Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

Virtumondo – virus hunt

Editor SDC
Editor SDC
3 Min Read

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

More Read

And now something completely different: brain simulation
Socialthing!
Making Your “Marketing Marriage” Work!
Can Big Data Solve the Skill vs. Luck Mystery in Fantasy Sports?
CES Showcases Content Anywhere. Here’s a Real-World Reality Check.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new ma


Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new machine or full reinstall.

 

Tomorrow will be better.

Share This Article

Follow us on Facebook

Latest News

Edge Computing in IoT
Unique Capabilities of Edge Computing in IoT
Exclusive Internet of Things
Turning Geographic Data Into Competitive Advantage
The Rise of Location Intelligence: Turning Geographic Data Into Competitive Advantage
Big Data Exclusive
AI Recruitment Software Solution
The Best AI Recruitment Software Solution: Transforming Hiring with Smarter Tech
Artificial Intelligence Exclusive
real estate data
How Big Data Is Changes How We Buy and Sell Real Estate
Big Data Exclusive

Stay Connected

You Might also Like