|
|
|  |
|
|
|
|
F-Secure Spyware Information Pages: Virtumonde

|
|
| |
|
|
Summary
|
| Virtumonde runs hidden from the user and displays pop-up advertisements. The adware connects to a server and queries for advertisements to display. The adware actively prevents removal by using several different techniques. |
|
|
|
Disinfection
|
Instructions:
- Download f-vmonde.zip (Last updated April 17th, 2008)
ftp://ftp.f-secure.com/anti-virus/tools/f-vmonde.zip - Unzip f-vmonde.zip
- Run f-vmonde.exe
- Reboot the machine
|
|
|
|
Detailed Description
|
Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde. Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder. Virtumonde infects Windows XP and 2000. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: April 17, 2008
|
|
|
|
|