Spyware Techie

VirtuMonde Removal Guide

Published by Scott on November 2, 2007 12:02 pm under Spyware Help

Advertisement (advertise here?)

Do you know what VirtuMonde is?

DESCRIPTION

VirtuMonde (also referred to as Vundo, Vundo Trojan and VirtuMundo) is a spyware program that creates a Dynamic Link Library, which is reported to record your keystrokes and randomly displays advertisements. By doing this, it stays memory resident, checking if VirtuMonde is being ran, if not, it launches it again. Additionally, it harvests usersâ€™ information about their connection, pages viewed and applications installed. VirtuMonde also writes cookies to track browsing behavior and may visit various Internet sites.

VirtuMonde also downloads other software from various remote servers with or without your knowledge and consent.

While having the VirtuMonde you will notice a slight or large amount of memory being used randomly throughout the day. VirtuMonde will make false pop-ups appear informing you that the system is infected and that your performance is deteriorating. In order to solve this, you are supposed to download the program.

In some cases VirtuMonde has altered Administrative rights of machine Owners, and prevented them from downloading effective anti-spyware programs.

Non-Techie terms: Spyware makers create programs like VirtuMonde to extort money from you. VirtuMonde does not detect spyware. VirtuMonde is the spyware you should avoid and not give out any personal information.

VIRTUMONDE OVERVIEW

Name: VirtuMonde
Type: Rogue Anti-spyware program

VirtuMonde Automatic Removal Instructions

VirtuMonde Manual Removal Instructions

This manual removal method is for techie computer users. VirtuMonde manual removal may be difficult and time consuming to remove. There’s no guarantee that VirtuMonde will be removed completely. So read the VirtuMonde removal steps carefully and good luck.

Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.

Uninstall VirtuMonde Program
Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall VirtuMonde v.3.8 if found.
To stop VirtuMonde processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.

Search and stop these VirtuMonde processes:
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
ces005dr.exe
nnx22011.exe
kopCFEWV.exe
castlecops[1].exe
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
editpad.exe
quicken.exe
winhost.exe
editpad.exewindowsupd2.exe
quicken.exe
winhost.exe
windowsupd2.exe

For each unwanted process, right-click on it and then select “End task”.
To Unregister VirtuMonde DLLs (view DLL removal steps)
Search and unregister these VirtuMonde DLLs:
awtttqr.dll
mljjk.dll
bndsrsqo.dll
awtqopm.dll
geeby.dll
jiinhuyb.dll

To locate the VirtuMonde DLL path, go to Start > Search > All Files or Folders. Type VirtuMonde and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.

Once you have the VirtuMonde DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.

To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister).

To unregister VirtuMonde registry keys (view registry keys removal steps)

Go to Start > Run > type regedit > press OK.

Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.

Search and delete these VirtuMonde registry keys:

Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
582C46EE-9E66-4DE0-92A5-34B971099C0C
429E0606-5905-4CCD-998A-9D2C29DE6F33
B1F4D9B0-7300-408A-B70A-677CC7276EF6
90375CC7-C153-4D5C-B81D-C4011A3C16D3
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
DA0053C8-1501-48C6-BD86-167AA3DEC119
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
9DC8B477-C55C-4373-953D-8913334A8D8B
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
2AD3123A-16FF-404E-92E5-47128E40D281
6980D6C1-F025-4067-B8B8-F12029EA0CD2
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
4E35C785-B803-471E-AF03-74BDE42EA65A
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
89AD4D75-2429-462e-BD4E-443F233F6033
45B20293-5C68-4271-B4FD-F43A4075A2E3
837B45D6-BF85-457D-AABF-6D2E7815F791
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
F40114E6-51D4-4EE4-9F38-2E979AF84593
35B868E9-614B-47BA-81F7-841B8B055247
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
F9C57A10-3FFE-4E94-924E-264713738291
719C7140-463A-45CB-BA90-828B11FCF5A4
1f9137dc-0b86-43e1-a596-8b2b49125124
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
855879EC-968C-4480-976B-870669F5F95A
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
28DD5FA9-7526-4463-A548-BD2877B2710A
27534EA2-AF0A-4405-9143-8837572099BC
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
095514BB-363E-451D-9BAE-A054E51BD0B0
82412A22-FFED-4A67-B37D-4127EBA1BB02
8410970E-714C-4F14-AA6B-B3B2F3246827
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents

If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
Remove VirtuMonde Directories.
To find VirtuMonde directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.

