Remove Virtumonde

Virtumonde also known as Vundo, Trojan Vundo, Virtumondo, and MS Juan is a trojan designed to do the following:

  • Cause popups warning of virus and spyware infections
  • Trick user to purchase rogue anti-spyware programs
  • Slow your computer down
  • Hijack your internet browser; disallows access to websites and forces users to malicious websites for downloading additional spywae

In addition, most users report that once Virtumonde has infected their system, their Windows wallpaper is changed and this alert is displayed:

Virtumonde Warning

There are several ways Virtumonde can find its way onto your computer. The most common way is by opening a email attachment that contains the Virtumonde trojan horse. Do not click on any of the popups that Virtumonde will produce. Many of these popups advertise fraudulent rogue anti-spyware software including but not limited to AntiSpyware Master, AntiVirus 2009, AntiVirus 360, Sysprotect, Storage Protector, WinFixer, and Virus Doctor.

Automatic Virtumonde removal:

Download Virtumonde Remover

Manual Virtumonde removal:

Since the Virtumonde trojan changes quite frequently it is rather difficult to remove manually. We recommend you use the automatic removal process. However, if you want to do the removal manually you can try the following:

1.) Open Windows Registry Editor and find the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Windows\Current Version\RunOnce
(Learn how to access registry keys)

2.) Look for a registy key on the right pane that starts with *. The value of this key will point to a file on your computer. Find the malicious file.
(Learn how to locate files)

3.) Once you find the malicious file you now have to remove all access from it. To do this, right click on the file and choose Properties > Security and remove access to the file. Also delete any users in the user list and uncheck any inherited permissions; choose remove when asked. Click Okay to save changes.

4.) Reboot your PC. After the reboot, the Virtumonde torjan virus is no longer active on the system.

5.) Cleanup the malicious registry entries and the malicious file. To do this, go back into the Windows Registry Editor and in the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Windows\Current Version\

Delete any registry key that starts with a * under the RUN entry variations (RunOnce, RunEx, etc…). Then go back to the malicious file you removed permissions on in Step 3.) and add full access control to it for yourself. Save the changes and then delete the file permanently (CTRL+Delete).

Once you have removed Virtumonde from your computer using either the automatic or manual method, make sure to block it and other malicious software using a HOSTS file. We recommend downloading the HOSTS file from here, which contains a complete, up-to-date list of malicious websites.


If this article has helped you, please take this time to share it with Digg using the Digg button (see Digg share button to the left) or retweet it using Twitter (see retweet button to the left). You may also want to follow us on Twitter to keep up-to-date with the latest spyware prevention tips and spyware threats. If you'd rather follow us from your Facebook account, please join our Facebook fan page.

Recommended Spyware Blocker Download
July 26th, 2009 | Tags: , , , , , , , , , , , | Category: Threats

What's your opinion?

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>