best free Virtumonde remover?

Discussion in 'other anti-malware software' started by acr1965, Jan 14, 2008.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have a buddy that has Virtumonde on his system. Is there an updated removal tool for this somewhere? Will SAS remove it?

    thanks
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    VundoFix and VirtumondeBegone if I remember rightly. Yes SAS has rules to remove it although the infection changes.
     
  3. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Most AVs are having a hard time removing Vundo, especially the file-infecting one. Tell him to scan with Kaspersky, SuperAntiSpyware and VundoFix/VundoBeGone. If those applications/tools can't remove it, post a hijackthis log here.

    thanatos
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    will do, thanks
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Apparently VundoFix got rid of it. I checked VundoBeGone and NOD32 shot up a red flag. But anyway it looks like VDF got rid of it, so he says anyway...I guess we'll see.
     
  7. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    It is normal. Since VirtmundoBeGone kills processes, NOD32 sees it as a risk tool. A process killer can be used for the good or the bad. However, that doesn't matter to an AV, it's just doing its job ---- detect and remove threats.

    thanatos
     
    Last edited: Jan 15, 2008
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    With reference to the canned fix's it pays to bear in mind that they as the blacklist scanners have to be kept updated with new variants as they appear ITW.

    FWIW the latest Vundo evolution(Vundo.Type.V/File infector) can only be fully whacked and recovered by Combofix + custom script. If any of the others attempt disinfection it will leave the victim/Tech with some real fun and games restoring corrupted software values:'(
     
  9. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Vundo/Virtumonde spyware has morphed into many different versions and not one single remedy will work on all types. Vundofix will work with the "classic" forms of Vundo spyware (it worked fine for me). It unfortunately depends on what type of Vundo infection that you have.:mad:
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    When this polymorphic Vundo/Virtumonde spyware installs itself on my system, I offer it 2 ways to die and it won't be VundoFix or VundoBeGone. :)
     
  11. Thiggy

    Thiggy Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    82
    I got it once and got rid of it by going back to a previous restore point.
     
  12. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    I just cleaned up one of these a couple days ago, pesky bugger.

    Vundo is the new coolwebsearch
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I use a similar method with FDISR (fast removal), the second way is restoring an Image with ShadowProtect (slow removal).
    The advantage is that both methods will ALWAYS work , no matter how many versions Vundo will have in the future. My guess is that all these Vundo removal tools need to be adjusted and updated constantly to remove new versions of Vundo and that is a neverending story, just like CWS. I don't like such solutions, they require too much work and I'm lazy. :)
     
    Last edited: Jan 17, 2008
Loading...
Thread Status:
Not open for further replies.