Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

Virtumondo – virus hunt

Editor SDC
Editor SDC
3 Min Read

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

More Read

How solid is your information management system?
Mad Men Yourself
Who Wants Yesterday’s Papers?
Social Media & Market Research Panel
Fight Hunger on April Food Day

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new ma


Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new machine or full reinstall.

 

Tomorrow will be better.

Share This Article

Follow us on Facebook

Latest News

data mining to find the right poly bag makers
Using Data Analytics to Choose the Best Poly Mailer Bags
Analytics Big Data Exclusive
data science importance of flexibility
Why Flexibility Defines the Future of Data Science
Big Data Exclusive
payment methods
How Data Analytics Is Transforming eCommerce Payments
Business Intelligence
cybersecurity essentials
Cybersecurity Essentials For Customer-Facing Platforms
Exclusive Infographic IT Security

Stay Connected

You Might also Like