How To Fix vundo.trojan and safe mode problems

TIP: You should click here to fix Windows errors and optimize system speed.

vundo.trojan and safe mode problems is the name of the error that contains information about the error, including the reason why it occurred, which system component or application was malfunctioning that caused the error, and other information. The numerical code in the name of the error contains data that can be decoded by the manufacturer of the faulty component or application. An error using this code can occur in many different places in the system. Although the name contains some details, it is still difficult for the user to find and eliminate the cause of the error without specialized technical knowledge or the appropriate software.

From the Forums

A user in the forum details it further:

I'm writing this for a friend who is now without a computer because of the issues she's having. She doesn't want to lose all of the information on the computer, but she really needs her computer back. She tried rebooting, but it's stuck in safe mode with no way to get out, no way to continue running the rest of the steps and there's nothing else she can do. It told her to download a thing to remove the virus, but that didn't work and so she went ahead to follow the instructions for manual removal. (found here: ) She turned off the system restore and got all the way into safe mode, but when she got into safe mode all that was there was a black screen, 'safe mode' in the four corners, her system specifications along the top and the mouse cursor.

tap f8 when booting and try last know good configuration if this gets you back in follow greyknights instructions here She discovered that she had the vundo trojan virus and went to the norton site to get rid of it. The mouse worked but there was nothing else there.

If anyone could help that would be great and if anymore information is needed I can do my best to provide it. Thank you!

What causes vundo.trojan and safe mode problems

If you received this error on your PC, it means that there is a malfunction in your system. Common causes are incorrect or unsuccessful installation or removal of software that could leave invalid entries in the Windows registry, the effects of a virus or malware attack, an incorrect system shutdown due to a power failure, or another factor in which a person with little technical knowledge accidentally deletes the required A system file or registry entry, as well as several other reasons. The immediate cause of "vundo.trojan and safe mode problems" is a failure when one of its normal operations is properly started by a system or application component.


More info on vundo.trojan and safe mode problems

RECOMMENDED: Click here to fix Windows errors and optimize system speed.

Trojan.Vundo (safe mode doesn't work)

I have a recurring Symantec window saying that it detected de Trojan.Vundo but it is unable to eliminate it. How can I clean this trojan? etc. There are no icons, no task bar, nothing!

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis


I have followed all the recomendations to try and delete it but everytime I try to reboot in Safe Mode (without networking) the only thing I get is a black background with the words "safe mode" on each corner of my screen. Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested?

Trojan Vundo Can only load programs in safe mode

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

When finished, it shall produce a log for you. ComboFix may reboot your machine. I removed malwarebytes, spyware doctor and spybot search and destroy. This is normal.

I can run applications from external drives and in safe mode. One or more of the identified infections is a backdoor trojan. This is normal. I cannot even manually start auto protect.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Trojan Vundo was found by Norton. That may cause it to stall. Please include the C:\ComboFix.txt in your next reply.
Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled.

Please help. Also when I start my computer in safe mode or normally, Norton will not enable auto protect...

Solved: Please help! Trojan.vundo infection and unable to boot in safe mode

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Have tried Symantc antivitus and numerous spyware removal tools but none would remove the trojan completely. Now am waiting for some expert assistance from you.

But i guess it didn't really remove the trojans because after reconnecting to the net, pop-ups would start coming back.

(The infected laptop connects wirelessly to the internet but since the problem is persistent, I have switched off the wifi since yesterday). Any help is much appreciated. My system's been infected with this virus since yesterday. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: vzTCPConfig -
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.d...

Trojan browser redirect & safe mode problems

My computer seems increasingly affected by one or more malware that is redirecting the browser, bogging down the system, and preventing me from booting in safe mode. Continue here:

Help is appreciated.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:02 PM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

Have Vundo and can't reboot in safe mode....

If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully.

The scan will begin and "Scan in progress" will show at the top. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. MBAM may "make changes to your registry" as part of its disinfection routine. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwa...

