VirtuMonde
Posted: April 4, 2005
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 333 |
| First Seen: | July 24, 2009 |
|---|---|
| Last Seen: | July 10, 2021 |
| OS(es) Affected: | Windows |
VirtuMonde is an adware program that downloads and displays targeted pop-up adverts. VirtuMonde may hijack your browser to unwanted advertising-related sites. In addition, VirtuMonde may monitor your Web surfing habits so it could bombard you with hundreds targeted ads.
Aliases
Generic27.WQD [AVG]W32/Agent.SFM [Fortinet]TR/Offend.KD.543552 [AntiVir]Heur.Suspicious [Comodo]Trojan.Generic.KD.543552 [BitDefender]Trojan.Win32.Lampa.qst [Kaspersky]Win32:Cidox-AM [Trj] [Avast]Win32/Agent.SFM [NOD32]Artemis!CCFA5FA2D6F2 [McAfee]Trj/Genetic.gen [Panda]Agent_r.BMO [AVG]W32/Agent.SFMX!tr [Fortinet]Trojan.Win32.Lampa [Ikarus]TR/Vundo.OD.2150 [AntiVir]Trojan.Mayachok.1 [DrWeb]
More aliases (1439)
More aliases (1439)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:SbCIe02b.dll
File name: SbCIe02b.dllSize: 208.89 KB (208896 bytes)
MD5: 908388713dc2e96068e2591ac67c54b7
Detection count: 94
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
ddcbabx.dll
File name: ddcbabx.dllSize: 26.67 KB (26678 bytes)
MD5: 19fb333000f260fd534c63945483994d
Detection count: 93
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
iifddby.dll, yaywttq.dll
File name: iifddby.dll, yaywttq.dllSize: 26.69 KB (26694 bytes)
MD5: 2f287e9392c950158148779c9364e6a0
Detection count: 86
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
vturspo.dll
File name: vturspo.dllSize: 26.69 KB (26694 bytes)
MD5: f5236876d4cd7c1f430b8de50b250701
Detection count: 84
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
ssqrs.dll
File name: ssqrs.dllSize: 266.33 KB (266336 bytes)
MD5: 2f73da71f31c691081a8b08ccad4e81c
Detection count: 76
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
winsrc.dll
File name: winsrc.dllSize: 311.81 KB (311816 bytes)
MD5: 6dc59cd4a45f96cc27b2a9d710f7abc2
Detection count: 75
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
nnnmmlk.dll
File name: nnnmmlk.dllSize: 31.25 KB (31254 bytes)
MD5: cbe9e81aa9d4ff26dde8c35839c55fd0
Detection count: 72
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
awtqqnl.dll
File name: awtqqnl.dllSize: 26.69 KB (26694 bytes)
MD5: a235f52ad905ec89f9c9632f9a94dbe8
Detection count: 66
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
mllkk.dll
File name: mllkk.dllSize: 266.33 KB (266336 bytes)
MD5: 0b04c48ec47c70bba5d173bcaa61f58c
Detection count: 63
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
sstrs.dll
File name: sstrs.dllSize: 266.33 KB (266336 bytes)
MD5: 0c053e21700e83a163b50c18108268e1
Detection count: 62
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
pmnno.dll
File name: pmnno.dllSize: 262.7 KB (262708 bytes)
MD5: fe192ced601812e3f46825b3a094e729
Detection count: 62
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
ssttr.dll
File name: ssttr.dllSize: 262.7 KB (262708 bytes)
MD5: 10b582828eaf28c34d23de94fb0f7c1b
Detection count: 61
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%TEMP%\ljiijj.dll
File name: ljiijj.dllSize: 90.11 KB (90112 bytes)
MD5: 71a371a6c8e9f3cca00da9f0cc41830f
Detection count: 60
File type: Dynamic link library
Mime Type: unknown/dll
Path: %TEMP%
Group: Malware file
Last Updated: November 30, 2010
iifdcdb.dll
File name: iifdcdb.dllSize: 35.32 KB (35328 bytes)
MD5: 56f180294d5d47128936f9a34318a83b
Detection count: 51
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
ssqrp.dll
File name: ssqrp.dllSize: 307.8 KB (307808 bytes)
MD5: 0f90394deda6937ac102fecb79745a7b
Detection count: 50
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
ssttr.dll
File name: ssttr.dllSize: 263.22 KB (263220 bytes)
MD5: 9f92318dd66ceed357fdb9e82e0b9dfa
Detection count: 50
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%USERPROFILE%\?????????????? ????????\microsoft_dumpflop_.exe
File name: microsoft_dumpflop_.exeSize: 86.52 KB (86528 bytes)
MD5: ccfa5fa2d6f21f9f722cc198acc11f97
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\?????????????? ????????
