Trojan:Win32/Vundo!G removal

The Trojan:Win32/Vundo!G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Vundo!G virus can do?

Behavioural detection: Executable code extraction – unpacking
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/Vundo!G?


File Info:
name: 3BECCD02C4C5ECE8302F.mlw
path: /opt/CAPEv2/storage/binaries/198b6a6894019ef4f3372dfd1dd43ea4bd7f7a150671a464e2ccf9fa2f274234
crc32: AD994E36
md5: 3beccd02c4c5ece8302fd8769202d18f
sha1: 6d4fe8f4905541ef19c30b38c7bb2af70915abab
sha256: 198b6a6894019ef4f3372dfd1dd43ea4bd7f7a150671a464e2ccf9fa2f274234
sha512: eb6d36141e495b52a53ae389a362cd68b7e670e19a441efcc823cab3273fec8568c7143d80455fcbfcc50e507e2ff469167347a6bb6e448886c8f44207b98044
ssdeep: 1536:dpgaaW6tpZYLvJEeYdilJ07VcFRTBpoaeOMCLns2T3V1:dpghW86Lqe1UZcFTpoyMCLnsyv
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1F383021BC71C6A5BDF5A103861BA9D7DCBB0D6B48F88582BD301CA2A5D8F1143ACD41D
sha3_384: 514d5fda4c5917655e9742826ba9c4944ccc88242172354750fb6a601e802e5cf65588c773b8fa051d30c425fa3c0c43
ep_bytes: 506870430210eb5f2264f183ea01e919
timestamp: 2008-05-08 19:35:33

Version Info:
0: [No Data]

Trojan:Win32/Vundo!G also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	MemScan:Trojan.Vundo.GPD
FireEye	Generic.mg.3beccd02c4c5ece8
CAT-QuickHeal	Trojan.Vundo.Gen
Skyhigh	BehavesLike.Win32.Vundo.mc
ALYac	MemScan:Trojan.Vundo.GPD
Cylance	unsafe
Zillya	Trojan.Monderb.Win32.3568
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/Migotrup.1052ef69
VirIT	Trojan.Win32.Vundo.HC
Symantec	Trojan.Vundo
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.ADK
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Vundo-53031
Kaspersky	Trojan.Win32.Migotrup.skx
BitDefender	MemScan:Trojan.Vundo.GPD
NANO-Antivirus	Trojan.Win32.Plapon.bkwwi
ViRobot	Trojan.Win32.A.Migotrup.83968.D
Avast	Win32:MalOb-L [Cryp]
TACHYON	Trojan/W32.Vundo.83968.BB
Emsisoft	MemScan:Trojan.Vundo.GPD (B)
F-Secure	Trojan.TR/ATRAPS.Gen2
DrWeb	Trojan.Virtumod.1771
VIPRE	MemScan:Trojan.Vundo.GPD
TrendMicro	TROJ_VUNDO.SMF
Trapmine	malicious.high.ml.score
Sophos	Troj/Virtum-Gen
Ikarus	Virus.Win32.Vundo
Jiangmin	Trojan/Vundo.dos
Webroot	W32.Trojan.Gen
Varist	W32/Virtumonde.BJ.gen!Eldorado
Avira	TR/ATRAPS.Gen2
Antiy-AVL	Trojan/Win32.Migotrup
Kingsoft	Win32.Trojan.Migotrup.skx
Microsoft	Trojan:Win32/Vundo.gen!G
Xcitium	TrojWare.Win32.PkdKrap.Q@1j8qvd
Arcabit	Trojan.Vundo.GPD
ZoneAlarm	Trojan.Win32.Migotrup.skx
GData	MemScan:Trojan.Vundo.GPD
Google	Detected
AhnLab-V3	Win-Trojan/Virtumonde.Gen2
McAfee	Vundo.gen.bh
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Virtumod
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_VUNDO.SMF
Rising	Trojan.Kryptik!1.9990 (CLASSIC)
Yandex	Trojan.GenAsa!uU89i88+FJ0
SentinelOne	Static AI – Malicious PE
BitDefenderTheta	AI:Packer.8EF7CC751E
AVG	Win32:MalOb-L [Cryp]
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Vundo!G?

Trojan:Win32/Vundo!G removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X