Virtumonde, which is also known as Vundo and Virtuemondo, is a dangerous Trojan that completely ruins the user’s web-browsing experience. The Trojan Virtumonde has a large number of variants which give different forms of malicious activity. However, the main function of Virtumonde is to promote rogue security software. Virtumonde reaches the user via legitimate-looking spam emails which warn the user of security threats and ask them to view some web links sent to them through the email.
When the user clicks on these links, the browser is redirected to malicious websites which install Virtumonde on the computer. Once installed, the Trojan Virtumonde immediately disables the firewall and any other legitimate security software that may be installed or the system. In some cases Virtumonde completely deletes all anti-malware applications installed on the system. Virtumonde also changes the desktop background to a warning that states that the user should download and install specific rogue security software to protect their computer. It also changes the screensaver to the much-feared ‘blue screen’ of Windows, with a fake text warning that states that the user’s system is under attack from viruses and that they should immediately download and install a specific rogue security application.
Google searches conducted by the user will be redirected to malicious websites which promote rogue security software due to the Browser Helper Objects installed by Virtumonde. The Trojan Virtumonde also disables important system services such as Task Manager, Registry Editor and System Restore in order to prevent its removal.
As Virtumonde is a dangerous Trojan that harms your computer, you should take steps to remove it as soon as you find a copy on your system. The best choice is to conduct a full system scan using genuine antivirus software such as Spyware Doctor with Antivirus as it is capable to identify threats related to Virtumonde infections.
However, manual removal of Virtumonde is possible as well. In order to do this, it is necessary to unregister its DLLs, delete its files and remove its registry entries. Before you attempt to remove Virtumonde, however, you must restart your system in safe mode.
The first step you must take in order to remove the Trojan Virtumonde is to unregister the following DLLs:
- vzbb.dll
- vturr.dll
Next, delete the following files:
- vzbb.dll
- vturr.dll
- dszigqd.dll
Finally, remove the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WinLogon
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\*[filename]
- HKEY_CLASSES_ROOT\CLSID\{2316230A-C89C-4BCC-95C2-66659AC7A775}
- HKEY_CLASSES_ROOT\CLSID\{8109AF33-6949-4833-8881-43DCC232B7B2}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATLEvents.ATLEvents.1
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316230A-C89C-4BCC-95C2-66659AC7A775}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8109AF33-6949-4833-8881-43DCC232B7B2}
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Active State
After these steps have been completed, you have successfully removed Virtumonde from your computer. However, inexperienced users are discouraged from attempting to remove the Trojan Virtumonde manually, as any mistake made during removal could cause damage to the operating system. You should consider using antivirus software or getting help from a pro.
Outside Resources:
Speak Your Mind