Possible Vundo, can't run Windows in safe mode.

But I can't, which is what worries me the most about this virus. Search engines and websites redirect every once in awhile, and I've been getting a lot of random pop-ups (mostly fake news sites).

So I'm having a little bit of trouble with this virus. I'll edit with the DDS/Rootkit Scanner logs.

AVG Free has been picking up new files that have been infected with Vundo every couple of hours (also Trojan.GENERIC15OBH but it's not picking that up anymore), but doesn't seem to be doing a good job of removing them. Every time I try to, it goes back to the boot menu and says "Windows failed to start" until I choose to reboot normally. Malwarebytes won't run because of corrupt files, and I can't seem to reinstall it. If I could get Windows to run in safe mode, virus-scanning would probably be a bit more effective.

So I ran Vundofix, which didn't find any Vundo. Quote:

I'll edit with the DDS/Rootkit Scanner logs. Logging into Windows is also taking a ridiculously long time.

VundoFix can't remove Vundo even in safe mode :(

When finished, it shall produce a log for you. After running Ad-aware scan I found cbxxy.dll in my computer. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. I ran it several times even in safe mode.

To do this click Thread Tools, then click Subscribe to this Thread. Before beginning the fix, read this post completely. I've tried several things but it's not working... Also, I have Norton Personal Firewall, but all of the sudden it is permanently disabled :( and I can't seem to enable it anyway...

Ensure that there aren't any opened browsers when you are carrying out the procedures below. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. That may cause it to stall


Open HijackThis and click on 'Do a System Scan and save a Logfile'.

Make sure it is set to Instant Notification, then click Subscribe. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
R0 - H...

Vundo.exe - keyboard won't work in Safe mode

What other kind of information do you need? I installed the lastest XP Bios. The mouse works, but the keyboard doesn't, so I can't enter the HJT O2 and O20 filenames. I get all the way to running the VundoFix.exe, but my PS2 keyboard won't work in Safe Mode.

But make sure you have run ALL steps in the Sticky thread READ & RUN ME FIRST Before Asking for Support

What do you suggest? I have followed instructions as they have been posted for others below:
Scans: Adaware, CCleaner, MS AntiSpyware, SpyBot, etc.

I've been reading other posts on how to recover from the trojan.vundo.exe infection.

Cannot access Safe Mode - suspect Vundo

Now the system will not boot. I do not want to use it. I booted into safe mode (icons still disappeared) and tried from there--still would loop (used McAfee, Anvir, etc).

Anvir found Vundo but would also loop.

My computer was infected with the Vundo virus. Manually tracked down offending files and deleted them, edited out entries in registry so it would not access them, and set computer to boot into safe mode. Upon reboot, computer now asked for password for both Admin and my account (did not have one before).

Attempts to go to the Safe Mode password logon screen and resets. I feel like I am close to correcting the issue. This nasty bug has stopped me at every turn. I first noticed it when the desktop icons blanked.

Used Password Renew to set up another account with Admin access. Attempted to access SAM file; however, it was locked from user access as was C:\Windows\system32\config\default. Used Ultimate Boot CD for Windows re-ran virus checker and Spybot both cleared files.

Any help would be appreciated.

Please see the TSG Rules, we no longer provide any help with lost passwords. I have a DriveXML backup that is one year old. Obviously, we can't determine the real intent here, so our policy is to abstain from any assistance in these matters. Is there some way to fix this?

I ran Anti-Virus programs; however, they would only loop once they finished.

Vundo Virus - Blue Screens and No Safe Mode

Do not mouseclick combofix's window whilst it's running. Post the ComboFix.txt in your next reply. When finished, it shall produce a log for you.

Please uninstall either AVG or Norton. Download Combofix and save it to your desktop. I am unable to log into safe mode; it will show the login screen for 3 seconds before restarting. Double click on combofix.exe & follow the prompts.

When I run Vundo-removal tools, whenever it repairs/deletes the files, I get a blue screen.
2. Here are some symptoms:

1. Here is my HJT scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:51:01 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ut...

safe mode boot error/slow computer/vundo removed

There are also a few programs in my start up menu that I don't recognize or think belong. I then proceeded to reboot my computer in safe mode to run my antivirus and I got the blue error screen with the following code " Stop: 0X0000007B (0XF78B5524, 0XC0000034, 0X00000000, 0X00000000) "My antivirus has found Vundo, but I was under the impression I had quarantined it. Here's the Hijack this log"Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:08:58 AM, on 11/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exeC:\Program Files\Dell Photo AIO Printer 944\memcard.exe...

Vundo.H, can't boot in safe mode, no internet, and other possibly related issues

I am currently about an inch away from just formatting the harddrive, but I have one of those systems where the windows boot disc is on a partition of the HD, and I can't find the little piece of paper that has the details on it. It doesn't detect any wireless networks, and repairing the connection doesn't work. I have never, in 2.5 years, had that problem before. Plus, I hate letting the malware win. :/

Any help would be hugely appreciated!

Although I stopped them from entering the startup list, it was to no avail, and I now have a fullblown infection on my hands. I haven't been using it very much lately, but when I booted it up about a week ago, WinPatrol flashed up a bunch of alerts for files with names like lupebuva.dll and rasawofu.dll. Malwarebytes Anti-Malware is telling my I have trojan.vundo.H, but I can't save a log, because I can't get Anti-Malware to get right through the quarantine process; it freezes around the time it's quarantining the registry. And without further ado, a HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:21:43 PM, on 3/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\Program Files\Intel\Wireless\B...

After Effects Of The Vundo: Explorer.exe Keeps Closing And Restarting. Vista Only Boots In Safe Mode.

The computer still runs way slower than it used to before the vundo came. I have researched this error a lot and it seems to be a virus. The following are the antivirus/antispyware/parformace programs i have:spybot s&dlavasoft ad-aware 2008avg 8.0regcuremalewarebytes anti-malwarewindows defendercombofixhijackthisbitdefender antivirus 2009I would really appreciate help.
My explorer.exe keeps closing and restarting every 3 seconds.

I don't know if its completely gone. - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: getPlus? Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Upd...

Constant disconnects in normal mode,no problems in safe mode.

Some steps are a bit complicated. DDS.txtAttach.txtResult.txtFSS.txt

Web,Super AntiSpyware,TDSSKiller. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.

But everything was just a temporary fix. Run the scan, enable your A/V and reconnect to the internet. If things are not clear, be sure to stop and let me know. I appreciate your understanding and diligence.===================================================Additional InformationIf you have since resolved the original problem you were having, I would appreciate you letting me know.

I would be happy to focus on the many others who are waiting in line for assistance. Please perform the following scan again:Download DDS by sUBs from one of the following links if you no longer have it available. Just a few things I've done:
Cleared the cash and cookies of the browser;
Cleaned the registry with Glare and CCleaner;
Changed Power schemes to "Always on";
Used System Restore(in Safe mode);
Ran Dr. After downloading the tool, disconnect from the internet and disable all antivirus protection.

I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes...

Solved: Problems after recovery mode (NOT SAFE MODE)

Also, when I log in on windows, there is a "Found New Hardware" box for video controller. I can only go on the Internet normally through Safe Mode. I have a Windows XP Professional, specifically a Media Center PC.

First things first, I've had a serious issue ever since my computer was reset through recovery mode..the second Firefox loads in normal mode, it completely freezes up, and I'm not even able to end the process through task manager.

Please help!


I also saw that there was a yellow exclamation near Video Controller and Video Controller (VGA compatible). Is it possible that my video card got corrupted, and is this an easy fix?

I tried loading with Internet Explorer, still no luck. Safari same deal.

Vundo Trojan; BSOD on normal mode startup.

My operating system is Windows XP, and I will have a HJT log pasted to this in a bit.

