1. From http://vil.nai.com/vil/content/v_127690.htm. This is the official McAfee site. It suggests you to:
* Download Process Explorer (procexp.exe) from http://www.sysinternals.com/ntw2k/freeware/procexp.shtml.
* Reboot the infected machine
* Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet
* Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes (right-click on these process names and choose suspend)
* Scan and clean with the current DAT files and engine (the Window launched in step 3 above) [there will be clean failures, that is expected]
* Physically power the machine off and back on.(a hard reset is required as Windows will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner).
2. From http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99. This is the official Symantec site. It suggests you to:
* Download the FixVundo.exe file from: http://securityresponse.symantec.com/avcenter/FixVundo.exe.
* Turn off System Restore if you using Windows Me or XP.
* Double-click the FixVundo.exe file to start the removal tool.
* Click Start to begin the process, and then allow the tool to run.
* Restart the computer.
3. From http://www.atribune.org/content/view/24/2/. It suggests you to:
* Download the VundoFix.exe file from its own site.
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
3. Other instructions on removing Vundo are available. But you need to be careful on using them:
* If an instruction asks you to touch system registries, don't use it unless you are an "expert" of Windows system.
* If an instruction asks you to download and run a program, don't use it unless you fully trust that site and that program.