How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.
Credits: Atribune for VundoFix

What this program does: Trojan.Vundo is a component of an adware program that downloads and displays pop-up advertisements. It is known to be installed by visiting a Web site link contained in a spammed email.

Tools needed for this fix:
Vundo Fix   (To use the tool follow the instrctions below.

Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button. Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. 

 Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from “Click the
Scan for Vundo button.” when VundoFix appears at reboot.)
VirtumundoBegone
Note: The entries shown below may have different file names. You will though, have a 02 entry, that may contain the word “MSEvents” and a 020 entry that has the same file name as the 02 entry. For example, as you can see the following color coded sets each have a O2 and O20 entry with the same filename.

O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\ddaya.dll
O20 - Winlogon Notify: ddaya - C:\WINDOWS\System32\ddaya.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\ssqrs.dl
O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\ssqrs.dll

Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib.

Preperation Steps:

Please do both of the following before we start:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Save these instructions in word or notepad to the desktop where they can be easily found.

At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things will help to get it back to how it was in a faster manner.
Removal Steps:

 Download VundoFix.exe and save it to your desktop.
Double-click VundoFix.exe to run it.
Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a minute or less.
When VundoFix reopens, click the OK button.
Click the Scan for Vundo button.
Once it’s done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click the YES button.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click the OK button.
When the computer has shutdown, turn your computer back on.
The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2.
 This step should only be used if the instructions in Step 1 did not remove the infection.

Download VirtumundoBegone and save it to your desktop.

VirtumundoBegone

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished

________________________________________________________
This is a self-help guide. Use at your own risk.
Spyware Stop.net can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log.

If you have any questions about this self-help guide then please post those questions and someone will help you.