Virtumonde Adware

I just spent the last two days trying to eliminate Virtumonde on my PC. It was a very amazing little bastard. It effectively took out my ability to do any kind of search using google or yahoo or anything related to searches on the Internet.

I use Comodo Firewall with Comodo Defender AND ESET NOD 32. The file I got it from was scanned (I have the latest updates) and no warning came from the scan. And I have the scan setting on the highest paranoid level you can get. When the PC got infected, the ESET detected the threat and prevented it from opening up the webpage.

After many using many different attempts with programs to eliminate it, I used Combofix to finally cure the virus.

The problem(s) I have with this is:

1. Why wasn't the virus detected during the scan?
2. Why couldn't the program get rid of the virus once it was detected?
3. Why doesn't the ESET knowledge base come up with any hits when I type in Virtumonde?

From what I can gather from google searches, this is a pretty well-known virus. I know no virus scanner is 100%, but this is the first time in 13 years that I have gotten hit with a virus after scanning the downloaded program.

 

The problem is that there are so many Virtumonde's variants, no AV can detect them all as new ones appear at every minute.

 

Virtumonde is quite resistant to remove. You can use Undll to remove an already injected Virtumonde dll.