Virtumonde removal instructions

VirtuMonde is an internet adware program. Once VirtuMonde is on your computer it monitors your browsing habits and fetches targeted advertisements which become visible on your computer. VirtuMonde is reported to record your keystrokes and display random advertisements. VirtuMonde Spyware will create a DLL so as to record your keystrokes and conveys the data back to the parent website. Virtumonde is also known as Virtumon, Virtumondo, Virtumonde.C, WinFixer.

source: http://www.removevirtumonde.com - VirtuMonde removal guide

Automatic Virtumonde removal

If your computer is infected with Virtumonde we strongly recommend automatic spyware scanner. With automatic removal tool you will easily and safely detect and remove Virtumonde and other spyware, adware and malware.

spyware scanner for Virtumonde

Manual Virtumonde removal

To get rid of spyware such as Virtumonde you need remove processes, search and delete registry keys, DLL and other Virtumonde related files from your computer.

Take Note: The manual process of removing spyware from your computer is difficult and puts you at risk of damaging your computer. We advise using our automatic Virtumonde remover.

Remove these Virtumonde processes:
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
ces005dr.exe
nnx22011.exe
kopCFEWV.exe
castlecops[1].exe
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
editpad.exe
quicken.exe
winhost.exe
editpad.exewindowsupd2.exe
quicken.exe
winhost.exe
windowsupd2.exe
Unregister these Virtumonde DLL files:
hggdefc.dll
pmnlj.dll
awtttqr.dll
mljjk.dll
bndsrsqo.dll
awtqopm.dll
geeby.dll
jiinhuyb.dll
sstqq.dll
mljhghe.dll
vtuts.dll
rqrssro.dll
byxurqq.dll
rqron.dll
mllmm.dll
jkhhf.dll
urstr.dll
vtsss.dll
ddcca.dll
pmnnm.dll
ssqqomk.dll
xxyxwxv.dll
wvursqn.dll
vtsts.dll
rqrppon.dll
ljjgedc.dll
khfcdba.dll
ddcyx.dll
tuvwuss.dll
sstur.dll
mljkkhf.dll
khfcdaw.dll
opnnljj.dll
cbxxywx.dll
nnnmmlk.dll
vtuspmn.dll
mllkk.dll
sstrs.dll
awtqqnl.dll
ddcbabx.dll
iifddby.dll
pmnlk.dll
SbCIe02b.dll
ssttr.dll
geebc.dll
pmnno.dll
jtr0079me.dll
hrj6051se.dll
cidrules.dll
rulesak.dll
lspak.dll
Delete these Virtumonde registry entries:
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
232D2677-68EE-4FA1-B988-279EBC8969ED
A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
90624170-D668-409E-A2F5-C0710044760F
3385764C-85FC-45CC-B290-E97646306BB2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
582C46EE-9E66-4DE0-92A5-34B971099C0C
429E0606-5905-4CCD-998A-9D2C29DE6F33
B1F4D9B0-7300-408A-B70A-677CC7276EF6
90375CC7-C153-4D5C-B81D-C4011A3C16D3
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
DA0053C8-1501-48C6-BD86-167AA3DEC119
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
9DC8B477-C55C-4373-953D-8913334A8D8B
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
2AD3123A-16FF-404E-92E5-47128E40D281
6980D6C1-F025-4067-B8B8-F12029EA0CD2
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
4E35C785-B803-471E-AF03-74BDE42EA65A
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
89AD4D75-2429-462e-BD4E-443F233F6033
45B20293-5C68-4271-B4FD-F43A4075A2E3
837B45D6-BF85-457D-AABF-6D2E7815F791
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
F40114E6-51D4-4EE4-9F38-2E979AF84593
35B868E9-614B-47BA-81F7-841B8B055247
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
F9C57A10-3FFE-4E94-924E-264713738291
719C7140-463A-45CB-BA90-828B11FCF5A4
1f9137dc-0b86-43e1-a596-8b2b49125124
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
855879EC-968C-4480-976B-870669F5F95A
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
28DD5FA9-7526-4463-A548-BD2877B2710A
27534EA2-AF0A-4405-9143-8837572099BC
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
095514BB-363E-451D-9BAE-A054E51BD0B0
82412A22-FFED-4A67-B37D-4127EBA1BB02
8410970E-714C-4F14-AA6B-B3B2F3246827
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents
Search and delete these Virtumonde related files:
hggdefc.dll
pmnlj.dll
awtttqr.dll
mljjk.dll
bndsrsqo.dll
awtqopm.dll
geeby.dll
jiinhuyb.dll
sstqq.dll
mljhghe.dll
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
vtuts.dll
rqrssro.dll
byxurqq.dll
rqron.dll
mllmm.dll
jkhhf.dll
urstr.dll
vtsss.dll
ddcca.dll
ces005dr.exe
nnx22011.exe
pmnnm.dll
ssqqomk.dll
xxyxwxv.dll
wvursqn.dll
vtsts.dll
rqrppon.dll
ljjgedc.dll
khfcdba.dll
ddcyx.dll
tuvwuss.dll
sstur.dll
mljkkhf.dll
khfcdaw.dll
opnnljj.dll
cbxxywx.dll
nnnmmlk.dll
vtuspmn.dll
mllkk.dll
sstrs.dll
awtqqnl.dll
kopCFEWV.exe
gf1.0.0.2
castlecops[1].exe
ddcbabx.dll
iifddby.dll
2chkdsk
pmnlk.dll
SbCIe02b.dll
ssttr.dll
geebc.dll
pmnno.dll
jtr0079me.dll
hrj6051se.dll
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
cidrules.dll
rulesak.dll
lspak.dll
editpad.exe
quicken.exe
winhost.exe
unknown.exewindowsupd2.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe

To believe that you dont have Virtumonde in your computer, please scan with automatic spyware removal tool.

Tags

how to remove Virtumonde, how to get rid of Virtumonde, delete Virtumonde, uninstall Virtumonde, Virtumonde removal

No Responses on Virtumonde removal

Leave a Reply

  • Search