Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Virtumonde and Vundo

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Virtumonde and Vundo

Reply to Message Icon

Name: Mikey S.
Date: November 14, 2005 at 21:08:02 Pacific
OS: Win XP Home
CPU/Ram: P4 1.6 GHz/512MB
Comment:

I'm trying to help a relative with a trojan/spyware problem. They keep getting spyware called Virtumonde and a trojan called Vundo. I've already taken care of the problem once and yet the darn thing is back. I'd like to know where this thing is coming from.
If it's from something already on the computer, a website, a windows exploit, an open port, etc.

Does anyone know where Virtumonde and Vundo come from or how you get them?



Sponsored Link
Ads by Google

Response Number 1
Name: Abnormal
Date: November 15, 2005 at 03:10:49 Pacific
Reply:
0

Response Number 2
Name: DSE
Date: November 15, 2005 at 12:09:43 Pacific
Reply:

Hi, Mikey

To get rid of the parasites do the following:
1. Download and install a reliable anti-spyware program. I suggest Microsoft AntiSpyware Beta.
2. Update your spyware emover.
(3. Optional) Boot your computer into Safe Mode.
4. Scan the system and remove all the objects related to Vundo, VirtuMonde and other parasites.

You also can manually remove both Vundo and VirtuMonde threats. Follow these manual removal instructions: for Vundo, for Vundo.b, for VirtuMonde (aka VirtuMundo). Please note that manual removal requires some knowledge.


0

Response Number 3
Name: Eggprotector
Date: November 23, 2005 at 22:19:27 Pacific
Reply:

Alternate manual solution:

I tried all the steps in the earlier Vundo discussion (see http://www.computing.net/security/wwwboard/forum/15697.html ) and was unable to remove the Vundo virus. The symantec fixvundo.exe program never picked it up and using normal anti-virus scans would remove it from the registry but was unable to delete the .dll file because it was in use by a system program.

My solution:
1. Used Symantec Anti-virus to determine the name of the vundo .DLL file and to clean it from the registry.
2. Used HijackThis.exe to determine the location of the .DLL file.
3. Wrote down the file name and location.

4. Restarted my computer and booted up using my Windows XP installation CD to provide the operating system. This allowed me command prompt access without running the Vundo .DLL file. I was able to delete the .DLL file since it wasn't being used by WINLOGON.exe or EXPLORER.exe. The virus is gone.

If you need a copy of the Windows XP CD you can download it online for $50 and then burn it onto a CD.

Neil


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Virtumonde and Vundo
Zlob and Vundo Trojan www.computing.net/answers/security/zlob-and-vundo-trojan/21848.html

virtumonde and errors! www.computing.net/answers/security/virtumonde-and-errors/22229.html

cannot get rid of zlob and vundo www.computing.net/answers/security/cannot-get-rid-of-zlob-and-vundo/24015.html