Anybody ever run into this annoying lil' bitch whore of a trojan adware named Vundo/Virtumonde?? Seems to be hard as fuck to remove. Apprently as much as i keep my firewall solid and keep my comp as clean as possible, it finds a way to get in through exploiting my java which i did not update in awhile :(.

I had that bastard. I had to use Windows Defender and then I'm trying to remember the key, but I feel that if you play around with windows defender enough you'll get it. Spybot and Adaware were useless. I don't have it on this comp but there's some feature in Windows Defender where you can see what programs load on startup and if you look real careful, the virtumonde stuff loads with a fake name that looks normal and if you cut it off from startup you can then get rid of it.

Basically, I looked at the list of files that were set to load on startup and then googled each file name to find out what was bad and got rid of it. If I remember correctly, every bad file was only 1-2 characters off from a useful file so be careful.

If you want, you can post a HijackThis log and I'll take a look at it.

Also:

http://www.virtumonde.net/free-virtumonde-removal-software/

I think I got rid of it last night through Macafee. But I think its fucked up my spybot(which is normally very useful until this hit it). Still dont know yet.

I'm a lil iffy about "we'll remove this virus with this software" sites. They in my experiences have been a whole new set of trojans.


Removal -

Certain variants of the Vundo trojan are especially difficult to remove. Current DAT and Engine functionality does not yet provide an automatic method to fully remove this threat if it is active in memory. However, a combination of manual and DAT/Engine removal methods does allow for successful removal of this threat.

Instructions

1. Download Process Explorer (procexp.exe) from Sysinternals
2. Reboot the infected machine
3. Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet
4. Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes (right-click on these process names and choose suspend)
5. Scan & clean with the current DAT files and engine (the Window launched in step 3 above) [there will be clean failures, that is expected]
6. Physically power the machine off and back on.(a hard reset is required as Windows will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner).

These steps will removal all relevant registry entries and identified Vundo components.

I had it, and my smart computer buddy got rid of it by running the program ComboFix.

I'll try these ideas if it's not out. Will run some more scans before i head to work.

if you ever want to learn about STDs, you can always aks me.

I had it... Got rid of it using a couple of programs... ComboFix, Malwarebytes Antimalware, etc... It is certainly a bitch.

so far it seems gone, or it may be dormant. Will check it out again when i get back home today.