Search and delete the following AntiVirGear directories:
awtttqr.dll
mljjk.dll
bndsrsqo.dll
awtqopm.dll
geeby.dll
jiinhuyb.dll

Right-click on the AntiVirGear folder and select Delete.

A message will appear saying ‘Are you sure you want to remove the folder [NAME OF FOLDER] and move all its contents to the Recycle Bin?’, click Yes.

Another message will appear saying ‘Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?’, click Yes.
To remove VirtuMonde icons on your Desktop, drag and drop them to the Recycle Bin.

You’ve completed the VirtuMonde manual removal instructions!

I hope this article has helped you solve your VirtuMonde problems. If you want to contribute to this article, post your comment below.

Disclaimer: This article is for educational purposes. By using this information you agree to be bound by the disclaimer. There’s no guarantee that VirtuMonde will be completely removed from your computer. Seek professional help if your computer continues to experience problems.

VirtuMonde Removal Guide Automatic Removal Instructions

VirtuMonde Manual Removal Instructions

This manual removal method is for techie computer users. VirtuMonde manual removal may be difficult and time consuming to remove. There’s no guarantee that the infection will be removed completely. So read the removal steps carefully and good luck.

Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.

Uninstall VirtuMonde Program
Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall the infection if found.
To stop VirtuMonde processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
Search and stop these processes:
1014[1].exe
is[1].exe
psdrv.exe
svci.exe
asd0.exe
winhost.exe
FreeApp[1].exe
rasrun.exe
nwonknu.exe
castlecops[1].exe
For each unwanted process, right-click on it and then select “End task”.
To Unregister VirtuMonde DLLs (view DLL removal steps)
Search and unregister these DLLs:
vhsttu.dll
bkcosq.dll
inlvolhc.dll
geebc.dll
flojedot.dll
xkhcunoe.dll
eynrdxpd.dll
jtrwal.dll
temlxopqgdk.dll
jdpfjwgb.dll

