NOD can't get rid of VirtuMonde!

Discussion in 'ESET NOD32 Antivirus' started by trebla, Apr 26, 2008.

Thread Status:
Not open for further replies.
  1. trebla

    trebla Registered Member

    Joined:
    Nov 11, 2004
    Posts:
    47
    I got infected by the Virtumonde virus which loads two files called yayVNDuT.dll and ddcAsRhi.dll.I also use Winpatrol and these to files kept requesting to start up which I stopped with Winpatrol but they kept on popping up every few seconds or so anyway.NOD detected them also so I ran a scan and NOD found them but couldn't remove them but informed me that a reboot was needed and it would clear them on restarting my PC.NOD couldn't get rid of them so I tried Webroot Spysweeper,Ad-Aware and Spyhunter all these programs detected the problem but couldn't get rid of the files either.I then installed AVG and it detected and got rid of the file after doing a reboot.Maybe after this NOD licence has ran it's course I might have to look seriously at AVG.Virtumonde is a pig of a virus and hard to remove ,maybe this information might save someone a bit of time in the long run.I installed Eset Security Suite don't know if that will make any difference though.Sorry to be so long winded.
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Did you submit the file to Eset? Sorry to be so brief.;)
     
  3. trebla

    trebla Registered Member

    Joined:
    Nov 11, 2004
    Posts:
    47
    Yes I did a coupe of Days ago.
    Thanks
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest removing the Virtumonde dlls using Undll.
     
  5. trebla

    trebla Registered Member

    Joined:
    Nov 11, 2004
    Posts:
    47
    Thanks very much for the program.I did get rid of the files with AVG but will keep this program in the event I have a problem at a later date.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The thing about Virtumonde/Vundo is that it hooks its DLLs into winlogon.exe and thus loads itself at bootup before most other programs, such as antivirus software. I haven't tried it with NOD32 specifically, but many scanners have a better chance against it when scanning under safe mode.

    On a side note, it looks like AVG is going from strength to strength as well.
     
  7. Paradyne

    Paradyne Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    11
    Location:
    Texas
    Did you use the free version of AVG or the paid version?
    I'm asking because the free version does not protect against infected web pages.
     
  8. trebla

    trebla Registered Member

    Joined:
    Nov 11, 2004
    Posts:
    47
    I used the full version not the free one.
     
  9. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    AVG's realtime monitor can detect infected web pages perfectly fine when they get saved to the browser cache. There's also the LinkScanner feature, which provides very good web protection. :thumb:
     
  10. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    If AVG can remove this virus, then NOD with it's supposed improved cleaning functionality, should be able to as well, without the need for a separate DLL remover.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unloading an already injected dll may result in serious problems, such as BSOD. I doubt any AV would do that in real time.
     
  12. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    may be the "supposed improved cleaning functionality" isn´t really improved:D
     
  13. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    The original poster mentioned that AVG successfully cleaned the files after a reboot. :thumb:
     
  14. ASpace

    ASpace Guest


    The cleaning in v3 is definitely improved . I have made a comparison between v3 and 2.7 . For a trojan file , which both detect and remove successfully , 2.7 will ask you for a reboot . Verison 3.0 will terminate the proccesses and delete the files without a reboot. 2.7 will delete the files after reboot.

    Cleaning is v3 is much more automated by default than the one in v2.7
     
  15. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
    ...And that NOD couldn't remove the files after a reboot.

    I don't expect perfection out of NOD or any other AV product, and in fact, I'm a happy user, but I do hope that the product CAN remove popular viruses in the same way other (free) products can, without having to resort to a download of a tool from someone on a web forum.

    If all AV products require a third party tool like Vundofix to get rid of Virtumonde variants, then it's OK if NOD needs one as well, but if many can eliminate Virtumonde without a separate tool, then I would hope NOD could as well.
     
    Last edited: Apr 27, 2008
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yes it is indeed :blink:
    It is appreciated :thumb:
    Just an FYI that if support is needed in the future for the Suite, it's forum can be found here.

    Having said that and beings there is no support issue in regards to this thread, we'll bring this one to a close and Thank You for the info you shared.

    Regards,
    Bubba
     
Thread Status:
Not open for further replies.