My computer has somehow caught Win32/Adware.VirtuMonde (Also known as Virtumondo, Vundo trojan, VirtuMonde.C etc...)

I have tried just about everything so far... and this thing is a total pest I've been through numerous AV, spyware, malware scanners and none of them are able to remove it (NOD32, Symantec removal tool, Panda, Hitman Pro etc etc). And the manual instructions I've found have not been helpful as the files and processes they tell me to remove are not to be found (the thing has obviously renewed itself at one point and those instructions don't match anymore ).

Right now I am running the Windows Live OneCare -scan which someone said that will identify all the files (most scanners don't even do that). And then someone was able to remove it by rebooting from Recovery CD and renaming the files. That's my last straw atm... but if it doesn't work... I could really use some help getting rid of this thing

PMed you with the fix. No recovery needed.

Thanks again for the file

Unfortunately it was the same file I tried on my computer yesterday... and it didn't work on my hubby's computer either

Anyway... I ended up doing a whole format c: and reinstalling everything last night. Still busy reinstalling and downloading things. But at least I got a good clean up now It was needed anyway because I haven't formatted this computer since I bought it about 5 yrs ago Running much faster again too

I just hope that nobody else catches that thing... it is really nasty and HARD to get rid of

I'm sorry about your PC :-(

Are you using firefox? If you have the adblock add on you can adblock all the Vundo domains you can and that will help reduce the likelihood of getting it (they are always making new domains so you have to try to keep up with them).

There should be some lists online. I've seen about 3 or 4 new domains in the past week or two, the pages are usually stuck in banners on PTP pages.

This is one that needs blocking that I just came across today:

*webscweb-scannerfree.com*

Thanks

I am indeed using firefox. And I will definately try to find one of those lists and when I do, I'll add all the domains. I definately do not want to catch that thing again

I think the clean up ended up being a good thing though. My PC is a lot faster now and I got rid of all the old stuff (I hadn't done a good clean up in a couple of years). Just too bad it had to be this way...

https://addons.mozilla.org/en-US/firefox/addon/1865

Adblock Plus ^

When it installs and FF restarts, it will give you links to sites with block lists

I just got hit with that, it happened yesterday while I was doing manual surf exchanges so I don't know which one it came from or what site on the TX. I just wish owners would try to keep their sites cleaner. I've got warnings for it the last few days but avast was able to stop it - but yesterday somehow it managed to download itself on my computer and now I can't do anything. My daughter is helping me today do a complete backup and clean up of my computer. None of my virus protection or spy ware could do anything about it. I even found the program in my program list and uninstalled it - but obviously it was reinstalling. What a mess


Thanks for the info on what pages to block, that should help a lot.

This happened to me once about a year ago and my machine had to be reformatted then also.

I have Adblock Plus installed... and have had it the whole time. Now I installed the new version though and did see the block lists and picked one I also installed FF3 finally. Do you know if its possible to choose more than one block list?



I'm so sorry I really wouldn't wish that thing on anyone I had all the latest AV/Spyware/Malware/Adware programs installed too and still managed to catch it. Also my Java was up to date (according to some sources, it can get through if you are running a old version of Java. You can get the new version from java.com).

And several times I thought I had that thing cleaned... had stopped processes, removed files and registry entries. And every time I rebooted the &#/¤&¤@ thing just came back under different file and process names

In the end I just gave up and reformatted

Yes you can Well at least with the older versions you where able too.

By clicking HERE
that will take you to the ABP block list page.

Each list has the option to "Subscribe" to it underneath

I haven't used those in quite a while as I made my own list blocking what annoys me on the sites I have in roboform.
For example I have all the banner ads that are on here blocked and the forum loads quicker Let me know if you want a copy (.txt file) and I'll IM you one.

As for FF3. When the first stable release came out I tried it and I got a virus Went back to FF2 and back to the same site I got the virus from and nothing got in with FF2.


Joe.

Thanks Joem

I've subscribed to the "Malware Domains" -list from that page. Hopefully that will help some

And about FF3... I heard it had bugs in the beginning. But my programmer friend has ensured me that it is safe to install now, so I got the latest version when reinstalling...

No problemo

I did find though that in some cases the pre made lists block more than what they should do Had problems in getting into the electric company site is one example. That's why I decided to start my own list


As for FF3, I heard the same and discovered it after recieving unwanted visitors. I'm happy with FF2.... better the devil you know

I too got this stupid thing on my computer. I still have most of it on here but it doesnt pop up or scan every 20 minutes. I went to the program list and found it and delete a couple of the key files in it. dont know any other way to get it off without reformatting and reinstalling since I dont have a restore disc. anybody have any suggestions?

http://www.removal-instructions.com/removeVirtuMonde.html

http://forums.techguy.org/malware-removal-...de-removal.html

http://removers.volyn.net/2007/08/16/remov...e-removal-tool/

Hopefully one of those might help

This is another Anti MalWae Remover.

I am testing it now.


http://www.download.com/Malwarebytes-Anti-...cdlPid=10878968


Another Good Adblock blocker. It is way better than Firefox Adblock

http://www.download.com/sQusi-Tracking-Plu...cdlPid=10853178


Give it a try. It is a real blocking thing ads of google adsense. Except Amazon annoying ads.