How can I remove the Virtumonde virus when I cant find it?

He's got little bug on there that's hiding itself good. Hopefully Vundofix will get rid of it. The descriptions found on this one are like the one seen at the f-secure.com link where it will create new entries and change file names to keep itself hidden. After you see the host file removed post a few followup logs after a few days to see what else comes up. You'll probably hear: "Not this crap again... come on! :mad: ggrrrr... ". It works like a self duplicating I-Worm.
 
PC eye said:
You can post 100 logs but the real thing needed there is a good drive sweep. Did AVG point out any specifics like location? You would seem to have a trojan downloader buried on your hard drive you need to locate and remove. I think you will end up having to have PC-cillin perform a "House Call". http://housecall.trendmicro.com/
Click to expand...

I tried house call and got nowhere. After 1 hour it was only 3% done. It seems it requires me to submit the entire contants of my harddrive over the net to their server. Well on a 512 kbps upload cable connection that would take weeks to do. I ran Vundo and the same thing happens that always happens. It finds two problems ad try remove them and cant so it restarts. Ten when it restarts it tries again and still cant and the lets it go.

It seems anti spyware programs are as useful at removing viruses as randomly deleting files is…. Maybe I should try randomly deleting files? :P:P:P I am pretty sure its Vurtimonde doing all this bull shit because 100% of the pop up add are adds for antivirus software and Virtumonde displays those types of adds.

Also AVG is constantly detecting viruses. About 3 - 8 per hour. Sometime three in a row. I found almost all the viruses it finds are in the IE7 temp internet files folder. I have deleted the files in there over and over and it still finds viruses in there so something is downloading them.

I think my only option is to reformat.
 
Also I read that Virtumonde hijacks IE7 to display adds. Well if so would reinstalling IE7 fix te problem? Or is it not part of IE7; it just hijacks it?
 
Once you reinstall IE even with 6.0 it cuts the connection between that and any hijacker due to the new set of registry values created. But seeing AVG constantly flagging new items clearly shows that something you put on probably came with something else like a trojan downloader. You still want to kill off that once you find it.

Once you have a location simply boot up in safe mode if you need to just to get rid of it. The description seen at pctools points right at what I've been saying all along on this.
Spyware Research > Infections > Virtumonde

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.
Name:VirtumondeRisk Level:
threat_elevated.gif
Description:Virtumonde modifies the Windows Internet connection mechanism and display various pop-up advertisements.Type:Adware, TrojanAlso known as:Trojan-Downloader.Win32.Agent.br [Kaspersky] Trojan.Win32.AgentRemoval:This infection can be removed using Spyware Doctor.
http://www.pctools.com/mrc/infections/id/Virtumonde/

Some additional instructions for manual removal as well as other variations of this type of adware/hijacker/downloader show how involved this one gets. It's another set of registry values also shown to look for. http://411-spyware.com/remove-virtumonde
 
You must log in or register to reply here.
Back
Top