Comments on: VirtuMonde

By: spybot - virtumonde - Comunidad GX

spybot - virtumonde - Comunidad GX — Sat, 22 Aug 2009 22:13:23 +0000

[...] que no estas detectando y que la sigue corriendo.. ..lei que es un troyano mira esta pagina Remove VirtuMonde (Removal Instructions) | 411 on Spyware tiene muchos process asociados, como era de imaginar [...]

By: Yvonne

Yvonne — Sat, 04 Jul 2009 02:06:47 +0000

Just to let everyone know that people are getting it back because there is a process in task manager call msa.exe that i think is part of the virtumonde thing and if not stopped and deleted off hard drive (search for msa.exe) it keeps reloading They think there clever making these programs to steal things but there just another type of criminal. BORING

By: Mike

Mike — Wed, 06 May 2009 15:59:16 +0000

I was experiencing the same symptoms as listed by virtu…ces above – the thing was reloading processes faster than I could scan and fix them with HijackThis, or anything else. Even in Task Manager, if you killed a process it would reappear in a few seconds. There was one particular BHO in Internet Explorer that was the culprit. Once I deleted that BHO, then HijackThis and the anti-virus program could really delete the virus (I use Zone Alarm). It made no difference if Internet Explorer was open or not. In Internet Explorer, go to Tools – Internet Options – select the Programs tab – click on the Manage Add-Ons button. The one on my machine had a weird name like {nnn….}. While there you might want to disable a bunch of the other junk you find. I hope this helps – the next step was to totally rebuild….

By: Raymond

Raymond — Sat, 10 Jan 2009 15:20:48 +0000

Remove the hatd drive from the infected computer, attach it to another that has autorun diabled. Scan the computer with Malwarebytes, Spybot, and Webroot or what ever virus scanner you have. Scanning the drive while it is attached to another computer will prevent any of the files from being loaded into memory or locked, preventing them from being removed.

By: virtumondemakersarefeces

virtumondemakersarefeces — Mon, 05 Jan 2009 03:26:00 +0000

I rarely use Microsoft Internet-Explorer but I did so to find a radio website that needed ActiveX. After opening IE, I started getting pop up ads. I activated task manager and saw that there were several processes running that should not have been there. I opened Process Explorer and identified several processes acting out of the Windows sys32 file. I killed a few files I was pretty certain were viral/spyware/crap by delete or rename-n-delete or process kill. I also used Hijack this to remove some BHO. AVG noted that my boot sector had been changed. I noticed that processes and files were appearing as I was killing them. I went to Internet Options and turned off ALL activeX garbage. This help to stop 75% of the new processes but there was a single .dll file I could not remove. I downloaded Malwarebytes from a cache page of a Google search because the Virtumonde was blocking primary access to certain webpages. After running Malwarebytes, my computer appears free of Virtumonde and I was able to remove the last BHO for a deleted dll using HijackThis.

By: wizboss59

wizboss59 — Fri, 02 Jan 2009 19:21:20 +0000

My Lenovo laptop running XP pro was infected with malware “virtumonde” which randomly opens browser windows, pop-ups, installs trojans and displays warning messages.
Also, it seem to have turned off the firewall, automatic windows updates and Norton. I was able to turn on the firewall but not the automatic updates and I believe that Norton was corrupted as it can’t be updated and/or turned on.
Reboot was problematic, it failed several time but finally rebooted okay. The performance however was very poor. Since Norton was disabled, I have downloaded and ran the AVG free version. It detected and cleaned 2 trojans but other trojans kept appearing. I ran Spybot and it detected three entries of virtumonde (virtumonde.generic, virtumonde.dll and virtumonde.sci). I selected them, clicked fix and it checked them as removed but it didn’t as in the next scan they showed up again. I also downloaded and ran a Symantec “FxVmonde” removal tool which didn’t find anything. I ran Ad-Aware which detected a couple of Trojans and removed them but it didn’t solve the problem. My next step was to do it manually. I searcehd for the processes and key registries that are mentioned here and didn’t find them. I then uninstalled AVG, Spybot and Ad_Aware. I didn’t uninstall Norton as I don’t have the key to run the tool. I downloaded Windows Defender from MS’s site. It took a couple of validations before it was downloaded. I ran windows defender which detected the Trojan files: Vundo.gen!J, ZangoShoppi…., Vundo.gen!Y, Conhook.D. and asked to reboot the PC.
After the reboot the malware was gone and my laptop is back to life again. It took me tree days of trials and errors to solve this and I hope that this will help a lot of people that are struggling with this menace. Good luck!

By: Virtumonde

Virtumonde — Wed, 17 Dec 2008 18:30:42 +0000

[...] you might wanna look at this webpage Remove VirtuMonde (Removal Instructions) » 411-Spyware.com Spybot can do pretty well, use it to delete the virus, restart computer, then use Spybot again to [...]

By: Robert Keller

Robert Keller — Mon, 24 Nov 2008 21:16:51 +0000

I’ve had this virus before, and now I have it again. I got rid of it before by running Spybot search and destroy, deleting the found files, and then immediately
running a system restore to a point before infection. I then was able to delete the remaining dll file and any other lingering files. Next, I created a “dummy’ dll
file in the system32 folder and gave it the same name as the deleted, malicious dll (don’t ask me why–I didn’t really know what I was doing but I thought
I’d give it a try). I ran Spybot again after that and it detected nothing. The virus stayed off my computer for months before I got re-infected online.
So, that’s my strategy this time around, and hopefully it will work. By the way, to those who created this virus–you should rot in a
Siberian dungeon, eating rats for survival. You’re worthless, and I wish extreme bad karma on you!

By: markthegreat

markthegreat — Mon, 17 Nov 2008 20:33:28 +0000

the guys who made this program were so you buy their product, personnally i think they should be shot…If i knew who it was and they lived in my town I would personally take care of them!! because they cause us alot of grief for profit…bastards

By: Mersi

Mersi — Thu, 02 Oct 2008 07:41:03 +0000

I FINALLY got rid of virtumonde with Spysweeper. Finally killed Virtumonde!! and removed it, no more annoying IE pages opening randomly. (I’ll give it a few days to make sure) This creepy thing disabled Spybot search and destroy’s ability to remove it as well as AVG. they could identify it , quarantine it , and then it was BAAAAck. I couln’t install Mcaffee either, and Norton didn’t detect it. So I am now using AVG in combo with Spy Sweeper by Webroot, and I am going toB Beta demo their virus software as well. I have used Norton for years, and was disappointed that Virtu managed to disable it, which let other viruses in as well. Thanks for this site. I found it on google, just to see how others were doing with this thing, once I had identified it.