How to remove Virtumonde

January 22nd, 2008
Home » Adware » Virtumonde

Virtumonde description

VirtuMonde is an internet adware program. Once VirtuMonde is on your computer it monitors your browsing habits and fetches targeted advertisements which become visible on your computer. VirtuMonde is reported to record your keystrokes and display random advertisements. VirtuMonde Spyware will create a DLL so as to record your keystrokes and conveys the data back to the parent website. Virtumonde is also known as Virtumon, Virtumondo, Virtumonde.C, WinFixer.

source: http://www.removevirtumonde.comVirtuMonde removal guide

How to get rid of Virtumonde

This infection can be removed using Spyware Doctor.

Download does not start? Try a mirror download here

Spyware Doctor is widely valued as one of the best AntiSpyware programs available to protect you from Virtumonde and the latest internet security threats. If your computer is infected with Virtumonde we strongly recommend automatic spyware scanner.

How to manually remove Virtumonde

To get rid of spyware such as Virtumonde you need to remove processes, search and delete registry keys, DLL and other Virtumonde related files from your computer.

Take Note: The manual process of removing spyware from your computer is difficult and puts you at risk of damaging your computer. We advise using our automatic Virtumonde remover.

  1. Uninstall Virtumonde from Control Panel
    Start > Settings > Control Panel > Add/Remove Programs. Double click to uninstall.
  2. End these Virtumonde processes:
    Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
    Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
    ces005dr.exe
    nnx22011.exe
    kopCFEWV.exe
    castlecops[1].exe
    unknown.exe
    svci.exe
    psdrv.exe
    rasrun.exe
    nwonknu.exe
    editpad.exe
    quicken.exe
    winhost.exe
    editpad.exewindowsupd2.exe
    quicken.exe
    winhost.exe
    windowsupd2.exe
    To stop processes press Ctrl + Alt + Del or click Start > Run > type "taskmgr". Select malicious process in the list and click "End Process" button.
  3. Unregister Virtumonde DLL files:
    hggdefc.dll
    pmnlj.dll
    awtttqr.dll
    mljjk.dll
    bndsrsqo.dll
    awtqopm.dll
    geeby.dll
    jiinhuyb.dll
    sstqq.dll
    mljhghe.dll
    vtuts.dll
    rqrssro.dll
    byxurqq.dll
    rqron.dll
    mllmm.dll
    jkhhf.dll
    urstr.dll
    vtsss.dll
    ddcca.dll
    pmnnm.dll
    ssqqomk.dll
    xxyxwxv.dll
    wvursqn.dll
    vtsts.dll
    rqrppon.dll
    ljjgedc.dll
    khfcdba.dll
    ddcyx.dll
    tuvwuss.dll
    sstur.dll
    mljkkhf.dll
    khfcdaw.dll
    opnnljj.dll
    cbxxywx.dll
    nnnmmlk.dll
    vtuspmn.dll
    mllkk.dll
    sstrs.dll
    awtqqnl.dll
    ddcbabx.dll
    iifddby.dll
    pmnlk.dll
    SbCIe02b.dll
    ssttr.dll
    geebc.dll
    pmnno.dll
    jtr0079me.dll
    hrj6051se.dll
    cidrules.dll
    rulesak.dll
    lspak.dll
    To unregister DLL click Start > Run > type "regsvr32 /u PATH_TO_FILE/FILE.dll"
  4. Delete Virtumonde registry entries: MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
    232D2677-68EE-4FA1-B988-279EBC8969ED
    A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
    90624170-D668-409E-A2F5-C0710044760F
    3385764C-85FC-45CC-B290-E97646306BB2
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
    6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
    582C46EE-9E66-4DE0-92A5-34B971099C0C
    429E0606-5905-4CCD-998A-9D2C29DE6F33
    B1F4D9B0-7300-408A-B70A-677CC7276EF6
    90375CC7-C153-4D5C-B81D-C4011A3C16D3
    2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
    DA0053C8-1501-48C6-BD86-167AA3DEC119
    A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
    9DC8B477-C55C-4373-953D-8913334A8D8B
    1B2E9329-C933-4A5D-908C-9A8251D1B7C6
    CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
    2AD3123A-16FF-404E-92E5-47128E40D281
    6980D6C1-F025-4067-B8B8-F12029EA0CD2
    53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
    4E35C785-B803-471E-AF03-74BDE42EA65A
    C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
    538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
    89AD4D75-2429-462e-BD4E-443F233F6033
    45B20293-5C68-4271-B4FD-F43A4075A2E3
    837B45D6-BF85-457D-AABF-6D2E7815F791
    B7672BAF-E9A3-49B6-86B2-C81719A18A4C
    53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
    C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
    FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
    D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
    F40114E6-51D4-4EE4-9F38-2E979AF84593
    35B868E9-614B-47BA-81F7-841B8B055247
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
    5A04F1F7-C0A5-41A1-8C23-7A96894B9002
    F9C57A10-3FFE-4E94-924E-264713738291
    719C7140-463A-45CB-BA90-828B11FCF5A4
    1f9137dc-0b86-43e1-a596-8b2b49125124
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
    855879EC-968C-4480-976B-870669F5F95A
    44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
    57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
    28DD5FA9-7526-4463-A548-BD2877B2710A
    27534EA2-AF0A-4405-9143-8837572099BC
