I got it on my computer at work and our IT guys had a terrible time with it. I lost alot of information with it.

Sorry and good luck!

I have it and it is a pain in the azz... I did find something this morning on it and they say it works but I need to do it when i get home...

Please download ComboFix by sUBs from either of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe>
http://subs.geekstogo.com/ComboFix.exe>

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

not much on that particular spelling just searching for your virus by name. what AV software are you running and what does it specifically call it when the AV picks it up?

I think it should say Vundo.Trojan there is a d3dxo.dll file that infects your comp.. and you cant delete it....

Ya, it is supposed to be "Vundo", not Kundo. I will get Claire to look at this thread later and see what she can do. Thanks everybody!

I thought using a Trojan was suppposed to protect you from catching a virus..
(sorry, couldn't resist)

Mcafee has some good info on removing it

Check this site out. It might help





Tools needed for this fix:

* Vundo Fix
* VirtumundoBegone (if VundoFix does not work)


Note: This infection is normally detectable by users receiving popups when they use the internet. Your antivirus program might also notify you via an alert that you have a Vundo Trojan on your computer. If you happen to have Hijackthis installed on your computer, you will be able to verify whether you have the Vundo infection, as there will be a matching O2, and O20 entry, with the same randomly named .dll file. In older infections the O2 entry normally contained the word "MSEvents". Please note you normally do not need Hijackthis installed to remove this infection, and the above details may only make sense to experts in this field, so don't panic.

Symptons from a Hijackthis log:

Below is an example of a Vundo infection, though there are many different filenames.

O2 - BHO: (no name) - {EFCB1D95-FFF6-47BB-B6C9-61A523F04322} - C:\WINDOWS\system32\vturr.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll

Revision History:
01/09/07 - Updated guide to reflect updates to the tools.



Removal Steps:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Save these instructions in word or notepad to the desktop where they can be easily found.

3. Download Vundo Fix and save it to your desktop.

4. When it has completed downloading, double-click VundoFix.exe to run it.

5. Click the Scan for Vundo button.

6. Once it's done scanning, click the Remove Vundo button.

7. You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.

8. When completed, it will prompt that it will shutdown your computer, click the OK button.

9. When the computer has shutdown, turn your computer back on.

The WinFixer and Vundo infection should now be removed from your computer.

If you are still having a problem then please perform the following steps.

This step should only be used if the instructions in the previous steps did not remove the infection:

1. Download VirtumundoBegone and save it to your desktop.

2. Now reboot into Safe Mode.

1. This can be done tapping the F8 key as soon as you start your computer

2. You will be brought to a menu where you can choose to boot into safe mode.

3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.

4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,

3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

The WinFixer and Vundo infection should now be removed from your computer. Conclusion

If after attempting the instructions in this guide the infection is still present, then it is advised that you post your HijackThis log so one of our experts can help you remove the infection. It may be that you have a new variant that the tools cannot yet remove, or you have a stubborn infection. Instructions on how to post a HijackThis log can be found here:

Preparation Guide For Use Before Posting A Hijackthis Log


This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

sounds like a good removal tool to me.