This is yet another adware that spies your computer and should be removed!
The AOL Active Virus Shield license has expired and sadly AOL isn't continuing the service. So its left to me to defend my sys against the world of viruses trojans and adwares or in short all other malwares.
Win32.Vundo as experts call it,
- Often get popups
- Microsoft Internet Explorer: Work Offline , Cancel window even when not browsing
- Strange tabs on Firefox like
Apparently this virus is a spy, it sends information on sites you are visiting to the suspicious IP address.
The virus resides in the famous folder %SYSTEM_ROOT%\system32 (,for example C:\windows\System32). There are so many files in this folder, so the makers find it easier to hide'em in the system32 folder.
As usually you would need the help of regedit to get rid of the virus.
run regedit and go to the usual location
Check for any anomalies in names like wierd combination of letters which doesn't mean anything. The virus names itself randomly for example (jmmjqusl.dll) a combination of 8 letters. Look for the RunDll32.exe XXXXXXXX.dll,X.
Thats where the virus is and XXXXXXXX is its name.
- Now navigate to the System32 folder rename the virus to something say DELETEME.
- Reboot your system.
- Now a popup must appearing saying Rundll32: Cannot find XXXXXXX.dll
- Now goto the regedit as before and delete the entry.
- Repeat for the same in RunOnce in regedit.
Now you must be free.
Delete this registry folder
if it contains an entry to one of the malware dll. Don't know what it stands for, but its better to be deleted.
Waiting for more viruses ...
Someone do something about 18.104.22.168
Vundo Removal Tool