Virtumondo – virus hunt - SmartData Collective

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new ma…

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new machine or full reinstall.

Tomorrow will be better.

Safety and Security Tips To Know in the Era of Big Data

AI-Driven Ransomware is a Terrifying Threat to Businesses

Cloud-Based Data Storage Is Making Manufacturers More Agile

4 of the Biggest Data Breaches in Banking

Here’s Why a Bootcamp Won’t Make You a Data Scientist

Safety and Security Tips To Know in the Era of Big Data

AI-Driven Ransomware is a Terrifying Threat to Businesses

Cloud-Based Data Storage Is Making Manufacturers More Agile

4 of the Biggest Data Breaches in Banking

Here’s Why a Bootcamp Won’t Make You a Data Scientist

Virtumondo – virus hunt

Safety and Security Tips To Know in the Era of Big Data

AI-Driven Ransomware is a Terrifying Threat to Businesses

Cloud-Based Data Storage Is Making Manufacturers More Agile

Top 4 Blockchain Trends Shaping Business in 2022

4 of the Biggest Data Breaches in Banking

Here’s Why a Bootcamp Won’t Make You a Data Scientist