    41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
    34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
    095514BB-363E-451D-9BAE-A054E51BD0B0
    82412A22-FFED-4A67-B37D-4127EBA1BB02
    8410970E-714C-4F14-AA6B-B3B2F3246827
    E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
    MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
    59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
    05029E1B-4C41-4681-8F7F-2AEC346136F4
    01ABD624-98FE-4B37-81F2-4E5B41799B6B
    1FB63E52-4D6E-48C1-A08F-F630FE50F337
    5A4A2D56-931A-4733-9121-033A2D95A274
    3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
    22E58089-6DB5-45D9-BF87-6C8975246D26
    F73AF695-229D-4549-B1A0-20DA99A81F19
    F00EFDF5-0042-4F5E-9F20-C688409CF918
    B2030C9A-DE59-457D-A042-D827AD69C8F3
    9CF8EE9B-0B2E-464A-9700-D7B46142BD99
    SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
    SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
    662BB3E3-204F-44FA-A827-143B8AB4B036
    C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
    B763C083-57E0-4993-B058-13008952DF68
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
    A05DA7E0-383C-4E99-A72A-742050A152A2
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
    6148028B-D532-4417-8C0B-5A4A0B745393
    D38439EC-4A7F-42b4-90C2-D810D7778FDD
    Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
    2FCAB754-0535-470E-8F80-BACB6CA1ACC1
    83B28A74-640D-48F4-9F51-E80EED7CC7E0
    Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
    D714A94F-123A-45CC-8F03-040BCAF82AD6
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
    22B271AB-3D0A-4CCB-8AD9-DD08183C356A
    68616403-4FFB-4B19-B360-0B0B1F55D5EC
    Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
    1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
    D01C9902-73AF-47FF-B784-05FDB6604FCF
    HKEY_LOCAL_MACHINE\software\targetsoft
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
    HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
    HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
    HKEY_CURRENT_USER\software\microsoft\windowsupd
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
    13589181-4f0d-4553-b9f8-b4b72172c139
    HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
    HKEY_CURRENT_USER\software\microsoft\windowsupd
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
    HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
    HKEY_CLASSES_ROOT\atlevents.atlevents
    To open registry editor click Start > Run > type "regedit".
    Warning! Manual registry entries editing may cause damage to your system.
    Download Uniblue RegistryBooster 2010 to scan for registry errors.
  5. Search and delete these Virtumonde related files:
    hggdefc.dll
    pmnlj.dll
    awtttqr.dll
    mljjk.dll
    bndsrsqo.dll
    awtqopm.dll
    geeby.dll
    jiinhuyb.dll
    sstqq.dll
    mljhghe.dll
    Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
    Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
    vtuts.dll
    rqrssro.dll
    byxurqq.dll
    rqron.dll
    mllmm.dll
    jkhhf.dll
    urstr.dll
    vtsss.dll
    ddcca.dll
    ces005dr.exe
    nnx22011.exe
    pmnnm.dll
    ssqqomk.dll
    xxyxwxv.dll
    wvursqn.dll
    vtsts.dll
    rqrppon.dll
    ljjgedc.dll
    khfcdba.dll
    ddcyx.dll
    tuvwuss.dll
    sstur.dll
    mljkkhf.dll
    khfcdaw.dll
    opnnljj.dll
    cbxxywx.dll
    nnnmmlk.dll
    vtuspmn.dll
    mllkk.dll
    sstrs.dll
    awtqqnl.dll
    kopCFEWV.exe
    gf1.0.0.2
    castlecops[1].exe
    ddcbabx.dll
    iifddby.dll
    2chkdsk
    pmnlk.dll
    SbCIe02b.dll
    ssttr.dll
    geebc.dll
    pmnno.dll
    jtr0079me.dll
    hrj6051se.dll
    unknown.exe
    svci.exe
    psdrv.exe
    rasrun.exe
    nwonknu.exe
    cidrules.dll
    rulesak.dll
    lspak.dll
    editpad.exe
    quicken.exe
    winhost.exe
    unknown.exewindowsupd2.exe
    svci.exe
    psdrv.exe
    rasrun.exe
    nwonknu.exe

Tags

, , , ,

Similar Threats

No Responses on Virtumonde removal

  • 1
    WinFixer removal instructions
    November 19th, 2007 22:19

    [...] WinFixer is known also as Virtumonde. [...]

  • 2
    WinReanimator removal instructions
    February 27th, 2008 20:29

    [...] is the the latest rogue anti-spyware software. It is installed on your computer by trojan Virtumonde (Virtumon, Vundo). It shows fake alerts like: “Windows has detected spyware infection! It is [...]

  • 3
    AntispyDeluxe (Antispy Deluxe) removal instructions
    March 27th, 2008 22:08

    [...] known as Antispy Deluxe) is a fake anti-spyware software installed on your computer through trojans Virtumonde or Zlob without any notice and permissions. Program reports false system security threats. It could [...]

  • 4
    AntiSpywareMaster (AntiSpyware Master) removal instructions
    April 9th, 2008 19:44

    [...] a.k.a. AntiSpyware Master is the latest rogue anti-spyware software installed onto your pc through trojan.virtumonde without any notice and permissions. AntiSpywareMaster is very similar to WinPCDoctor and [...]

Leave a Reply

«
»

  • Search