VirtuMonde
VirtuMonde Description
VirtuMonde is an adware program that downloads and displays targeted pop-up adverts. VirtuMonde may hijack your browser to unwanted advertising-related sites. In addition, VirtuMonde may monitor your Web surfing habits so it could bombard you with hundreds targeted ads.
Aliases
Generic27.WQD [AVG]W32/Agent.SFM [Fortinet]TrojanDropper.Cidox.shx [Jiangmin]TR/Offend.KD.543552 [AntiVir]Trojan.Win32.Generic.pak!cobra [VIPRE]Heur.Suspicious [Comodo]Trojan.Generic.KD.543552 [BitDefender]Trojan.Win32.Lampa.qst [Kaspersky]Win32:Cidox-AM [Trj] [Avast]TROJ_GEN.R49C7BR [TrendMicro-HouseCall]
More aliases (1439)
VirtuMonde Automatic Detection Tool (Recommended)
Is your PC infected with VirtuMonde? To safely & quickly detect VirtuMonde, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect VirtuMonde
What happens if VirtuMonde does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 winsrc.dll 372 2 dsnltn.dll 314 3 lemaba.dll 314 4 mljgf.dll 234 5 kadpbbdr.dll 234 6 vumer.dll 220 7 temlxopqgdk.dll 145 8 ljjhgee.dll 44 9 wvwxv.dll 37 10 pmnnn.dll 21
More files
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}Microsoft\Windows NT\CurrentVersion\Winlogon\Notify, value: khfDtUnoSoftware\Microsoft\Internet Explorer\Explorer Bars, value: {83B28A74-640D-48F4-9F51-E80EED7CC7E0}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {A05DA7E0-383C-4E99-A72A-742050A152A2}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {AD72687B-CF83-4463-8E95-2CB3198CA5F6}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {5FCD13AC-B899-4EF7-BD3E-C959EFBFB753}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, value: {AFFCBA64-651F-43DD-97BC-684C179618A5}SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, value: dtseqrxkHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}2chkdsk904598c7cbgzgdqtgf1.0.0.2kopCFEWV.exe - The following CLSID's were detected:
HKEY..\..\{CLSID Path} {E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC}{A14F7F83-6C53-46E9-943B-67CDB7BC64F7}{5AF36D53-E172-430C-931E-4A4C73998713}{b2c92af1-09fe-4ef9-a6c3-5be47f3e7ec4}{0B014B81-4E12-46F9-806F-55867AF8FD3C}{3f6cf36c-f0e1-45e8-83f3-6b47bd627cdd}{88e08cea-356c-47ac-9c50-d5c82f50da13}{d8d0722e-445a-444e-a614-6dafb600d78b}{9d0e88ac-5012-43a4-8f3d-cfc5d9ad685d}{38637efe-db1a-483c-a98c-b94df9c8c130}{965f4cc8-42a4-45e5-b0ed-8677fb675aa4}{472c09de-3502-414d-b39b-0afd6efa4bca}{111479C2-D213-4ACA-899F-DDC6FE2A637B}{17E9C4F4-43D5-41FF-9BE8-8847AFC260C4}{87C4EC40-45E0-4795-8468-ED8F87056A59}{084677b7-fc41-4e07-9c41-08d2d3697b0c}{178d586e-b3d6-4548-b34c-7c1ffbfcdca7}{e8b78529-d710-4e8b-957e-897ecfda658d}{d76ea4c0-5b1b-4ceb-b265-140e51c6b012}{AF209DB6-29BB-4F8B-84E8-2056EA999610}{fb55919c-72fa-4b2c-8e11-c563d0268004}{b759fdbe-71e0-48b3-8d24-698371c66e6c}{5248db72-612a-4475-b7c8-275de6aec6cb}{5102b002-845b-4545-8c80-fdf9cf4a910b}{a2a4374d-86be-4a53-96aa-de8d5c353558}{f29ac8c0-9bf7-49f6-89a6-56f4a920a9ac}{b299062f-1444-40af-b413-1b0b0d774129}{03ce200e-8abf-4048-a20e-fdec08f7c2b1}{a42c261d-6894-412d-a472-326f7d6208d9}{2c09d555-e7ea-44d7-aa02-77fa0c8c5637}{11EDF9E4-A3CE-44B8-8DBB-64948F77B808}{14315df3-d035-49e2-949b-ae8c2a23c739}{4cab59b4-55a3-4737-9fd5-b93c6430bf76}{519AD75B-6F4F-4E48-B7C9-3793CE64B509}{ca00c181-714f-4d26-acb0-b0f33c6439e5}{7be88cbc-6d7b-4a98-857e-6c65523b813f}{B0B3393C-62D1-44D8-ABF5-08E0F067F29E}{A63E645F-13BD-45ED-B15F-6E8C1BD57279}{0524B01A-F7AF-4665-8BE1-BE460478A4FF}{3c7e20d1-e787-4e3b-8dac-a7687d1899ff}{505964f0-9ad9-41a7-9ffb-49c060d720ce}{a6cefe49-8b87-471d-a1ce-495714b78b80}{01178AD0-E0BA-4624-A2A7-2FF828A80844}{4d58f285-10b4-48d5-a378-63102081359e}{5d89cb9c-f2a1-43a5-a6fd-bdbf3688747b}{55900762-469d-421f-9268-162d00bc2ab3}{75ABCF92-9764-4DFA-A83F-5142C3905052}{03b9c36c-139b-40df-a510-c3224aedf48f}{237873d9-d1b9-42b6-987b-f086140b383e}{037E77C2-A153-4A29-8D9A-16A031629FFd}
