F-Secure
Tools
Adware:W32/Virtumonde
Summary
This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Special Disinfection Tool
F-Secure has a special disinfection program for Virtumonde infections, available from: ftp://ftp.f-secure.com/anti-virus/tools/f-vmonde.zip (Last updated April 17th, 2008)
For more general information on disinfection, please see Removal Instructions.
Special Disinfection Tool
F-Secure has a special disinfection program for Virtumonde infections, available from: ftp://ftp.f-secure.com/anti-virus/tools/f-vmonde.zip (Last updated April 17th, 2008)
- Download f-vmonde.zip
- Unzip f-vmonde.zip
- Run f-vmonde.exe
- Reboot the machine
Additional Details
Adware:W32/Virtumonde displays pop-up advertisements. These advertisements are usually disguised to hide their origin from Virtumonde.
Installation
Virtumonde only affects Windows XP and 2000 installations.
To infect a system, the adware installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.
Virtumonde runs hidden from the user.
Activity
To enable its advertising-display function, the adware connects to a server and queries for advertisements to display.
The adware actively prevents removal by using several different techniques.
More
Virtumonde is closely associated to Trojan:W32/Vundo and Trojan:W32/Monder. For more details, please see the following descriptions:
Installation
Virtumonde only affects Windows XP and 2000 installations.
To infect a system, the adware installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.
Virtumonde runs hidden from the user.
Activity
To enable its advertising-display function, the adware connects to a server and queries for advertisements to display.
The adware actively prevents removal by using several different techniques.
More
Virtumonde is closely associated to Trojan:W32/Vundo and Trojan:W32/Monder. For more details, please see the following descriptions: