What is Trojan:vbs/mutuodo? And how does it function?
Trojan:vbs/mutuodo is a malicious program categorized as a Trojan horse by reputable antivirus programs like Windows Defender, BitDefender, Symantec, and other well-known AV programs. This Trojan horse could do serious damage to an infected system as it can open a backdoor and download other malicious programs in the system. According to security experts, this Trojan is related to the Win32/Prifou group of Trojan horses and is also related to the adware called “PriceFountain”. So once this adware program is installed in a computer, it will also infect the computer with the Trojan:vbs/mutuodo or mutuodo virus and run malicious executable files like Win32/Prifou.exe, wscript.exe, UpdateTask.exe and other malicious files.
Upon its successful infiltration, this Trojan will attempt to root deeply into the system and create new registry entries as well as modify the existing ones so it can achieve persistence on the infected system. In addition, it could also inject malicious scripts by running the following commands:
- \wscript.exe /E:vbscript /B “%APPDATA%\PriceFountain\UpdateProc\bkup.dat”
- %APPDATA%\PriceFountain\UpdateProc\UpdateTask.exe
- %LOCALAPPDATA%\{GUID}\synhelper.exe ({GUID} stands for the 32-digit hexadecimal number).
All of these malicious scripts are injected to set the PriceFountain value. This ad-supported program is known to deliver intrusive ads on infected browsers and could track users’ activities online.
How does Trojan:vbs/mutuodo proliferate?
As pointed out, Trojan:vbs/mutuodo proliferates via an adware program known as “PriceFountain”. This adware is distributed among software bundles that are offered on free sharing sites. Aside from that, this Trojan could also infect your system via fake software or fake software updates and even torrent files.
Refer to the instructions set below to effectively kill Trojan:vbs/mutuodo from your system.
Step 1: Restart your PC and boot into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Step 2: Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt hit Enter.
Step 3: After loading the Command Prompt type cd restore and hit Enter.
Step 4: After cd restore, type in rstrui.exe and hit Enter.
Step 5: A new window will appear, and then click Next.
Step 6: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the Trojan:vbs/mutuodo. A dialog box will appear, and then click Yes.
Step 7: After System Restore has been completed, open the Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for the malicious processes such as Win32/Prifou.exe, wscript.exe, UpdateTask.exe and other malicious components of Trojan:vbs/mutuodo and end them all.
Step 8: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK to open the list of installed programs. From there, look for any malicious program that could be related to the Trojan horse and then Uninstalls it.
Step 9: Tap Windows + E keys to open the File Explorer then navigate to the following directories and delete the malicious files created by Trojan:vbs/mutuodo as well as the installer for PriceFountain.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 10: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name] this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 11: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 12: Navigate to the paths listed below and delete all the registry values added by Trojan:vbs/mutuodo.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Step 13: Close the Registry Editor and empty your Recycle Bin.
After you’re done with the steps given above, you need to continue the Trojan:vbs/mutuodo removal process using a reliable program like [product-name]. How? Follow the advanced removal steps below.
Perform a full system scan using [product-code]. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.