Virtumonde runs hidden from the user and displays pop-up advertisements. The adware connects to a server and queries for advertisements to display. The adware actively prevents removal by using several different techniques.
Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde.
Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.