Aliases: Backdoor/Win32.Cidox (AhnLab) TR/Kazy.117219.78 (Avira) Trojan.Vundo.GZS (BitDefender) W32/Downldr2.IZLI (Command) Trojan.Mayachok.18579 (Dr.Web) Win32/Citirevo.AE (ESET) W32/Cidox.ACIO!tr (Fortinet) Virus.Win32.Vundo (Ikarus) Trojan.Win32.Cidox.acio (Kaspersky) Vundo (McAfee) RDN/Downloader.a!bm (McAfee) Vundo.gen18 (Norman) Troj/Mdrop-ETG (Sophos) Trojan.Vundo (Symantec) TROJ_CIDOX.DH (Trend Micro)
Vundo is often installed as a browser helper object (BHO) without your consent, by other malware.
This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
The following Microsoft software detects and removes this threat:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
This threat tries to steal your sensitive and confidential information. You should change your passwords after you've removed this threat:
You might need to take the following steps to completely remove this threat from an infected network, and to stop infections from recurring from this and other similar types of network-spreading malware:
Note: You might also need to temporarily change the permission on network shares to read-only until the disinfection process is complete.
This threat tries to use the Windows Autorun function to spread via removable drives, such as USB flash drives. This is a common malware behavior. You can find out how to turn off this feature in the article How to disable the Autorun functionality in Windows.
This threat may be distributed through exploits. After removing this threat, make sure that you install all available updates for your PC.
This threat can make lasting changes to your PC's configuration that are not restored by detecting and removing this threat. There is more information about returning an infected PC to its pre-infected state in the following articles: