Trojan

How to remove “Trojan:Win32/Vundo.OD”?

Malware Removal

The Trojan:Win32/Vundo.OD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Vundo.OD virus can do?

  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan:Win32/Vundo.OD?



File Info:

name: AD7F5FA7B3628D71ED14.mlw
path: /opt/CAPEv2/storage/binaries/4203490f361e20ef651964fb48dc7f86e751ba7e1c9d7a3983e53857cb52ce7b
crc32: 8E5E4C4B
md5: ad7f5fa7b3628d71ed1474c690f14f00
sha1: 920a84f4eb59e7a18e03b5abd95781534bbd401e
sha256: 4203490f361e20ef651964fb48dc7f86e751ba7e1c9d7a3983e53857cb52ce7b
sha512: 8f2aa8e14eae85e383c8ef53814e0e92f597521b5f3f2af72499cb5a74a029e80f4250274457d232f1dd1c91f0a165be63017e8b2bf3d34914db1a712cc04665
ssdeep: 1536:kXoD9l2IGU0jGltzoaImjOQzzH4uHdQ6r6RxcoCxqDKodFFkfAwwrRR1tg:kXCl2Dktzv5XHfHi6ezcoCxqDrtg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T150C3CF6271E4026AC0814238DD3B07DED7077E810E55AA57AFA7B66FFCB42476E3103A
sha3_384: ee6e753283d564a659a9d1bb537586e19ab713a1bcf82714ccb83d8b362f8f2fc654b10e7d476eaec2c7f2b6fb397d93
ep_bytes: 558bec6aff681821010168c805010164
timestamp: 2011-11-16 10:18:41


Version Info:

CompanyName: Microsoft Corporation
FileDescription: MSCANDUI Server 
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
InternalName: MSCANDUI
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSCANDUI.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.5512
OleSelfRegister: 
Translation: 0x0409 0x04b0

Trojan:Win32/Vundo.OD also known as:

LionicTrojan.Win32.Generic.lyLE
Elasticmalicious (high confidence)
DrWebTrojan.Mayachok.557
MicroWorld-eScanGen:Trojan.AppInitDLL.hu0@amYPVSaP
FireEyeGeneric.mg.ad7f5fa7b3628d71
CAT-QuickHealTrojan.Vundo.Gen
McAfeeGeneric Dropper.abj
CylanceUnsafe
ZillyaTrojan.Pakes.Win32.17252
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0035086b1 )
AlibabaRansom:Win32/PornoBlocker.0eed4984
K7GWTrojan ( 0035086b1 )
Cybereasonmalicious.7b3628
BitDefenderThetaAI:Packer.DB99294021
CyrenW32/Lampa.A.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.VMQ
APEXMalicious
TrendMicro-HouseCallTROJ_VUNDO.SMKK
Paloaltogeneric.ml
ClamAVWin.Dropper.Agent-36339
KasperskyTrojan-Ransom.Win32.PornoBlocker.acoz
BitDefenderGen:Trojan.AppInitDLL.hu0@amYPVSaP
NANO-AntivirusTrojan.Win32.Pornoblocker.ftzat
AvastWin32:Vundo-LK [Trj]
TencentMalware.Win32.Gencirc.10bb0b58
Ad-AwareGen:Trojan.AppInitDLL.hu0@amYPVSaP
EmsisoftGen:Trojan.AppInitDLL.hu0@amYPVSaP (B)
ComodoTrojWare.Win32.Kryptik.VMQ@4kyhvr
VIPREGen:Trojan.AppInitDLL.hu0@amYPVSaP
TrendMicroTROJ_VUNDO.SMKK
McAfee-GW-EditionBehavesLike.Win32.Fujacks.ch
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Virtum-Gen
IkarusTrojan-Dropper.Win32.Cidox
GDataGen:Trojan.AppInitDLL.hu0@amYPVSaP
JiangminTrojan/Pakes.ood
WebrootW32.Vundo.Gen
GoogleDetected
AviraTR/Ransom.Blocker.EL
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.17B
ArcabitTrojan.AppInitDLL.E57D82
ViRobotDropper.Cidox.Gen.A
MicrosoftTrojan:Win32/Vundo.OD
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Lampa.R17010
VBA32OScope.Trojan.Cidox.05
ALYacGen:Trojan.AppInitDLL.hu0@amYPVSaP
MalwarebytesMalware.AI.3746477404
RisingTrojan.Generic@AI.100 (RDML:J1zyfRGtSt5X2zrKbEw7/g)
YandexTrojan.GenAsa!T9Plk1FAvK4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3290525.susgen
FortinetW32/Cidox.IRM!tr
AVGWin32:Vundo-LK [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Vundo.OD?

Trojan:Win32/Vundo.OD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment