Aliases: Backdoor/Win32.Cidox (AhnLab) TR/Kazy.117219.78 (Avira) Trojan.Vundo.GZS (BitDefender) W32/Downldr2.IZLI (Command) Trojan.Mayachok.18579 (Dr.Web) Win32/Citirevo.AE (ESET) W32/Cidox.ACIO!tr (Fortinet) Virus.Win32.Vundo (Ikarus) Trojan.Win32.Cidox.acio (Kaspersky) Vundo (McAfee) RDN/Downloader.a!bm (McAfee) Vundo.gen18 (Norman) Troj/Mdrop-ETG (Sophos) Trojan.Vundo (Symantec) TROJ_CIDOX.DH (Trend Micro)
Vundo is often installed as a browser helper object (BHO) without your consent, by other malware.
This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
The following Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
This threat tries to steal your sensitive and confidential information. You should change your passwords after you've removed this threat:
Recovering from recurring infections on a network
You might need to take the following steps to completely remove this threat from an infected network, and to stop infections from recurring from this and other similar types of network-spreading malware:
- Ensure that an antivirus product is installed on ALL computers connected to the network that can access or host shares
- Ensure that all available network shares are scanned with an up-to-date antivirus product
- Restrict permissions as appropriate for network shares on your network. See Use Access Control to restrict who can use files for more information.
- Remove any unnecessary network shares or mapped drives
Note: You might also need to temporarily change the permission on network shares to read-only until the disinfection process is complete.
Disable Autorun functionality
This threat tries to use the Windows Autorun function to spread via removable drives, such as USB flash drives. This is a common malware behavior. You can find out how to turn off this feature in the article How to disable the Autorun functionality in Windows.
Update vulnerable applications
This threat may be distributed through exploits. After removing this threat, make sure that you install all available updates for your PC.
Additional remediation instructions for Win32/Vundo
This threat can make lasting changes to your PC's configuration that are not restored by detecting and removing this threat. There is more information about returning an infected PC to its pre-infected state in the following articles: