You are not logged in. Please register or login.
- Topics: Active | Unanswered
Pages: 1
Re: Virtumonde / Vundo - Virus Removal Info.
Thought I should post up a note incase anyone else gets this virus on there computer. I've been trying to remove it for over a week now and the fucker is still raping my PC 
Not expecting many replies but hopefully a few will remember this post (or find it accidentally through a SE) should they be infected one day.
As the virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, and when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojans dll file. Many virus removal programs will remove some of the trojan-created hidden files but not the actual running DLL. The DLL cannot be removed because the file is in use as soon as Winlogon starts. If some but not all of the trojan's files are removed, it will make a new DLL with a different random name
So far I've tried using Norton Antivirus, AVG, Spybot Search&Destroy and Spyware Doctor.
I have tried removing the DLLs manually using "ListDlls" to find the DLLs, then "PendMoves" to delete the DLLs when Windows reboots. The virus just respawns as soon as I connect to the internet and starts downloading more shit to my PC. A good reference for manually finding and deleting the DLLs can be found here (I have this document saved incase it ever disappears).
Tomorrow I'll be manually removing the DLLs again, and then running Spyware Doctor in Windows Safe Mode. When I previously ran Spyware Doctor it found 89 infections on my PC related to Virtumonde and removed them all ~ however I still get popups
When I successfully get rid of the virus I'll post up the exact method and tools used to remove it. Hopefully none of you find yourselves infected with this though. I picked it up through a torrent downloaded from isohunt.com so only have myself to blame really.
My PC is going slow, I cant access Google search results (or Yahoo for that matter) and popups keep offering to "find sexy singles in Dundee" 
When I try and find information on removing the virus (which I have to do through live.com) it only finds crappy spyware-filled products 
Pages: 1
