Getting Rid of Virtumonde

Zeromus

So, long story short, my computer, already a pretty decrepit piece of junk, has contracted the dreaded Virtumonde trojan. I've Googled around to find ways to get rid of it, but there are so many different takes, many of which involve downloading even more software ("awesome"), that I was wondering if you guys might have some solid advice on the best way to go about removing it.

Also, other than giving me the occasional pop-up, does anyone know what it does, exactly?

Thanks.

Tomanta

I'd suggest saving time and a headache and just format (based on my own experience).

There are some removal tools that vary on effectiveness depending on which strain you have. You will need to turn off automatic system restores and boot into safe mode before attempting to use those tools. I'm sure someone will show up soon with a link, or you can search for old threads on this same subject - I know there have been several recently.

Tam

I'm going to have to agree with Tomanta- just save yourself a headache and back up and format (also from experience).

Zeromus

Unfortunately, I didn't bring the Windows XP discs or anything to school with me, so that might not be an option.

Tam

Zeromus wrote: »

Unfortunately, I didn't bring the Windows XP discs or anything to school with me, so that might not be an option.

Uh...you might be stuck unless you get someone to mail you those discs.

Zeromus

Hm, I am going back home in just a bit over a week though

Can I live that long with the dreaded Virtumonde?

(Still, I'm open to any suggestions as to how to remove it otherwise.)

proXimity

Is it possibly somebody around you has the discs? I know at my school, anybody in the engineering departments gets a free copy of XP and Vista, and is able to download the ISO of it. If you find someone with that, all you'll need is a blank CD. If you don't know your install key, there are programs you can download that will pull it from your computer so you can write it down before reinstalling.

Hevach

The current version of adaware 2008 (Not sure about the free version, though) does handle it decently enough. Kapersky AVP can handle most versions of it (something I can't say about any of the other free AV/spyware software).

Stay away from vundofix - I've had it trash more than one windows installation. Last time I tested it, it found over 3000 infections on a fresh install of windows without network access, so something's seriously wrong with the program in it's current state. I've heard good things about programs called VirtumundoBeGone and Combofix on security forums recently, but haven't used either.

Problem is, either way, Virtumonde is a class of at this point a couple hundred different infections. It can take a dozen different tools (or combofix with a custom script with some of the nastier versions) to clean it entirely. To date, though, solutions HAVE been found for all the variants known in the wild, a reformat is an extreme solution.

Edit: Check on the case of your computer, many manufacturers put the Windows authentication key on the case, rather than with the install disks, so stores like Best Buy that take the disks out of the box and charge an extra $60 for them don't completely screw you.