Group: Malware file
Last Updated: March 29, 2013
mljkkhf.dll
File name: mljkkhf.dllSize: 31.25 KB (31254 bytes)
MD5: 3eba5d5ee0d0833b75babc403c46f764
Detection count: 11
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
More files
Registry Modifications
The following newly produced Registry Values are:
CLSID{60EDCEE2-B6AF-4F2E-BB15-14F101364B47}{837B45D6-BF85-457D-AABF-6D2E7815F791}{AD72687B-CF83-4463-8E95-2CB3198CA5F6}{D7336D32-62F7-43B5-8B8C-3963C72CA498}{E180F496-8A4B-44E2-9FE0-0364E345DB7F}{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
CLSID{60EDCEE2-B6AF-4F2E-BB15-14F101364B47}{837B45D6-BF85-457D-AABF-6D2E7815F791}{AD72687B-CF83-4463-8E95-2CB3198CA5F6}{D7336D32-62F7-43B5-8B8C-3963C72CA498}{E180F496-8A4B-44E2-9FE0-0364E345DB7F}{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
Will your virtumonde remover actually remove virtumonde from my computer? So far the other "remover" programs I have tried could not successfully remove it.
Chaz Dragon, VirtuMonde is a very mutating parasite and it's almost impossible that every anti-spyware program may fully remove it. If our remover wouldn't remove VirtuMonde from your computer you can contact our support team and they will help you to remove it.
How do I get rid of VIRTUMONDE.DLL I can get rid of parts of it but it keeps coming back. help
I have run both scans of Norton, and Ad Aware attempting to remove Virtumonde. These have picked it up, but then, with it's insideous nature, it still manages to infect my system. I wonder too, may this relate to the fact that my windows updates have been disabled, and additionally may be preventing me from re-enabling updates?
I have the same problem as Garry. I have used S&D and found where the dll are but I can\'t delete them no matter what I try. My windows updates have been disable and so has my system restoring. its even preventing me from accessing certain sites.
I have tried to manually remove Vitrumonde but I can't even locate it, i've searched in "My Local Harddrive" and "My Computer" and even System files and hidden files. Nothing. I have Ad-Aware and AVG Free, both can locate it, and they say it goes into the Quarantine, yet stil it gets out and infects my computer. I can't go to certain sites anymore either. Please helppp
My computer was recently infected with this, but I was able to clear it up after some research. The article on Wikipedia.org covers the symptoms, and has some useful information, but does not tell how to remove the virus. The information in the article above on this page is only marginally useful.
The real problem is that the critcal Windows system file "winlogon.exe" is infected. Everytime your computer boots, winlogon runs and, if infected, creates the random DLL files (if necesary) and runs them too. But you can't delete winlogon.exe (Windows won't let you).
So here is what I did:
1) I killed the VirtuMonde process in the manner outlined above.
2) I searched my entire "My Computer" for "winlogon.exe". I found it in "C:\WINDOWS\system32", and also in "C:\WINDOWS\ServicePackFiles".
3) Looking at both winlogon.exe files, they both had identical file sizes and dates of creation/modification. But I suspected the one in the system32 folder was infected (and the date on it was manipulated to make it look unmodified).
4) Windows wouldn't let me delete system32/winlogon.exe. So I renamed it "infected_wnlogon.exe". I then copied "ServicePackFiles/winlogon.exe" over to "system32/winlogon.exe". Windows put up some pop-up dialog about system files or something (I don't remember, exactly), but the copy did proceed.
5) I rebooted the computer and no VirtuMonde process was running !
6) I went to the Windows Registry (start it by using the method outlined above).
I didn't write down and remember exactly what I did, but I searched for VirtuMonde and deleted that registry entry. Then I searched a long time through a lot of things for "Control Panel" and "Screen Saver" (or "ScreenSaver") and found the registry entries for the bogus screensaver and wallpaper. I deleted those files and registry entries.
7) Also in the registry, there are display (hide) flags that if set to "1" will prevent the "Screensaver" and "Background" tabs from appearing in the Control Panel / Display dialog. It was late at night and I don't remember which tag names they were, but if you search around for "NoDisplay" or something like that, you will eventually find them.
8) I then rebooted my computer, deleted the file "C:\WINDOWS\system32\infeced_winlogon.exe", and lastly I went to the Contol Panel / Display dialog to set a new screensaver and desktop background.
