My Computer Is Infected With Virtumonde But Nothing Will Get Rid Of It. Help?
I’m pretty sure it’s Virtumonde. It’s infected both my computers now. It keeps giving me AVSystemCare popups and a few others. I’ve tried AdAware, Spybot S&D, and two specialising in virtumonde: F-vmonde and Vundofix. None of these are picking anything up but I know something is there because I keep getting the AVSystemCare popups. Something like this happened before and I had to get a HJT log so people could help. Anyone have any suggestions for other programs I could use?
You don’t need to buy another computer or do anything else but this. Back up your registry first (to your desktop) and follow these instructions. Print them out so they’ll be easy to follow. Just be certain to follow all the steps in the order they are given. Don’t be afraid to go into your registry and alter it. You have your back-up on the desktop and as an added precaution you may wish to create a restore point through Windows System Restore. To do this click on start…go to All Programs…Go to Accessories…Go to System Tools and put you curser on the arrow which brings out your list of options. Click on System Restore and create your restor point. Good luck!
VirtuMonde Removal
VirtuMonde, an adware application, is highly sophisticated and adept at monitoring your browser activity. VirtuMonde tracks your Internet use and stores the information, using it to generate specific advertisements targeted to the type of content on the websites that you have visited.
VirtuMonde, completely capable of starting up when your computer boots up, adds registry keys and files that permit it to store the information necessary for it to run. Moreover, VirtuMonde adds files to your computer allowing it to store the information that it tracks. Additionally, VirtuMonde can contact a remote server in order to download advertisements to display on the infected computer. Moreover, VirtuMonde can download additional commands from the same server.
VirtuMonde’s use of the computer’s Internet bandwidth can become disruptive, affecting the processing of the computer. In fact, the computer can increase in sluggishness as VirtuMonde usurps more bandwidth for its functioning. VirtuMonde has quite a few aliases and is adept at changing its name while under execution. Some of the known aliases for VirtuMonde include: Virtu Monde, Virtu-Monde, Adware.VirtuMonde, VirtuMonde Spyware, VirtuModne, VirtuMoned, VirtuMonde Virus, VirtuMonde Adware, Adware-Virtumondo, VirtuMnode, VurtuMonde, VkrtuMonde, CirtuMonde, BirtuMonde, VietuMonde, VigtuMonde, ViftuMonde, VirguMonde, ViryuMonde, VirtiMonde, Virtunonde, VittuMonde, FirtuMonde, and VortuMonde.
Removal of VirtuMonde is highly recommended and can be achieved manually. It will be necessary to remove the registry values, processes, DLL files, and additional files associated with VirtuMonde. The process is time consuming and a bit risky since you will need to use the registry editor. However, each file and key needs to be deleted, so it is important that you complete these directions.
Click Start.
Click Run.
Type ‘regedit’.
Click ok to open the registry editor, referred to as regedit.
Click my computer at the top of the box.
Click edit.
Click find.
Type in the one of the keys or files in the following lists, and click find or find next. Begin with the ones that do not start with HKEY, since these are more easily discovered and deleted. Make sure that the box is checked in front of keys, values, and data, so that the regedit looks in the correct places. Regedit should locate a key for you. Right click on the key and delete it by clicking delete in the menu that appeared or on the keyboard.
You will do this one file at a time. After you delete each one, hit the F3 key on your keyboard to reopen the find next box. Continue the process and delete additional bad registry files.
Once regedit indicates that the search is finished, you should click on my computer in the regedit and redo the search to guarantee that you have deleted all possible bad files from this program.
Close the registry editor.
VirtuMonde registry values:
13589181-4f0d-4553-b9f8-b4b72172c139
It is important to realize that deleting files or keys that begin with HKEY involves slightly different steps. Please use the following set of instructions when deleting the files beginning with HKEY included in the following list.
Click Start.
Click Run.
Type ‘regedit’.
Click ok to open the registry editor, referred to as regedit.
Click my computer at the top of the box.
