Win32/Adware.Virtumonde

Win32/Adware.Virtumonde Description


Win32/Adware.Virtumonde is an imaginary Trojan name used to threaten and trick users into buying the rogue anti-spyware application XP-Guard. The user gets infected after downloading the video codec that infects the computer with a nasty Trojan. In most cases, the trojan that infects the PC is called Zlob.

Zlob then displays false warning messages stating “Your browser was hijacked by Win32/Adware.Virtumonde” and recommends to download a rogue anti-spyware program, most probably XP-Guard, to allegedly remove Win32/Adware.Virtumonde. However, XP-Guard will not remove Win32/Adware.Virtumonde or fix your PC of other threats but may actually expose you to more security threats.
Download SpyHunter Spyware Scanner

Win32/Adware.Virtumonde Automatic Detection Tool (Recommended)


Is your PC infected with Win32/Adware.Virtumonde? To safely & quickly detect Win32/Adware.Virtumonde, we highly recommend you run the malware scanner listed below.



File System Modifications

  • The following files were created in the system:
    # File Name
    1 %UserProfile%\Desktop\XP-Guard.lnk
    2 %UserProfile%\Start Menu\Programs\XPGuard\XP-Guard Web Site.lnk
    3 %UserProfile%\Start Menu\Programs\XPGuard\XP-Guard.lnk
    4 c:\Program Files\XPGuard\install.log
    5 c:\Program Files\XPGuard\unwise.exe
    6 c:\Program Files\XPGuard\XP-Guard Web Site.url
    7 c:\Program Files\XPGuard\XP-Guard.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “XPGuard”HKEY_CURRENT_USER\Software\XPGuardHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}XP-Guard
Posted: August 19, 2008 | By
Share:
Follow Me on Pinterest More More
Threat Level: 8/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Home Malware ProgramsTrojans Win32/Adware.Virtumonde

2 Comments

  • Jeff Swope says:
    February 23, 2009 at 12:53 am

    Best way I found to remove it was blow out my partition with fdisk, recreate it and then created a new NTFS partition and used my factory ghost images to restore.

  • RACHEL GOLIATH says:
    September 15, 2008 at 10:50 pm

    I have followed all the steps, my computer could not detect the win32 virus. however this big red warning is still stuck on my screen!

Leave a Reply

What is 13 + 15 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)