How to Remove Virtumonde with free anti-malware software.

Update 09/03/08 - Many people have emailed me asking if there was an automatic (hassle free way) of removing virtumonde. Yes, there is. I have found 2 appications that remove virtumonde everytime:

1. Spyware Doctor With Antivirus - free scan here (allows you to test before you buy)

2. Kaspersky Antivirus 2009

You can watch these two antivirus applications remove over 230 viruses on my youtube channel at youtube.com/mrizos.

Now, on to the manual (free) removal method

So, what is Virtumonde and how do you get infected with it?

Virtumonde is a pernicious Adware Trojan that is usually installed into your windows pc (Windows 2000, Windows XP, or Windows Vista) via an outdated Java Runtime Environment. Virtumonde, also known as Virtumondo creates random letter DLL's in C:\windows\system32 (tyeyavv.dll for example) that inject themselves into the winlogon.exe process as well as the explorer.exe process. Since Virtumonde injects itself into winlogon.exe removal can be very hard because winlogon.exe is in use almost every second.

The biggest problem with Virtumonde is not necessarily the removal process, but it's actually the detection process since Virtumonde creators make hundreds of variants a day in an effort to evade detection (which seems to be working unfortunately).

What does Virtumonde do anyway?

Virtumonde displays unblockable popup and popunder ads even when users are not actively browsing the internet. Virtumonde has also been known to display fake system alerts that try to scare a user into buying a fake antivirus application. Virtumonde is essentially a platform for delivering scams to your PC on a massive not-stop scale.

How to remove Virtumonde using free software - My Virtumonde Removal Kit.

Removing Virtumonde for free can be a little tough since there are so many Virtumonde variants and every free program has a different detection database and heuretics algorithm.

When I encounter Virtumonde and a client does not want to pay for any software I "break out" my free Virtumonde removal kit. This kit is currently comprised of:

-MalwareBytes AntiMalware (malwarebytes.org)

-SuperAntiSpware (superantispyware.com)

-VirtumondeFix (from atribune.org)

-UnDLL (from eset.com)

To start the Virtumonde removal process:

1. Backup any personal data to CD, DVD or flash drive.

2. Download and install MalwareBytes Anti-Malware.

3. Load MalwareBytes Anti-Malware and click the update tab and then click update to receive the latest updates.

4. Download and install SuperAntiSpyware.

5. Load SuperAntiSpyware. SuperAntiSpyware will ask you if you want to check for new rules and definitions. Choose yes.

6. Close SuperAntiSpyware.

7. Download VirtumondeFix.

8. Download UnDLL.

9. Reboot your PC in Safe Mode.

10. While in safe mode load MalwareBytes Anti-Malware and perform a full scan.

11. When the scan is complete click show results.

12. Remove any checked items.

13. Reboot if MalwareBytes asks you to.

14. Enter Safemode again.

15. Load SuperAntiSpyware.

16. Click Preferences and click the scanning control tab.

17. Check on "Terminate memory threats before quarantining".

18. Close preferences and click the "Scan your computer " button.

19. Select "Perform Complete scan" and click next.

20. Let the scan complete and remove anything it finds.

21. Next, we'll finish up the Virtumonde detection and removal process by using VirtumondeFix

22. Open VirtumondeFix and click the "Scan for Virtumonde" button.

23. If any Virtumonde infections still remain click the "Fix Virtumonde" button.

24. At this point Virtumonde has most likely been neutralized.

25. Reboot your pc.

26. You should be Virtumonde Free now.

27. Download and install the latest copy of the Java Runtime Environment and keep it updated.

28. Do yourself a favor and Purchase Spyware Doctor with AntiVirus (one license protects 3 PC's). It's the only antivirus that I've tested this year to successfully detect and remove almost every variant of Virtumonde with very little effort.

If you think any Virtumonde Trojans have been missed in c:\windows or c:\windows\system32 then you scan submit those files to virustotal.com for analysis. If the file you submit comes back as a possible infection then you may forcibly remove it using UnDLL. If your still getting popup ads then you may want to run a HiJackThis scan and email me the log file or just install Spyware Doctor with AntiVirus.