To locate the DLL path, go to Start > Search > All Files or Folders. Type VirtuMonde and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
Once you have the DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister).
To unregister VirtuMonde registry keys (view registry keys removal steps)
Go to Start > Run > type regedit > press OK.
Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
Search and delete these registry keys:
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmjhIY Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFFCBA64-651F-43DD-97BC-684C179618A5} Microsoft\Windows\CurrentVersion\Ext\Stats\{0B014B81-4E12-46F9-806F-55867AF8FD3C} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d89cb9c-f2a1-43a5-a6fd-bdbf3688747b} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2dd9458-f71a-42cf-8706-a694f147e8a8} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32D0CCCB-4D89-4510-BAF7-028BC11E60DB} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{084677b7-fc41-4e07-9c41-08d2d3697b0c} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c23403e-346b-40b4-8fe8-b80516c8ada9} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0955079E-3A5E-4FF7-A7C9-2A65CAAE1EF2} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11EDF9E4-A3CE-44B8-8DBB-64948F77B808} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472c09de-3502-414d-b39b-0afd6efa4bca} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6cefe49-8b87-471d-a1ce-495714b78b80} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f92a2961-c48e-48f9-94c4-9b16f66b2e05} 6148028B-D532-4417-8C0B-5A4A0B745393 MICROSOFT\WINDOWS\CURRENTVERSION\RUN\iesvcmon {C988A1BF-D300-4A4C-9A63-AFDF23671052} HKEY_CURRENT_USER\software\microsoft\windowsupd Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1DC124D-8BC4-46D6-A3C5-454C53324F4E} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71fd4dba-7b71-4919-b15a-2ca0f68cd384} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7252d783-5e03-4621-b9dc-29 {35843B6D-FA05-42C7-BBF3-6343F011D444} Microsoft\Windows\CurrentVersion\Run\BM9376ab5b {135B4804-7728-4137-B6D8-5CC590110C9D} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer {E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CAFAF0C-C38F-43C1-8080-390E776254DE} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SystemOptimizer Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNgGx Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1C50067-D883-45F4-B991-D5FAAAA4CAB1} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BM0389ec02 {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f29ac8c0-9bf7-49f6-89a6-56f4a920a9ac} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35843B6D-FA05-42C7-BBF3-6343F011D444} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0524B01A-F7AF-4665-8BE1-BE460478A4FF} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayYssrr {4EF267EE-D1A4-4C92-85A9-B51B58A53BE4} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b2bb67d-12d6-49b8-a186-2eec081a548e} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965f4cc8-42a4-45e5-b0ed-8677fb675aa4} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03b9c36c-139b-40df-a510-c3224aedf48f} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45e6b878-e844-4765-81dc-7bc1bc01b2b0} B763C083-57E0-4993-B058-13008952DF68 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EF267EE-D1A4-4C92-85A9-B51B58A53BE4} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{519AD75B-6F4F-4E48-B7C9-3793CE64B509} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FCD13AC-B899-4EF7-BD3E-C959EFBFB753} 2FCAB754-0535-470E-8F80-BACB6CA1ACC1 Microsoft\Windows\CurrentVersion\Run\A00F7BA74.exe 1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E91EF7B-6846-45C3-A8AB-67CF7C900783} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\c00FA17 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C31C05B4-0A01-4DC2-8E5E-0315459F508E} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{178d586e-b3d6-4548-b34c-7c1ffbfcdca7} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03ce200e-8abf-4048-a20e-fdec08f7c2b1} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrRIy Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93350c7e-163b-4a3b-96e5-154b58d33d6a} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f30d137-f50e-4b40-927e-b40ec125a068} MICROSOFT\WINDOWS\CURRENTVERSION\RUN\00badf9e Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc796ded-5fa6-4a4b-8473-3636b0fe9d1b} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cecbbafdbd HKEY_CLASSES_ROOT\atlevents.atlevents Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72df2c1-1205-4f44-b188-8dda6f84e30b} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AD72687B-CF83-4463-8E95-2CB3198CA5F6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{499E5F81-EBE0-4D08-818D-3E88B0A13542} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c294220-1a9d-476a-a918-53f2da2571e4} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{866d26cd-56b2-4a3f-84ba-825ea199099b} Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0 SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5FCD13AC-B899-4EF7-BD3E-C959EFBFB753} {AD72687B-CF83-4463-8E95-2CB3198CA5F6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5850d2e6-6e49-4d0a-bb2e-a49e8fa2eee6} Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\m0_glkp_011008 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a03a593-de50-4edb-b682-a5d5e9d3d967} Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb55919c-72fa-4b2c-8e11-c563d0268004} {60EDCEE2-B6AF-4F2E-BB15-14F101364B47} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd 22B271AB-3D0A-4CCB-8AD9-DD08183C356A Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F24F5951-B29D-49B0-9BB3-BE6818CA6940} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1326b103-1a17-4dcd-a1e9-d7444462b3f5} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4caf47ba-df5a-4ebf-b5f5-9965d8060939} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{237873d9-d1b9-42b6-987b-f086140b383e} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E7683750-B89A-402F-8F22-EBF3DA3F70C2} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11ece6bb-8155-4e05-bacf-a452151107af} 662BB3E3-204F-44FA-A827-143B8AB4B036 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon {AFFCBA64-651F-43DD-97BC-684C179618A5} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ea4c0-5b1b-4ceb-b265-140e51c6b012} 68616403-4FFB-4B19-B360-0B0B1F55D5EC Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92f69757-bae4-4c71-9dae-3298ed7c11aa} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7336D32-62F7-43B5-8B8C-3963C72CA498} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d0e88ac-5012-43a4-8f3d-cfc5d9ad685d} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38637efe-db1a-483c-a98c-b94df9c8c130} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtusqQk Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8d0722e-445a-444e-a614-6dafb600d78b} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB338DB6-EC2C-456B-B5AD-ED97FB489684} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD72687B-CF83-4463-8E95-2CB3198CA5F6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca00c181-714f-4d26-acb0-b0f33c6439e5} {A788655C-054E-4A69-98A2-7BD92BE3D87F} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e40ee5-71ae-4e0d-8324-949376d44774} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB5DC5A5-F162-4B48-BBF6-3DDC62836285} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7be88cbc-6d7b-4a98-857e-6c65523b813f} SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68A91F35-47DB-44D7-9D28-E67984E6DD79} SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr {5FCD13AC-B899-4EF7-BD3E-C959EFBFB753} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{242fe30b-f264-49b8-9ac1-3095389fba03} {E7683750-B89A-402F-8F22-EBF3DA3F70C2} {32E451A3-6C66-412C-8F6E-65778F016BC6} MICROSOFT\WINDOWS\CURRENTVERSION\RUN\lcqhujwt.dll Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B0FCA45-023B-452A-B893-D007523A9ED8} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90a0468b-3120-48fc-8aa1-378d2a4228db} {037C7B8A-151A-49E6-BAED-CC05FCB50328} Microsoft\Windows\CurrentVersion\Explorer\Browser Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b27b1d3-b168-4d26-a135-9f44ae91793f} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A51F62AE-D855-44B8-BB71-352C69FBF257} HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec201117-1dbc-441f-9b43-539c0d451d2e} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EE72649-B573-4366-A879-54A96A61C27D} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f6cf36c-f0e1-45e8-83f3-6b47bd627cdd} A05DA7E0-383C-4E99-A72A-742050A152A2 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{804B913C-F0BD-4FC0-8D86-2A8DE2F682B2} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14315df3-d035-49e2-949b-ae8c2a23c739} D714A94F-123A-45CC-8F03-040BCAF82AD6 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB5A3EDC-08DA-48D4-BD49-AC53308B64DC} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037E77C2-A153-4A29-8D9A-16A031629FFd} 83B28A74-640D-48F4-9F51-E80EED7CC7E0 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F138F81-F2CA-4ED9-B600-6C3C68EADF75} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e43f6db8-d6dd-40b0-bfce-80a032475332} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbBRKD Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49a5d05d-e4a9-4670-8c4d-4099031c1453} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkihih Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2a4374d-86be-4a53-96aa-de8d5c353558} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D1390B-75E8-445C-A99D-3340E08FD4C5} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9f2d698-4bb7-4b32-9059-e9b7bb328337} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{135B4804-7728-4137-B6D8-5CC590110C9D} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a7a4957-9298-4605-9872-24da8a514db6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b7bdb9-8798-4b86-a3c7-c3ba8069b2eb} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcCtsqQ Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00CDF52 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C988A1BF-D300-4A4C-9A63-AFDF23671052} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxurop Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DDB071D-FE54-4B5C-B577-380F3DDFF000} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32E451A3-6C66-412C-8F6E-65778F016BC6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cab59b4-55a3-4737-9fd5-b93c6430bf76} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60EDCEE2-B6AF-4F2E-BB15-14F101364B47} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01178AD0-E0BA-4624-A2A7-2FF828A80844} D01C9902-73AF-47FF-B784-05FDB6604FCF C78658B2-CDE5-4FD1-B73B-B9FF478DBE54 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A788655C-054E-4A69-98A2-7BD92BE3D87F} {499E5F81-EBE0-4D08-818D-3E88B0A13542} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84178bfa-b729-48a8-af52-836f668dc7e8} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88e08cea-356c-47ac-9c50-d5c82f50da13} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5248db72-612a-4475-b7c8-275de6aec6cb} {11EDF9E4-A3CE-44B8-8DBB-64948F77B808} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7683750-B89A-402F-8F22-EBF3DA3F70C2} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c7e20d1-e787-4e3b-8dac-a7687d1899ff} MICROSOFT\WINDOWS\CURRENTVERSION\RUN\64c4ba4d Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkKaxW MICROSOFT\WINDOWS\CURRENTVERSION\RUN\BM770c079a Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{135B4804-7728-4137-B6D8-5CC590110C9D} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d58f285-10b4-48d5-a378-63102081359e} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B522498-4803-4A8D-A297-46AE273C44A6} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFA0E487-277F-4C2D-A509-EE12E51D03EC} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{c4af9043-91cb-4110-bcf3-baef0399de39} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AFFCBA64-651F-43DD-97BC-684C179618A5} MICROSOFT\WINDOWS\CURRENTVERSION\RUN\44d72 Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmKDtU Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed43d6be-defb-4730-97c0-da140791547d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87C4EC40-45E0-4795-8468-ED8F87056A59} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\c00488D9 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{111479C2-D213-4ACA-899F-DDC6FE2A637B} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b759fdbe-71e0-48b3-8d24-698371c66e6c} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef5aa5e-1743-4644-bc53-d9051958a72b} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtUkhETm Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E9C4F4-43D5-41FF-9BE8-8847AFC260C4} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{60EDCEE2-B6AF-4F2E-BB15-14F101364B47} {F24F5951-B29D-49B0-9BB3-BE6818CA6940} HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b299062f-1444-40af-b413-1b0b0d774129} MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\c005B556 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29681927-b22c-4eea-b7c0-4a34fb62529e} Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyywTMD Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdfbb87c-0d5f-48b3-bf4a-2f5c3db9b0de} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06718dd-b23e-4c0f-bcd8-24bcdc5e2df4} D38439EC-4A7F-42b4-90C2-D810D7778FDD Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04e6699f-53a0-4c02-aefd-7bfff3835ea2} SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno HKEY_LOCAL_MACHINE\software\targetsoft {111479C2-D213-4ACA-899F-DDC6FE2A637B} SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C988A1BF-D300-4A4C-9A63-AFDF23671052} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6473971-cbf4-49ab-96a1-74b92d63f718} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF209DB6-29BB-4F8B-84E8-2056EA999610} {9F138F81-F2CA-4ED9-B600-6C3C68EADF75} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71A4297F-F337-45B4-9B5C-4D6EE32AC45B} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{505964f0-9ad9-41a7-9ffb-49c060d720ce} {7DDB071D-FE54-4B5C-B577-380F3DDFF000} 13589181-4f0d-4553-b9f8-b4b72172c139 Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453F51E8-FEF5-4C54-B136-944BF434360C} {A1C50067-D883-45F4-B991-D5FAAAA4CAB1} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a2fa032-bb09-4ef3-9ec0-bafb1412cb8e} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1764AF3F-400C-415E-9A92-67A7D55C2C71} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5102b002-845b-4545-8c80-fdf9cf4a910b} Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A29271-C03A-4BEC-BE00-CC4F54BBCC7A}
If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
Remove VirtuMonde Directories.
To find infection directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.
Search and delete the following directories:
There are no directories.

