Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

Virtumondo – virus hunt

Editor SDC
Editor SDC
3 Min Read

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

More Read

Book. Is. Done.
Personalize customer relationships by personalizing decisions
Time to start applying SOA lessons to the cloud
Is Google Evil? The Great Debate
Baseball is life…

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new ma


Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new machine or full reinstall.

 

Tomorrow will be better.

Share This Article

Follow us on Facebook

Latest News

street address database
Why Data-Driven Companies Rely on Accurate Street Address Databases
Big Data Exclusive
predictive analytics risk management
How Predictive Analytics Is Redefining Risk Management Across Industries
Analytics Exclusive Predictive Analytics
data analytics and gold trading
Data Analytics and the New Era of Gold Trading
Analytics Big Data Exclusive
student learning AI
Advanced Degrees Still Matter in an AI-Driven Job Market
Artificial Intelligence Exclusive

Stay Connected

You Might also Like