McAfee Scan detected quite a few (I would like to say about 50-60) Vundo, and Vundo related, viruses.
-When attempting to boot into normal mode I get the "blue screen of death." I may only boot into safe mode. If you need more information, please reply!


Oh, I need help with the removal of Vundo, I forgot to mention this. ;]

Thank you!

Solved: Problems with Dowloader.Trojan and Trojan.Vundo

Here's a copy of my Hijackthis log. My computer is running so slowly, as to be almost unusable. If you can help solve these problems, my sanity will be restored!

Logfile of HijackThis v1.99.1
Scan saved at 18:27:16, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

Trying to get rid of trojan and can't get into safe mode

Do not use the computer before all spyware removed." I was also getting popup windows and popup 'bubbles' from a red X icon in the taskbar tray.Ran an AVG scan which identified trojan horse SHeur2.AYIK, and supposedly 'healed' it, but the wallpaper and popups didn't go away. It started, but couldn't complete the process - can't remember the exact error, but I think I got a message saying there were files it couldn't access. Then I downloaded ATF and SUPER as recommended in the other thread, but ran into the same problem of still not being able to get into Safe Mode. Also tried System Restore, but it said there were no restore points available.

and ending with "Technical information: ***STOP: 0x0000007B (0xF8A6A528, 0xC0000034, 0x00000000, 0x00000000)"This blue screen flashes by very quickly, and it goes to a black screen with the text "We apologize for the inconvenience, but Windows did not start successfully...." and options to start into Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Last Known good Configuration, or Start Windows Normally. Still can't get into Safe Mode.Need help on where to go from here. That stopped the popups and took away the black box with warning message on the wallpaper, but the blue background stayed, and I still couldn't change the desktop. Will also browse the rest of the forum to see how to prevent this from happening again.

I was running both AVG and ZoneAlarm (free versions) when this happened. When I us...

Can't End Trojan in Safe Mode

When I booted back to regular mode IE was disabled. post us a hijack this log...
The other problem is when I ran my updated Symantec anti-virus, it removed the trojan, but guess what? What can I do to shut down those two exe's in Safe Mode?

The problem is that even when I boot into Safe mode, I cannot end the two processes it runs which are: SMSSU.EXE and Tmntsrv32.EXE. So I guess the main question is... Symantec calls it Trojan.StartPage.O and you can get the details here.

When I disable the process and disable the process tree, they just pop right back up and keep running. I had no desktop items and couldn't even get the start menu to pop up. I am having a really difficult time with a Trojan that has infected my PC. I had to go through the task manager and restore everything Symantec had removed.

How can I disable this?

Hey all.

Locked out of safe mode, by trojan?

My father's computer was severely messed up and he asked if I could fix it. There ended up being about 10-15, the two types I remember were Trojan.dropper, and Trojan.alwayup. It said that it could repair or quarantine them, access denied. I called tech support and they had nothing to say except reformat.

I used adaware and spybot to take care of most of that junk, but a real problem came when I used symantec antivirus to try and clear up any virus'. The problem here lies in that, because I checked the box in "msconfig", even if I hit F8 during start up and tell it to restart in normal mode, it still starts up in safe mode. But when I restarted the computer, my father's password wouldn't be accepted on the windows login. So I followed the symantec website's recommendation to restart in safe mode and try running the scan again.

I followed the instructions to run "msconfig" from the "run" menu and selected "safe mode" in the reboot. Is anyone familiar with any virus' that change the login passwords?

LATEST TIP: You should click here to fix Windows errors and optimize system speed.

Recommended Links:

(1) Download (vundo.trojan and safe mode problems) repair utility.

(2) vundo.trojan and safe mode problems

(3) Trojan.Vundo (safe mode doesn't work)

(4) Trojan Vundo Can only load programs in safe mode

(5) Solved: Please help! Trojan.vundo infection and unable to boot in safe mode

Note: Manual troubleshooting of vundo.trojan and safe mode problems is only recommended for advanced computer users.Download this automatic repair tool instead.