Right-click on the named folder and select Delete.
A message will appear saying ‘Are you sure you want to remove the selected folder and move all its contents to the Recycle Bin?’, click Yes.
Another message will appear saying ‘Renaming, moving or deleting a folder could make some programs not work. Are you sure you want to do this?’, click Yes.
To remove VirtuMonde icons on your Desktop, drag and drop them to the Recycle Bin.

You’ve completed the manual removal instructions!
I hope this article has helped you solve your problems. If you want to contribute to this article, post your comment below.

Disclaimer

Read Other Related Posts

Did You Find this Article Helpful?

Subscribe to Spyware Techie for more!

Or get latest articles to your via email:

1 Comment so far

mkmiah on December 3rd, 2007

Hi there i tried the automatic removal technique but it seems that the virus is still on my computer as when i restart the compter, the privacy tab in internet exporer properties always sets the cookies to zero. I have removed the virtumonde trojan about five times with windows defender but it seems to come back every time i reboot, i am no computer wizz so can’t follow the manual removal guide. Can someone tell me what i should do as i’ve tried the automatic removal four times now but no hope. Also when it says that wininet.dll will be checked for infection on the guide, well when i tried, it didnt check for infection. Heres is the rapprt.txt:

SmitFraudFix v2.257

Scan done at 16:42:33.54, 03/12/2007
Run from C:\Documents and Settings\my name\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] – Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing process

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

127.0.0.1 localhost

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winsock2 Fix

S!Ri’s WS2Fix: LSP not Found.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Generic Renos Fix

GenericRenosFix by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting infected files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting Temp Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“System”=”"

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Registry Cleaning

Registry Cleaning done.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

Trackback URI | Subscribe to the comments through RSS Feed

VirtuMonde Removal Guide

Do you know what VirtuMonde is?

VirtuMonde Automatic Removal Instructions

VirtuMonde Manual Removal Instructions

VirtuMonde Removal Guide Automatic Removal Instructions

VirtuMonde Manual Removal Instructions

Read Other Related Posts

Did You Find this Article Helpful?

1 Comment so far

Leave a reply

Search

Top Threats

Syndicate

Featured Video

Recent Articles

Categories

Archives

Feed on