tds-3 scann.... c:\windows\system32\winlspak.dll ???

Discussion in 'Trojan Defence Suite' started by Griogair, Nov 18, 2004.

Thread Status:
Not open for further replies.
  1. Griogair

    Griogair Registered Member

    Jun 3, 2004
    kilmarnock, scotland

    i ran tds-3 and uncovered a number of problems,all of which i deleted..apart from 1 called 'Adware VirtuMonde' o_O which would not delete....does any1 have any ideas??

    griogair!!! :D
  2. snapdragin

    snapdragin Administrator

    Feb 16, 2002
    Southern Ont., Canada
    Hi Griogair,

    Pieter Arntz has a write-up in the link below for a list of the files involved along with several links with removal instructions at the bottom of that post:
    (See Post 30 - VirtuMonde aka Troj/AgentSpy)

    Several variants of VirtuMonde are detected and removed by anti-spyware programs, one being Ad-Aware SE Personal, which I believe you have a copy of. Please make sure it is up-to-date. You can try scanning with Ad-Aware while in Safe Mode and disconnected from the internet, fix what it finds, reboot your computer normally, then do another scan and see if anything more is detected.

    Winlspak.dll is a malware file and part of Virtumundo adware. It puts itself in the LSP chain and will need careful removing if the anti-spyware programs did not remove it successfully.

    Since some of the variants of this adware/malware do monitor their registry keys, they can reinstall them if not completely removed from the system. I also noticed you had had an earlier problem with VX2, which can also be difficult to remove completely. The best suggestion I can give you would be to go to one of the sites that do HijackThis log analysis and spyware cleaning, and follow up there with posting a log for review.

    As you know we no longer do HijackThis log analysis and adware/spyware cleaning here at Wilders, but you can find a list of sites that still do HijackThis review in this Announcement post.

    TDS-3 does detect some adware/spyware now, so if you could also submit the files to they can add them to their database for detection.


Thread Status:
Not open for further replies.