Intrusion Prevention System HTTP Trojan Vundo ActivityHTTP Trojan Vundo Activity 2 Antivirus Protection Dates Initial Rapid Release version May 9, 2006 Latest Rapid Release version March 6, 2017 revision 022 Initial Vundo inserts registry entries to suppress Windows warnings about the disabling of firewall, antivirus, and the Automatic Updates service, disables the Automatic Updates service and quickly re-disables it if manually re-enabled,

In order to make it more difficult to remove, Trojan.Vundo also lowers security settings, prevents access to certain Web sites, and disables certain system software.

Changes \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and RunOnce entries to start itself when Windows starts. GEOGRAPHICAL DISTRIBUTION Symantec has observed the following geographic distribution of this threat. Installs rogue security software such as Desktop Defender 2010 and Security Center with a voice .wav file telling you that your system is infected. Many of the popups advertise fraudulent programs such as AntiSpywareMaster, WinFixer, and MS Antivirus|AntiVirus 2009. Virtumonde.dll consists of two main components, Browser Helper Objects and Class ID. Functionality Trojan.Vundo was designed as a means for displaying advertisements on the compromised computer.

The Vundo Trojan (commonly known as Vundo, Virtumonde or Virtumondo, and sometimes referred Rather than pushing fake antivirus products, the new "ad" popups for the drive by download attacks are copies of ads by major corporations, faked so that simply closing them allows the Malwarebytes' Anti-Malware's executable may be deleted as soon as it is installed (depending on your infection).