Posted: April 4, 2005 | By SpywareRemove
MoreThreat Level: 2/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 909
Its really unfeare -hackers infect system and we have to dig out for any programs to remove this viruses-why Microsoft didnt made a free program to kik out this Virus/I personally dont have any bank acc/Wat is the solution?
Feel frastraited a lot !!
After doing a full search I found a zipped Virtumonde file in one of my free spyware packages, it wasn’t showing as quarantined but was sitting in a recovery file.
this particular parasite is the worst i’ve ever had.. i just had to reformat my hard drive and start all over.. THEN, after i loaded my backup files, it was infected again..
i wish whoever created this would die by way of a potato peeler.
I have virtumonde and zlob.Should I dump the computer or can it be fixed
I found the files as ZIP files and they were not easy to find…..they were in recovery
this is second time that my computer has been infected by maliciuos virtumonde. it\’s very very difficult to deal or delete it\’s. but i wonder how can i remove this virtumonde without problem in first time…hmm.. but this second time when i try to delete it\’s, i has encounter some serious problem on my laptop cause by this virtumonde and the problem is it\’s make my computer lock with password when reboot and can\’t repaired… it\’s crazy enough to deal with this problem with lack of knowledge…..arrrggg.. who the hack that make this mess….
If i wipe my harddrive and re install windows-will it compleatly kill Virtumonde?or is there still reminante of it ? pls help
I keep getting a request to disable task manager, and I keep saying no! yet, my automatic updates and my firewall keeps being turned off by this virus. I have tried to delete it in the reg, no luck, I noticed lass.exe , navw32.exe, svchost.exe, winlogon.exe, smssexe, ctfmon.exe, csrss.exe, fsuiexe, in safe mode, in regular wow!!!!!! they running and when I try to kill or stop the process it won let me.
it keeps saying this is critical system file, and refuses.
the computer wont let me open the system32 file even in safe mode
please assist me to delete this worm
This is the most irritating virus and the more you delete the more it duplicates itself
I am so mad, now, it is blocking all my antivirus, my folders, and just plug in the internet it replicates.
Imagine vundo cannot detect it, and virtumomde be gone cannot detect it, the only thing detecting it is spybot and ad-aware, and they both cannot remove it.
The best is if you kill the process or delete it, immediately it starts to restart your computer.
I am convinced this is a new leg of the virus
I am sure this one has not been seen anywhere.
this is a new migrated virtumonde virus!!!!
the date on the file I downloaded was january 2009 this is new!!
what I do not understand is if you cannot start your computer how is it that they want you to buy their anti virus, I believe this virus was created for a reason.
the task manger will not kill it even at command prompt, want a challenge with this new and evolved virus.
