F-Secure Spyware Information Pages: Virtumonde

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Spyware Information Pages: Virtumonde

[Summary] \| [Disinfection] \| [Detailed Description]
Name :	Virtumonde
Alias:	Packed.Win32.Monder.gen, Vundo
Type:	Adware
Category:	Spyware
Platform:	W32
Threat Level:	Medium

Summary

Virtumonde runs hidden from the user and displays pop-up advertisements. The adware connects to a server and queries for advertisements to display. The adware actively prevents removal by using several different techniques.

Back to the Top

Disinfection

Instructions:

Download f-vmonde.zip (Last updated April 17th, 2008)
ftp://ftp.f-secure.com/anti-virus/tools/f-vmonde.zip
Unzip f-vmonde.zip
Run f-vmonde.exe
Reboot the machine

Back to the Top

Detailed Description

Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde.

Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.

Virtumonde infects Windows XP and 2000.

Back to the Top

F-Secure Corporation

Last Modified: April 17, 2008