Re: Win32/VirtuMonde.O

From: "DanG" <dang@xxxxxxxx>

| I had a message pop up today from Window Defender, indicating that I
| had a "Win32/Virtumonde.O" trojan on my PC. I had WD remove the
| virus, and restarted as required. A few minutes later, the message
| popped up again. I have tried everything I can think of, including
| running WD in Safe Mode, but the virus keeps coming back. It seems
| that WD says it's been successfully removed, but it really isn't.
|
| I've downloaded SpywareBot and Ad-Aware, but neither found my bug.
| When I run the Symantec program specifically intended to remove
| Adware.Virtumonde, it doesn't find anything. Neither does Avast.
| Perhaps Adware.VirtuMonde and Win32/VirtuMonde are not the same thing.
|
| Any clues on what else I can try?



Two phase answer...

Perform Part 1 then perform Part 2

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 2 (jre 6u2)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_02

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1




Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

Part 2
------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4

Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.




* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: trojan vundo in system 32
    ... It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... Download Adware-Virtumundo Removal Tool v1.5 -- ... Information on the Adware-Virtumundo Removal Tool: ... It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.security_admin)
  • Re: alcan A or a dropper?
    ... Download Adware-Virtumundo Removal Tool -- ... Information on the Adware-Virtumundo Removal Tool: ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.general)
  • Re: How do I remove trojan.vundo
    ... Download Adware-Virtumundo Removal Tool v1.5 -- ... Information on the Adware-Virtumundo Removal Tool: ... It is suggested that you move the report out of c:\mcafee before performing another scan. ... It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML ...
    (alt.comp.anti-virus)
  • Re: XP-FIx.com "This computer has detected that software had cimprimised......
    ... Microsoft Protect Your PC Website ... > This morning I've had this message pop up about 20 times, ... I don't tend to download stuff but my ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows XP Patch
    ... Download and run Ad-Aware or Spybot. ... > I keep getting a message pop up on my computer screen that ... > I need to download the windows patch. ...
    (microsoft.public.windowsxp.general)