Virtumonde (also known as Vundo) is a trojan horse which is very difficult (and often impossible) to remove. Virtumonde is currently considered the worst threat on the internet.
I've had some success removing Virtumonde using 2 freeware standalone removal tools. Download links are further down the page after information and tips to avoid infection.
I've also removed a few Virtumonde infections using Spybot Search & Destroy, and removed a few infections using a combination of the 2 freeware tools and Spybot. You can find information and a download link for Spybot on the Anti-Spyware page or in Downloads links.
Most antivirus programs are not able to prevent infection, and some are specifically targeted by the trojan. Virtumonde can disable Norton Anti-Virus, and then use Norton to download more malware.
You usually get Virtumonde thru a variety of browser exploits. Virtumonde uses BHOs and also thrives on old Java. It is critical that you keep your Java updated.
Avoid installing unneccessary toolbars and plugins.
I've been finding many infected computers running old versions of Java, a lot of Java 6 Update 2.
Because Sun Java has a built in updater, your Java should be up to date- unless you've declined an update.
Check your Java version by visiting Sun Java, or use the Downloads link.
You should also use Firefox as your web browser rather than Internet Explorer, because IE is the most vulnerable browser, and Firefox the most secure. See my Browsers page for information and statistics on IE's long and continuing history of being unsafe, and Firefox's excellence in browser safety.
Before attempting to remove Virtumonde, you should disable System Restore, then boot up into Safe Mode.
To enter Safe Mode, press the F8 key before Windows starts loading, then select Safe Mode from the boot options.
Successful removal depends mostly on how long the trojan has been on your computer, and which variant you're infected with.
The longer that Virtumonde has been on your system, the more likely it is that you'll have to reinstall Windows.
Virtumonde removal is time consuming due to the need to run multiple scans of your computer.
If a tool finds Virtumonde, you can expect to have to reboot and run at least one more scan to ensure removal was complete. One pass with a removal tool is often not enough to remove Virtumonde.
Virtumonde is especially hard to remove because it roots itself deeply into your operating system and then aggressively fights attempts to remove it.
New variants of Virtumonde are appearing constantly, making successful removal even more difficult.
Using HijackThis to remove Virtumonde BHOs has not been successful. Deleting the BHOs causes Virtumonde to immediately create new entries- even before a system restart.
The first removal tool is VundoFix, often referred to as the "free fixing tool".
Numerous web sites and forums recommend this tool. This is the first choice standalone removal tool.
If VundoFix does not remove the infection, then you try the second tool, Norton's FixVundo.
This standalone removal tool from Norton is NOT affected by the trojan.
If both tools fail to remove the infection, then try using Spybot.
Don't forget to disable System Restore and boot up into Safe Mode for scanning.
You can also try using your anti-virus to remove the infection. However, it's been my experience that if the 2 tools and Spybot can't remove the trojan, anti-virus will not be able to remove the infection and Windows will need to be reinstalled.
For further information about Virtumonde, use the FAQ/Glossary, links go to Wikipedia articles. You can also Google search Virtumonde and Vundo for more information.
About Us | Privacy Policy | Contact Us | ©2005-2009 WebSites-n-Services
www.websitesnservices.com
