Programming and Application(编程与应用)

Content(目录)

Linux

MySQL
Office

Remove Virtumonde and Advertisement Service malware/adware

A few days ago my computer was infected by Trojan Vundo (Virtumonde) and Advertisement Service. All the sudden, there were so many popup windows with advertisement that prevent you doing any work. I knew that my computer was infected by certain viruses. The first thing I could do was to run Norton Anti-Virus to see if there is any virus. It ended up that Norton Anti-Virus found nothing. I did not believe this result. Since I know a software called Ad-Aware that can check and delete advertising programs. I downloaded a free copy from Lavsoft. Install it and scan my computer. There were a long list of ad ware found. Advertisement Service was in the list. I performed the delete these harmful stuffs. Some of them were erased completely, which included Advertisement Service. Since I know that Ad-Aware has its limitation, I reran the scan function. Vundo still show up in the list. That simply tell me that I need find other way to remove it.

I searched the internet and find people say that SpyWare Doctor is a good software to remove Trojan Vundo. I download it from PCTools. Install it and run that program under safe mode. After I scanned my system, Vundo and several other stuffs shown up. I was able to remove Vundo and other stuffs by using this tools.

To be aware, I tried to use its real time monitoring function. It seems that this function works. But I felt that my system is terribly sick. At the beginning, I was thinking that it might have other virus and spyware still running in my system. I downloaded several other spyware removing software and tried them. Did not find any serious problem. I suspected that the slowdown of my system should be related to Spyware Doctor. I uninstalled it completely and rebooted my system. My system has it second life. I was released and claimed that Spyware Doctor has funky function to monitor my Windows XP system. So do not use it in your system.

Updated on Jan 3, 2009

I found that pop-ups still show up in an accelerating speed. I use the above software to scan malware and the software always stopped either at the begining or at the middle. I know that the malware still hidding somewhere and spreading more serious problems in a speeding way.

I googled the internet and found a lot of confusing messages. I was told by AntiSpyware that my computer was infected by a program downloaded at http://www.antispyware.com/glossary_details.php?ID=134152 (downloaded file called setupxv.exe). I suspected that this is a spyware itself. It install malware to your computer and allute you to by their program. In my computer, there are several strange files under /windows/system32 (desolegu.dll, henebevi.dll, telezeva.dll, totojomu.dll, kozafuli.dll - this one shows in Internet Explorer as an add-on). This program also reported several trojan and worms, such as WinFixer, Monder, Mytob and so on. I believe that this program can generate new dlls and put them to windows system folder. It happened that another program (NoAdware 5.0) is running. It reported that some program tried to add process to windows startup.

What I did is to use MSConfig program to modify the boot procedure and reboot to safe minimal and alternateshell. Use DOS commands to eliminate these DLLs. Then reboot to normal windows. To be aware that since the DLL entries were eliminated, Windows will pop up a couple of error windows. Just ignore them. Please use NoAdware to monitor your system and make sure that no program can change your system's startup process.

Updated on Jan 4, 2009

I spent some many hours to scan and manually remove the virus DLLs. Nothing worked. I googled again for "remove virtunode". This time I got several good reference in www.bleepingcomputer.com. I downloaded both recommended tools at the following locaitons. Get VirtumundoBeGone at PC Utilities. Alternatively, you can download at this site. Get SUPERAntiSpyware at SuperAntiSpyware.Alternatively, you can download at this site. I installed SuperAnitSpyware and scan my system. It found 21 enteries and hundreds of register entries. I stopped scanning process and deleted what it found. Then follow it instruction to reboot my computer. This time it seems the malware was totally gone. Thanks for the right suggestions and instructions. The size of clean c:\windows\explorer.exe is 1009KB and the size of the infected one was 1033KB.

Once the disgusting malware was totally removed, I downloaded a software called AutoRuns at TechNet.Microsoft.com to completely remove all wrong entries related to Virtumonde virus/Trojan. Now my system is fresh and running fast. Succeed! Happy! Happy in the new year!

©董占山 Zhanshan Dong

Post comments(留言)

由Google提供