Author Topic: Win32:Virtumonde-BD [Adw]  (Read 2150 times)

0 Members and 1 Guest are viewing this topic.

Offline huggles13151

  • Newbie
  • *
  • Posts: 1
Win32:Virtumonde-BD [Adw]
« on: August 06, 2007, 01:45:51 PM »
Help!! :'( I am loosing my mind. I keep getting this and several other adware alerts and I hit move to chest and also delete but the darn things keep popping up. It's making me nuts is there any way to delete adware or remove it. Where does it come from? Does it keep reinstalling itself or what. I have a firewall and this anti virus program so how is it getting into my computer and how can I get it out?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Win32:Virtumonde-BD [Adw]
« Reply #1 on: August 06, 2007, 01:53:38 PM »
Hi huggles13151,

Follow the advice here:

http://www.bleepingcomputer.com/forums/topic18610.html

The Vundo/Virtumonde infection is often associated with out of date and insecure software (especially Sun Java), so follow this advice to secure your system:

When you have finished the Vundo scan(s), scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

Install SpywareBlaster also to prevent future infections: don't forget to update every month or so.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Win32:Virtumonde-BD [Adw]
« Reply #2 on: August 06, 2007, 04:32:49 PM »
If, for any reason, the Frank's suggestion do not work, please follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.