best free Virtumonde remover?

I have a buddy that has Virtumonde on his system. Is there an updated removal tool for this somewhere? Will SAS remove it?

thanks

 

VundoFix and VirtumondeBegone if I remember rightly. Yes SAS has rules to remove it although the infection changes.

 

Most AVs are having a hard time removing Vundo, especially the file-infecting one. Tell him to scan with Kaspersky, SuperAntiSpyware and VundoFix/VundoBeGone. If those applications/tools can't remove it, post a hijackthis log here.

thanatos

 

will do, thanks

 

Combofix, Kaspersky AVP, SAS, and Vundofix should be able to nuke the infection(s).

 

Apparently VundoFix got rid of it. I checked VundoBeGone and NOD32 shot up a red flag. But anyway it looks like VDF got rid of it, so he says anyway...I guess we'll see.

 

It is normal. Since VirtmundoBeGone kills processes, NOD32 sees it as a risk tool. A process killer can be used for the good or the bad. However, that doesn't matter to an AV, it's just doing its job ---- detect and remove threats.

thanatos

 

With reference to the canned fix's it pays to bear in mind that they as the blacklist scanners have to be kept updated with new variants as they appear ITW.

FWIW the latest Vundo evolution(Vundo.Type.V/File infector) can only be fully whacked and recovered by Combofix + custom script. If any of the others attempt disinfection it will leave the victim/Tech with some real fun and games restoring corrupted software values

 

Vundo/Virtumonde spyware has morphed into many different versions and not one single remedy will work on all types. Vundofix will work with the "classic" forms of Vundo spyware (it worked fine for me). It unfortunately depends on what type of Vundo infection that you have.

 

When this polymorphic Vundo/Virtumonde spyware installs itself on my system, I offer it 2 ways to die and it won't be VundoFix or VundoBeGone.

 

I got it once and got rid of it by going back to a previous restore point.

 

I just cleaned up one of these a couple days ago, pesky bugger.

Vundo is the new coolwebsearch

 

Yes, I use a similar method with FDISR (fast removal), the second way is restoring an Image with ShadowProtect (slow removal).
The advantage is that both methods will ALWAYS work , no matter how many versions Vundo will have in the future. My guess is that all these Vundo removal tools need to be adjusted and updated constantly to remove new versions of Vundo and that is a neverending story, just like CWS. I don't like such solutions, they require too much work and I'm lazy.