Created by some very skilled people.
um….im not even sure its affecting my comp but i watch my spybot scan, and it always spends like 20 mins scanning virtumonde files and such…my computers not slow, but i find it odd that there are so many files of it, especially after deleteing it, is my computer just lucky that its not being infected? also is it possible to get rid of it? ive been trying for nearly a year
I have the same problem with vitrumode that carlos and garry have. This is a nasty virus that I can’t seem to get rid of. I have run spydoctor multiple times and it detects this trojan and then after rebooting it returns again. It is also preventing me from going to any antimalware websites. I get redirected or I get the page cannot be displayed screen. I’m running out of ideas here. I even downloaded malwarebytes onto a flash drive and tried to open it on the infected computer only to find out that it would not open. PLEASE HELP!!!!
i had a virtumonde virus and 3 files in memory were infected, **when i changed the background it turned into blue, my updates were disabled, and there were many popups who say that my pc is infected and i can download a free antivirus(DO NOT PRESS DOWNLOAD!!! the virtumonde makes this window appear and its a VIRUS!!!)when i surfed the internet. my antivirus could not remove the virtumonde dll files in the memory so i went into my hard disc(C/WINDOWS/SYSTEM32/(dll file name)) manually,found the dll files and tried to delete them but i couldnt from there. so i moved them at the desktop rebooted the pc and then i could delete them!!! every time i start my pc since then there is a message saying that *the ddl file was not found.i was very happy. my background was not anymore blue when i changed it , i enabled my updates and there were no popups. when the window that appeared when i turned on my pc stopped appearing* there were the same symptoms** now im trying to get rid of it again any help???
I have tried to manually remove Vitrumonde but I can’t even locate it, i’ve searched in "My Local Harddrive" and "My Computer" and even System files and hidden files. Nothing. I have Ad-Aware and AVG Free, both can locate it, and they say it goes into the Quarantine, yet stil it gets out and infects my computer. I can’t go to certain sites anymore either. Please
My computer was recently infected with this, but I was able to clear it up after some research. The article on Wikipedia.org covers the symptoms, and has some useful information, but does not tell how to remove the virus. The information in the article above on this page is only marginally useful.
The real problem is that the critcal Windows system file “winlogon.exe” is infected. Everytime your computer boots, winlogon runs and, if infected, creates the random DLL files (if necesary) and runs them too. But you can’t delete winlogon.exe (Windows won’t let you).
So here is what I did:
1) I killed the VirtuMonde process in the manner outlined above.
2) I searched my entire “My Computer” for “winlogon.exe”. I found it in “C:\WINDOWS\system32″, and also in “C:\WINDOWS\ServicePackFiles”.
3) Looking at both winlogon.exe files, they both had identical file sizes and dates of creation/modification. But I suspected the one in the system32 folder was infected (and the date on it was manipulated to make it look unmodified).
4) Windows wouldn’t let me delete system32/winlogon.exe. So I renamed it “infected_wnlogon.exe”. I then copied “ServicePackFiles/winlogon.exe” over to “system32/winlogon.exe”. Windows put up some pop-up dialog about system files or something (I don’t remember, exactly), but the copy did proceed.
5) I rebooted the computer and no VirtuMonde process was running !
6) I went to the Windows Registry (start it by using the method outlined above).
I didn’t write down and remember exactly what I did, but I searched for VirtuMonde and deleted that registry entry. Then I searched a long time through a lot of things for “Control Panel” and “Screen Saver” (or “ScreenSaver”) and found the registry entries for the bogus screensaver and wallpaper. I deleted those files and registry entries.
7) Also in the registry, there are display (hide) flags that if set to “1″ will prevent the “Screensaver” and “Background” tabs from appearing in the Control Panel / Display dialog. It was late at night and I don’t remember which tag names they were, but if you search around for “NoDisplay” or something like that, you will eventually find them.
I have tried to manually remove Vitrumonde but I can’t even locate it, i’ve searched in "My Local Harddrive" and "My Computer" and even System files and hidden files. Nothing. I have Ad-Aware and AVG Free, both can locate it, and they say it goes into the Quarantine, yet stil it gets out and infects my computer. I can’t go to certain sites anymore either. Please helppp
I have the same problem as Garry. I have used S&D and found where the dll are but I can\’t delete them no matter what I try. My windows updates have been disable and so has my system restoring. its even preventing me from accessing certain sites.
I have run both scans of Norton, and Ad Aware attempting to remove Virtumonde. These have picked it up, but then, with it’s insideous nature, it still manages to infect my system. I wonder too, may this relate to the fact that my windows updates have been disabled, and additionally may be preventing me from re-enabling updates?
How do I get rid of VIRTUMONDE.DLL I can get rid of parts of it but it keeps coming back. help
Chaz Dragon, VirtuMonde is a very mutating parasite and it’s almost impossible that every anti-spyware program may fully remove it. If our remover wouldn’t remove VirtuMonde from your computer you can contact our support team and they will help you to remove it.
Will your virtumonde remover actually remove virtumonde from my computer? So far the other "remover" programs I have tried could not successfully remove it.