Follow the path given in each value, clicking each folder open to locate the next item in the path until you have reached the last item. Once you have gotten to the last item, you can delete it. Each slash indicates a new folder. VirtuMonde registry values:
HKEY_CLASSES_ROOTatlevents.atlevents
HKEY_CURRENT_USERsoftwaremicrosoftw… currentversionrunonce*winlogon
HKEY_CURRENT_USERsoftwaremicrosoftw…
HKEY_LOCAL_MACHINEsoftwaremicrosoft… currentversionwinlogonnotifycatw
HKEY_LOCAL_MACHINEsoftwaremicrosoft… currentversionwinlogonnotifypsdrv
HKEY_LOCAL_MACHINEsoftwaremicrosoft… currentversionrunwindowsupd
HKEY_LOCAL_MACHINEsoftwaremicrosoft… currentversionrunonce*catw
HKEY_LOCAL_MACHINEsoftwaretargetsoft
Use the uppermost set of instructions to locate and delete these VirtuMonde files:
windowsupd2.exe
winhost.exe
quicken.exe
editpad.exe
lspak.dll
rulesak.dll
cidrules.dll
nwonknu.exe
rasrun.exe
psdrv.exe
svci.exe
unknown.exe
Use the top set of instructions to locate and delete these VirtuMonde DLL files:
lspak.dll
rulesak.dll
cidrules.dll
To locate and remove VirtuMonde processes, you need to complete the following instructions.
Click Start.
Click Search.
Click for files or folders.
Type in the name of the file, one at a time, from the following list of VirtuMondeprocesses.
Click search.
Delete the found files.
VirtuMonde processes:
windowsupd2.exe
winhost.exe
quicken.exe
editpad.exe
nwonknu.exe
rasrun.exe
psdrv.exe
svci.exe
unknown.exe
VirtuMonde may also be removed safely with an anti-spyware removal tool. Simply purchase an up to date version and run.
Try scanning your PC with this to remove it. Its free and safe to use.
SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!
Easily remove over 100,000 pests such as SmitFraud, Vundo, WinFixer, SpyAxe, SpyFalcon, WinAntiVirus, AntiVermins and thousands more!http://www.superantispyware.com
I dont own or work for this software.
* You will probably recieve several answers to your question. Whoever helped you the most,please come back and give that person Best Answer.
GarbageClean antispyware from http://www.SecureMyWindows.com removes Virtumonde
Have you tried running your defenses in Safe Mode? They might find/clean something there they can’t in normal mode.
To get into Safe Mode:
1.Log out and reboot your machine.
2.When the machine starts the reboot sequence, press the F8 key repeatedly.
3.Select Safe Mode from the resulting menu.
4.The machine will continue booting, but the Windows desktop will look different. You won’t be able to see the Internet, for instance. You may have to log in as Administrator to delete the bad files. Administrator often has no password.
5.When you’re finished, log out and reboot back into normal mode.
Good — no, BETTER luck.
Please follow the instructions below if you would like to remove VirtuMonde manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If VirtuMonde remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
‘HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run’
In the right pane, delete the values called ‘WindowsUpd’, ‘WindowsUpd1′, ‘WindowsUpd2′ and ‘WindowsUpd4′, if they exists.
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
%WinDir%WindowsUpd1.exe
%WinDir%WindowsUpd2.exe
%WinDir%WindowsUpd4.exe
Note: %WinDir% is a variable (?). By default, this is C:Windows (Windows 95/98/Me/XP) or C:WINNT (Windows NT/
Unfortunately, the lateat variant of Vundo ( aka Virtumonde) uses rootkit technology to avoid detection and removal. Manual removal probably will be required.
Information here:http://wiki.castlecops.com/Vundo_Rootkit…
Good luck.
It depends on your computer… Go to the Start Menu, All Programs, Accessories, System Tools, System Resttoe. Select Restor My Computer to an Earlier Time. Select a date from before you had the issue. You’ll be prompted to restart. If that doesn’t work… I recommend you wipe the whole machine. Take all of your important files off of the machine (via CD or flashdrive or whatever you have) If you have a dell, hit Ctrl + F11 when the dell logo shows up when you start up. If it is a compaq, hit F10 (or F9, I can’t rememebr which) when the compaq logo shows up during start up. (I’m not sure about any other type of computer) You’ll be guided through the restore process and when its done, your computer should be working again. (FOR ALL OTHER MACHINES… If you have XP, you should try to find the disks that came with your computer. If you have Vista, or didn’t get disks with XP, then you shouldn’t try to burn the disks, (your OS could already be infected) Look online to see how to acess your recovery partition) Hope it helps…
clean install will fix it or recoverydisks
No, but if I were you I would just buy another PC.