Quick Definition of Virtumonde

What does Virtumonde do?

The main purpose of Virtumonde is to show pop-ups and to re-direct your browser.  Let’s say you open your browser.  For a second or two it will start to load your home page the re-direct to another site.  If you were to Google and do a search, then click on one of the search results you can also find your self re-directed.

To read the whole article go here:

Learn how to Remove the Number one Spyware Threat – There is software out there that can remove Virtumonde as well. Check out the list we found at Virtumonde removal software. This gives you an idea of what will work to remove Virtumonde yourself. If you want to remove this virus for …

Virtumonde Virus information you asked for…

Hi all this is Trent. I just wanted to get a quick post out about the Virtumonde Virus. This is the topic of quite a lot of the emails and comments I’m getting from you guys and I want you all to know that I’m listening. I will be dedicating the next series of blog post to this virus and how to remove it.

I will be spending my web surfing time looking for information on the web about Win32 Virtumonde and posting the quality links here. Please continue to contact me with all the Win32 removal information you are looking for so that I can respond and let all the readers be a part of our conversation.

Win32 Removal of Antispyware PRO XP

Antispyware PRO XP — Just another in a series of fake virus alerts. We hate these guys! They make it look like they are doing you a favor by alerting you of virus threats that on you your computer when in reality IT IS a virus itself.

How do you get rid of it? If you are a computer expert you can search your computer manually, but it might take hours to find Antispyware PRO XP’s hidden files. We recommend you do it the easy way by installing our favorite spyware removal tool, Spyware Doctor. Not only will it get rid of this bogus threat but it will keep your computer safe from all future threats as well. Install it now!

———-

Other great information about Win32 Removal of Antispyware PRO XP:

• How to remove AntiSpyware Pro XP (Uninstall Instructions) – AntiSpyware Pro XP is a rogue anti-spyware program that is cloned from AntiSpyware XP 2008. AntiSpyware Pro XP, just like its predecessor, is advertised via malware that displays fake security alerts and web sites that display pop-ups …

• Antispyware Pro XP (AntispywareProXp) Removal Instructions – Antispyware Pro XP (AntispywareProXp) was created – or rather concocted – on the platform of AntiSpyware 2008 XP; the main deviation of the successor at the background of its parental malware is its own name and some changes in files …

• Remove AntiSpyware Pro XP – AntiSpywarePro XP Remover – AntiSpyware Pro XP or AntiSpywarePro XP is a fake spyware remover\cleaner. AntiSpyware Pro XP is advertised through misleading web-sites that show a pop-up that pretends to be a security warning stating that your computer is seriously …

Win32 Removal of Avatod Antispyware 8.0

Avatod Antispyware 8.0 — Part of the series of fake anti virus malware.

This malware is suspected to be a trojan from rogue websites or attached to video codecs. If you have this alert you probably installed it with another application without even knowing it.

The best way to get rid of it is with Spyware Doctor. We have a page dedicated to this best-in-class spyware removal tool. Also when you install Spyware Doctor it will help keep you safe from becoming infected again. Give it a look.

Other great information about Win32 removal of Avatod Antispyware 8.0:

• Avatod Antispyware 8.0 Removal Guide – Do you know what Avatod Antispyware 8.0 is? DESCRIPTION Avatod Antispyware 8.0 is another one of those scamming programs that says it will do one thing but fails to deliver. Avatod Antispyware 8.0… [[ This is a content summary only. …

• Avatod Antispyware 8.0 Removal Instructions – It was Avatod Antispyware 8.0 Remove Avatod Antispyware 8.0 if you had a misfortune to download it or were infected; those infected with its predecessor Awola and ignored the threat would explain you better why Avatod Antispyware 8.0 …

• Uninstall Avatod Antispyware – Avatod Antispyware Remover – Avatod Antispyware or Avatod Antispyware 8.0 is the latest Awola clone with aggressive behaviour and dangerous features. Just like most fake antispywares, Avatod Antispyware issues misleading and exaggerated results. …

Win32 Removal of Adware Punisher malware

AdwarePunisher is another form of Spylocked and SpySoldier. It is a rogue anti-spyware parasite that sneaks into a victim’s computer after a Trojan-caused backdoor creation. AdwarePunisher starts displaying unsolicited popup advertisements and imaginary security risk messages, then offers the victim to purchase the “product” to protect the system from further intrusions. However, AdwarePunisher does not feature any real protection and is a parasite by itself.

There are two ways to get rid of this virus, the easy way and the hard way.

The easy way is to download and install Spyware Doctor.

The hard way is to delete all the files and registry keys manually. If you want to to it this way, go to this page [Win32 Removal of Adware Punisher malware] to see all the files you need to touch.

Win32 Removal of XP Protector 2009

Antispyware PRO XP — is another in a long list of spyware that try to fake you into thinking you have virus threats on your computer and tricking you into purchasing bogus software.

Chances are if you have this alert on your system you are not fully protected by a good anti virus application. We always recommend Spy Doctor with Antivirus. Not only will it remove this spyware but it will keep you protected from all others.

Other information from around the web about Win32 Removal of XP Protector 2009

• Remove XP Protector 2009 – XPProtector 2009 Removal Tool – XP Protector 2009 or XPProtector 2009 is another rogue of Antivirus XP 2008 family. This family has a distinct trait of really wonderful imitation of Windows standard alerts and icons so that users are swindled on the base of their …

• XP Protector 2009 Removal Instructions – XP Protector 2009 (XPProtector 2009) enters victim’s computers either using obviously unfair tricks like downloading with Trojan horse and from malignant script of certain web-sites or less tricky methods like drawing into web-sits …

• XP Protector 2009 – new rogue. Removal Instructions – XP Protector 2009 or XPProtector 2009 attempts to reassure users in its reliability using many smart tactics. First of all, pay attention to the denomination of this rogue – you should know, I guess, what XP means; then, …

Win32 removal of Smitfraud malware for Windows XP and 2K

I am writing this post because I just had a user ask me about her older Windows 2000 machine that was cursed with the Smitfraud malware. Typically I recommend Spyware Doctor by PCTOOLS because it takes care of most Malware threats on more types of Win32 machines BUT she wanted a free way to do it and I’ve thought I would detail the process.

