to kill this high-tech little bug?

That wonderful little file that's so seldom used anymore... AUTOEXEC.BAT. Just put one simple little command in the AUTOEXEC.BAT to run on the next boot up, and the bug was finally dead...

del C:\WINDOWS\SYSTEM32\aahsfu.dll

That's it. The best part is, that command will work for anyone else who's having the same problem, all they have to do is substitute the file name in italics above. (and the path, if your AV tells you the file is located in a different location) Since there's so little useful help out there, I figured I'd post the solution, and hopefully some other poor soul who's got it will stumble across this little solution.

Ahh DOS, how I miss you sometimes...



Post a Comment

<< Home