I have tried to manually remove Vitrumonde but I can't even locate it, i've searched in "My Local Harddrive" and "My Computer" and even System files and hidden files. Nothing. I have Ad-Aware and AVG Free, both can locate it, and they say it goes into the Quarantine, yet stil it gets out and infects my computer. I can't go to certain sites anymore either. Please
i had a virtumonde virus and 3 files in memory were infected, **when i changed the background it turned into blue, my updates were disabled, and there were many popups who say that my pc is infected and i can download a free antivirus(DO NOT PRESS DOWNLOAD!!! the virtumonde makes this window appear and its a VIRUS!!!)when i surfed the internet. my antivirus could not remove the virtumonde dll files in the memory so i went into my hard disc(C/WINDOWS/SYSTEM32/(dll file name)) manually,found the dll files and tried to delete them but i couldnt from there. so i moved them at the desktop rebooted the pc and then i could delete them!!! every time i start my pc since then there is a message saying that *the ddl file was not found.i was very happy. my background was not anymore blue when i changed it , i enabled my updates and there were no popups. when the window that appeared when i turned on my pc stopped appearing* there were the same symptoms** now im trying to get rid of it again any help???
I have the same problem with vitrumode that carlos and garry have. This is a nasty virus that I can't seem to get rid of. I have run spydoctor multiple times and it detects this trojan and then after rebooting it returns again. It is also preventing me from going to any antimalware websites. I get redirected or I get the page cannot be displayed screen. I'm running out of ideas here. I even downloaded malwarebytes onto a flash drive and tried to open it on the infected computer only to find out that it would not open. PLEASE HELP!!!!
um....im not even sure its affecting my comp but i watch my spybot scan, and it always spends like 20 mins scanning virtumonde files and such...my computers not slow, but i find it odd that there are so many files of it, especially after deleteing it, is my computer just lucky that its not being infected? also is it possible to get rid of it? ive been trying for nearly a year 😀
I keep getting a request to disable task manager, and I keep saying no! yet, my automatic updates and my firewall keeps being turned off by this virus. I have tried to delete it in the reg, no luck, I noticed lass.exe , navw32.exe, svchost.exe, winlogon.exe, smssexe, ctfmon.exe, csrss.exe, fsuiexe, in safe mode, in regular wow!!!!!! they running and when I try to kill or stop the process it won let me.
it keeps saying this is critical system file, and refuses.
the computer wont let me open the system32 file even in safe mode
please assist me to delete this worm
This is the most irritating virus and the more you delete the more it duplicates itself
I am so mad, now, it is blocking all my antivirus, my folders, and just plug in the internet it replicates.
Imagine vundo cannot detect it, and virtumomde be gone cannot detect it, the only thing detecting it is spybot and ad-aware, and they both cannot remove it.
The best is if you kill the process or delete it, immediately it starts to restart your computer.
I am convinced this is a new leg of the virus
I am sure this one has not been seen anywhere.
this is a new migrated virtumonde virus!!!!
the date on the file I downloaded was january 2009 this is new!!
what I do not understand is if you cannot start your computer how is it that they want you to buy their anti virus, I believe this virus was created for a reason.
the task manger will not kill it even at command prompt, want a challenge with this new and evolved virus.
Created by some very skilled people.
If i wipe my harddrive and re install windows-will it compleatly kill Virtumonde?or is there still reminante of it ? pls help
this is second time that my computer has been infected by maliciuos virtumonde. it\'s very very difficult to deal or delete it\'s. but i wonder how can i remove this virtumonde without problem in first time...hmm.. but this second time when i try to delete it\'s, i has encounter some serious problem on my laptop cause by this virtumonde and the problem is it\'s make my computer lock with password when reboot and can\'t repaired... it\'s crazy enough to deal with this problem with lack of knowledge.....arrrggg.. who the hack that make this mess....
I found the files as ZIP files and they were not easy to find.....they were in recovery
I have virtumonde and zlob.Should I dump the computer or can it be fixed
this particular parasite is the worst i've ever had.. i just had to reformat my hard drive and start all over.. THEN, after i loaded my backup files, it was infected again.. 🙁 i wish whoever created this would die by way of a potato peeler.
After doing a full search I found a zipped Virtumonde file in one of my free spyware packages, it wasn't showing as quarantined but was sitting in a recovery file.
Its really unfeare -hackers infect system and we have to dig out for any programs to remove this viruses-why Microsoft didnt made a free program to kik out this Virus/I personally dont have any bank acc/Wat is the solution?
Feel frastraited a lot !!