I love free software as much as the next guy but really, unless you have a lot of experience and time just go out and buy Spyware Doctor. You won’t be disappointed and you won’t have to go searching the internet for a fix for other types of infections when you get them. Spyware Doctor handles them all.

But let’s continue with the free way called SmitFraudFix.

Just a list of some of the malware infections this is good for:  AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear, Antivirus 2009, Antivirus Master, Antivirus XP 2008, AntivirusGolden, AVGold, Awola, BraveSentry, IE Defender, Internet Antivirus, MalwareCrush, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, Power-Antivirus-2009, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smart Antivirus 2009, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover, SpywareSheriff, SpywareStrike, Startsearches.net, TheSpyBot, TitanShield Antispyware, Total Secure 2009, Trust Cleaner, UpdateSearches.com, Virtual Maid, Virus Heat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst, VirusRay, Win32.puper, WinHound, Vista Antivirus 2008, XP Security Center, Brain Codec, ChristmasPorn, DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo, FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec, Image ActiveX Object, Image Add-on, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, LookForPorn, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject, Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SearchPorn, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, Video Add-on, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec…

Download:

Use this URL to download the latest version (the file contains both English and French versions):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Mirrors: Alternate official download locations for Smitfraudfix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
Zebulon.fr

Use:

• Search:
  • Double-click SmitfraudFix.exe
  • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt



• Clean:
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
  • Double-click SmitfraudFix.exe
  • Select 2 and hit Enter to delete infect files.
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt



• Optional:
  • To restore Trusted and Restricted site zone, select 3 and hit Enter.
  • You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a “RiskTool”. It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between “good” and “malicious” use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Win32 removal of Vundo / Virtumonde Virus part 2

In a previous post about Win32 Vundo virus removal we detailed the best way we have found to remove the vundo / virtumonde virus. Please try that way first. If that does not work, here are the instructions to remove the Win32 virus another way.

1. Download VirtumundoBegone and save it to your desktop.
2. Now reboot into Safe Mode.
   1. This can be done tapping the F8 key as soon as you start your computer
   2. You will be brought to a menu where you can choose to boot into safe mode.
   3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.
   4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,
3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.
4. Exit when it has finished, and reboot back to normal mode.

This should fix your machine. We may sound like a broken record on this blog but now go out and buy the very best virus protection you can afford. Although the Vundo / Virtumonde virus is annoying it is not the worst thing your computer could get infected with. Protect yourself!!

How to remove Win32 Vundo / Virtumonde Virus

There are two ways perform Win32 Vundo virus removal. This posting is one way that has proven effective and it’s free. Keep in mind that we always stress that you have a good virus protection software running. If you have this virus it means that you do not have proper protection. After you remove the virus, make this the very next thing you do!!

Automated Win32 Removal Instructions for the Vundo or Virtumonde infection using VundoFix:

1. Please print these instructions as they will be needed later when Internet access is not available.
2. Save these instructions in word or notepad to the desktop where they can be easily found.
3. Download Vundo Fix and save it to your desktop.
4. When it has completed downloading, double-click VundoFix.exe to run it.
5. Click the Scan for Vundo button.
6. Once it’s done scanning, click the Remove Vundo button.
7. You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, it will prompt that it will shutdown your computer, click the OK button.
9. When the computer has shutdown, turn your computer back on.

The WinFixer and Vundo infection should now be removed from your computer.

—————-

More great info about Win32 removal of Vundo or Virtumonde from around the web:

• VundoFix – freeware removal tool for Trojan.Vundo – VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections. Usually when infected with Vundo the user is bombarded with popups… [[ This is a content summary only. …
• Vundo realy sucks – There you will find several articles on how to remove Vundo from your computer. You should also check out the Vundo removal page they have setup. It lists about 10 free programs that you can use and they are all free. …
• How to Remove Virtumonde – Virtumonde is a trojan horse for computers. The program itself has several names: Vundo, Vundo Trojan, Virtimondo and MS Juan, which are all just names for the same program. This Trojan is known to cause popups such as advertising for …

What is Vundo / Virtumonde Virus?

Since I’ve started blogging about Win32 Removal I have been getting a lot of comments about the Virtumonde virus so I thought I would start a series of posts describing in detail what this virus is and the many ways to get rid of it.

Although many people know it as the Virtumonde virus, that is just one subset of the family of virus’ called Vundo. Here is the description straight from Wikipedia “Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google.”

How do you know you have the Vundo virus?

Typically you know you have this virus if you are getting strange pop ups. The virus will cause your browser to generate pop up ads and tricky alerts in hopes that you will click on them. The most dasterdly ones try to simulate virus warning alerts claiming that you have been infected with a virus and that you need to buy some software to get rid of it. The fact is you HAVE been infected with a virus but buying the software that is recommended with do nothing to remove the Vundo virus that’s causing the pop ups. Some of the best known advertisements from the vundo virus are for WinFixer, Antispyware Master, Storage Protector, and Sysprotect which are all fake virus protection software. So Evil!!

Another telltale sign is that the desktop or screensaver gets changed without the users knowledge. Again this may be a trick to get you to buy something because one of the things this virus does is change your background or screensaver to a Windows blue screen. If the user doesn’t fall for it and goes into the control panel to change it back the virus may have removed this possibility by editing the registry entry for these panels.