Virtumonde
I think I finally got Virtumonde out of my system. Virtumonde, AKA the Vundo Trojan, Virtumondo and MS Juan is a trojan horse that causes popups and advertising for bullshit antispyware programs, 
as well as other problems including slowing of the processor and denial of service with some high traffic websites such as Google. I am not certain where I picked it up from.
I got rid of it by running Spybot Search & Destroy several times with the modem physically disconnected, and forcing reboots several times. Virtumonde inserts itself in your memory and attaches to Explorer.Exe and Winlogon. They must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot your computer. You have to force a reboot, because when Winlogon cranks up again, the virus files will be replicated. Virtumonde DLL files are usually designated by eight random upper and lower case characters and stored in the Windows system32 directory. Unless you remove the DLL files first, while they are running, the DLL file will simply rename itself and replicate. Nasty stuff.
If you want the best in spyware protection, you don't have to pay for it. Spyware Search & Destroy is absolutely free, and is constantly updated. You can flip the switches any way you desire. The support is through an international internet forum and is quite efficient. Do consider donating to help support the cause.
Update: It's back. The offending files are: system32\sejuvoma.dll, system32\jejuvusu.dll, system32\yizesoko.dll, system32\turakana.dll, and system32\jeziluku.dll
I'm going for Dr. Delete.
Update: So far, so good. It looks like Dr. Delete euthanized those little sonovabiches.
Update: Nope. Dr. Delete failed. I'm trying f-vmonde. The offending files are: system32\supilime.dll and system32\pihimage.dll.
as well as other problems including slowing of the processor and denial of service with some high traffic websites such as Google. I am not certain where I picked it up from.I got rid of it by running Spybot Search & Destroy several times with the modem physically disconnected, and forcing reboots several times. Virtumonde inserts itself in your memory and attaches to Explorer.Exe and Winlogon. They must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot your computer. You have to force a reboot, because when Winlogon cranks up again, the virus files will be replicated. Virtumonde DLL files are usually designated by eight random upper and lower case characters and stored in the Windows system32 directory. Unless you remove the DLL files first, while they are running, the DLL file will simply rename itself and replicate. Nasty stuff.
If you want the best in spyware protection, you don't have to pay for it. Spyware Search & Destroy is absolutely free, and is constantly updated. You can flip the switches any way you desire. The support is through an international internet forum and is quite efficient. Do consider donating to help support the cause.
Update: It's back. The offending files are: system32\sejuvoma.dll, system32\jejuvusu.dll, system32\yizesoko.dll, system32\turakana.dll, and system32\jeziluku.dll
I'm going for Dr. Delete.
Update: So far, so good. It looks like Dr. Delete euthanized those little sonovabiches.
Update: Nope. Dr. Delete failed. I'm trying f-vmonde. The offending files are: system32\supilime.dll and system32\pihimage.dll.
Labels: Internet, Personal Reference, Viri and Trojans and Worms Oh My
posted by Xavier at 8:41 AM
12 comments
