Jigsaw Boys » virtumonde http://www.jigsawboys.com Security, Network and Computer Tech Tip Database! Wed, 17 Aug 2011 22:59:12 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Howto: Remove Virtumonde http://www.jigsawboys.com/2008/08/16/howto-remove-virtumonde/ http://www.jigsawboys.com/2008/08/16/howto-remove-virtumonde/#comments Sat, 16 Aug 2008 09:58:05 +0000 Jamsi http://www.jigsawboys.com/?p=149 If you’ve managed to attract the known trojan VirtuMonde – then you’re in trouble. This nasty trojan is known to act as a rogue antispyware program, showing advertisments and popups on your machine. Not only will it make your machine run slow, but also is known to perform denial of service attacks on websites of the attackers choosing.

Technical Details

If you’re receiving popups that advise you to install software to fix “system deterioration”, then you most likely have the Virtumonde trojan. Other symptoms include disabling the windows registry editor and hiding the taskbar.

Removal

The first step in removing the trojan is to stop it from starting up apon startup.
Delete the following registry keys. (If not possible, launch regedit from safe mode)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”WindowsUpd”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”SysUpd”

Because this trojan generates randomly named dll files in your windows/system32/ folder – we cannot suggest an exact guide to removing the virtumonde trojan. Instead you’ll need to download an up to date Anti-Virus engine in order to scan your entire system, and remove this virtumonde trojan.

Don’t have a virus scanner? Try Kaspersky’s 30 day free trial.

No related posts.

]]> http://www.jigsawboys.com/2008/08/16/howto-remove-virtumonde/feed/ 3