NOD can't get rid of VirtuMonde!

I got infected by the Virtumonde virus which loads two files called yayVNDuT.dll and ddcAsRhi.dll.I also use Winpatrol and these to files kept requesting to start up which I stopped with Winpatrol but they kept on popping up every few seconds or so anyway.NOD detected them also so I ran a scan and NOD found them but couldn't remove them but informed me that a reboot was needed and it would clear them on restarting my PC.NOD couldn't get rid of them so I tried Webroot Spysweeper,Ad-Aware and Spyhunter all these programs detected the problem but couldn't get rid of the files either.I then installed AVG and it detected and got rid of the file after doing a reboot.Maybe after this NOD licence has ran it's course I might have to look seriously at AVG.Virtumonde is a pig of a virus and hard to remove ,maybe this information might save someone a bit of time in the long run.I installed Eset Security Suite don't know if that will make any difference though.Sorry to be so long winded.

 

Did you submit the file to Eset? Sorry to be so brief.

 

Yes I did a coupe of Days ago.
Thanks

 

I'd suggest removing the Virtumonde dlls using Undll.

 

Thanks very much for the program.I did get rid of the files with AVG but will keep this program in the event I have a problem at a later date.

 

The thing about Virtumonde/Vundo is that it hooks its DLLs into winlogon.exe and thus loads itself at bootup before most other programs, such as antivirus software. I haven't tried it with NOD32 specifically, but many scanners have a better chance against it when scanning under safe mode.

On a side note, it looks like AVG is going from strength to strength as well.

 

Did you use the free version of AVG or the paid version?
I'm asking because the free version does not protect against infected web pages.

 

I used the full version not the free one.

 

AVG's realtime monitor can detect infected web pages perfectly fine when they get saved to the browser cache. There's also the LinkScanner feature, which provides very good web protection.

 

If AVG can remove this virus, then NOD with it's supposed improved cleaning functionality, should be able to as well, without the need for a separate DLL remover.

 

Unloading an already injected dll may result in serious problems, such as BSOD. I doubt any AV would do that in real time.

 

may be the "supposed improved cleaning functionality" isn´t really improved

 

The original poster mentioned that AVG successfully cleaned the files after a reboot.

 

The cleaning in v3 is definitely improved . I have made a comparison between v3 and 2.7 . For a trojan file , which both detect and remove successfully , 2.7 will ask you for a reboot . Verison 3.0 will terminate the proccesses and delete the files without a reboot. 2.7 will delete the files after reboot.

Cleaning is v3 is much more automated by default than the one in v2.7

 

...And that NOD couldn't remove the files after a reboot.

I don't expect perfection out of NOD or any other AV product, and in fact, I'm a happy user, but I do hope that the product CAN remove popular viruses in the same way other (free) products can, without having to resort to a download of a tool from someone on a web forum.

If all AV products require a third party tool like Vundofix to get rid of Virtumonde variants, then it's OK if NOD needs one as well, but if many can eliminate Virtumonde without a separate tool, then I would hope NOD could as well.

 

Yes it is indeed

It is appreciated

Just an FYI that if support is needed in the future for the Suite, it's forum can be found here.

Having said that and beings there is no support issue in regards to this thread, we'll bring this one to a close and Thank You for the info you shared.

Regards,
Bubba