Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

Virtumondo – virus hunt

Editor SDC
Editor SDC
3 Min Read

Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

More Read

Price of Distraction
Proof That Facebook is Censoring You
What Is CRM? A Holistic Approach to Customer Relationship Mangement
You will not see us in your accounts
Salesforce.com and Oracle: A Tale of Two Worlds

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new ma


Removing virtumondo.

The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?

The problem was pervasive.

I use a virus killer and a firewall , and I don’t install software I’m not supposed to, except maybe Opera and Java.

I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named “Virtumondo”!

The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two “low hanging fruits” emerged:

1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts

2. Removing write-access to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify”

I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify” starting with “__”.

That’s it, I don’t feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I’ll ask for a new machine or full reinstall.

 

Tomorrow will be better.

Share This Article

Follow us on Facebook

Latest News

Why Every Small Business Should Care About an AI Image Generator
Why Every Small Business Should Care About an AI Image Generator
Artificial Intelligence Exclusive
ai for instagram reel marketing
How AI Is Changing Instagram Reel Marketing
Artificial Intelligence Exclusive Marketing
protecting data in public
The Importance Of Protecting Sensitive Data In Public Services
Big Data Data Management Exclusive
New Data Analytics Breakthroughs Give eCommerce Startups a Fighting Chance
New Data Analytics Breakthroughs Give eCommerce Startups a Fighting Chance
Analytics Big Data Exclusive

Stay Connected

You Might also Like