VundoFix Tool

If you have become infected with the WinFixer/WinAntiVirus/SystemDoctor/Vundo variant, try the following:

Please download Atribune's VundoFix.exe from http://vundofix.atribune.org/ and save it to your desktop. To use the tool, follow the instructions below.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES.
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix may encounter a file it could not remove. In this case, VundoFix will attempt to run again on reboot. Simply follow the above instructions starting at the second bullet.

How to Prevent Reinfection

If VundoFix worked for you and cleared up your popup problem, then you should check to see what version of Java you're running. There are vulnerabilities in earlier versions, which are actively being exploited. It is possible that this is how you got infected with malware. Examine the scan results of VundoFix located in the file C:\VundoFix.txt to determine your current version of Java.

Example text:
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

If you are using any version of Sun Java that is prior to JRE Version 6.0, then you are strongly urged to update ASAP to the latest version for free at: http://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=en&host=java.com

After you have successfully installed the new version of Java, go to "Control Panel" » "Add/Remove Programs", and uninstall any/all versions that are prior to "Java SE Runtime Environment 6." Another good idea is to install all Windows Critical Updates. Many variants of Vundo have been installed through IRC bots that use flaws in the Windows Operating System.

Other Tools

Four additional free products that are helpful at removing and preventing a large majority of spyware are:

• Lavasoft Ad-Aware
• Spybot Search & Destroy
• Windows Defender
• Webroot Spy Sweeper