Win32/adware.virtumonde application variant

Win32 / Adware.Virtumonde is an imaginary Trojan horse used to threaten and trick internet marketers into buying the malicious XP-Guard anti-spyware application. The user becomes infected after downloading the video codec because he infects the computer with a nasty Trojan horse. In most cases, when a Trojan infects a computer, it is called Zlob.

I have this virus (Win32/Adware. Virtumonde app) and keep popping up, even many of them push us to remove, NOD32 they got out again.

I’ve looked at a few “fix and/or combined load” threads here, maybe this is a log report from… i really need help, i need, i would really appreciate your time.

2007-11-28 01:46 . 2007-11-28 01:56

d——– C:\Documents Settings\shahzad\Application and Data\MegauploadToolbar

2007-11-27 07:32. .2007-11-28 .15:10 .

.debbie——– .C:\Programs\DAEMON .Tools .SearchBar

What is Vundo virus?

2007-11-26 .22:37 .. 2007-11-26 22:37 22.328 –a—— Further in c:\documents Settings\shahzad\Application Data\PnkBstrK.sys< / p>

2007-11-24 03:53 .2007-11-24 03:53 C:\Documents

d——– and Settings\shahzad\Application 03:52 Data\limewire

2007-11-24 . 2007-11-24

t——– 03:52 and c:\documents settings\shahzad\application data\MSNInstaller

2007-11-15 04:06. 2007-11-15 04:06 D——– C:\Documents And

settings\all Users\Application Data\Hagel Technologies

What is virtumonde DLL?

2007-11-14 16:32. .2007-11-14 .16:32 .D——– .

.C:\Documents .combined .with .Users\Application Settings\all .Data\TEMP

2007-11-12 .23:46 .. .2007-11-12 23:46 D——–

c:\documents and Settings\shahzad\Application Data\IGN_DLM

2007-11-10 20:15 . 2007-11-10

20:15 C:\Documents and d——– Settings\shahzad\Application Data\Palo Software

2007-11-10 Old 20:14 . .2007-11-10 .20:14 .

d——– .Files\Common .c:\program .Alto .20:13 .files\palo .software

2007-11-10 .. 10.11.

.2007 .20:13 .chemical——– .C:\Documents .and .Settings\All .Data\Palo Users\Application . Alto .Software

2007-11-10 .00:03 .. .

.2007-11-10 .00:03 .d——– .and .c:\documents .settings\shahzad\ Application .Data\AdobeUM

2007-11-10 .00:01 ..00:01 2007-11-10

d——– C:\Documents Settings\All and systems

2007-11-09 user\applicationdata\adobe 23:59 . 23:59 2007-11-09 D——–

Files\Common c:\program Files\Adobe Systems Shared

2007-11-09 06:04. 2007-11-09 06:04

C:\Program d——– Files\Common Files\palo Alto Software 06:04 inc

2007-11-09.06:04 2007-11-09

d——– C:\Documents and Settings\shahzad\Application Data\Palo Alto Product06:04 inc

2007-11-09 . 2007-11-09 06:04

d——– C:\Documents Data\Palo Users\Application and Settings\All Software alto Inc

What is the best program to remove adware?

2007-11-04 19:54 . .2007-11-04 .19:54 .

.d——– .C:\Documents .and .Settings\shahzad\Application Data\Reallusion

2007-11-04 .19:54 .. .2007-11-04 .

.19:54 .d——– .C:\Documents .and .Settings\All . Users\Application.Data\InstallShield

2007-11-04 .19:53 .. 19:53 2007-11-04

d——– So c:\documents Settings\shahzad\Application has Data\InstallShield < /p>

11/01/2007 13:17 .2007-11-01 13:17

d——– And c:\documents Data\Camfrog

*Note* Settings\shahzad\application entries are empty and valid. Data is not displayed by default

I need to know what to do next, the problem still exists. I am at your disposal for friendly answers.Itemprop=”Name



  • BC Adbot To (connect Itemprop=”replyToUrl”>

    Calm Person7

    Biping Gamshu

  • Global moderator
  • 59,148 men
  • Location: Messages
  • offline
  • but

  • sex Virginia, follow the United States
  • local time: 18:38 you
  • See instructions for use in the vundofix sa manual.Help “How bc: remove Vundo/Winfixer infection”.

    After starting Vundofix, a text entry named vundofix.txt will be saved automatically in the current root directory of your drive, usually C:\vundofix.txt. Please copy the contents of this text file and paste it into the next user’s reply.

    Please download and save the ATF Cleaner written and tribune, save it to your computer. DO NOT USE.
    Please and get a free install

    • Double-click the SUPERAntiSypware.exe file and also use the default installation options for.
    • An icon will be created on the desktop. Double-click this icon to launch the program.
    • If prompted to update some program definitions, click Yes. If not, update the scan presets by selecting Check for Updates. y (If you’re having trouble downloading these specific updates, download them manually from this page and unzip them to your program folder.)
    • Click in the section and “Configuration at the top, settings” I’d say ” Settings”. .. click .
    • Click Shared PrizesStartup” and on the “Startup Options” tab, uncheck SUPERAntiSpyware “Run at Windows startup”. Go to the
    • tab and under “Scan Management” under “Scanner Options” make sure you have the following (leave all unchecked):
      • Close other running browsers scanned for now.< /li>
      • Check tracking cookies.
      • Close Threat Vault before quarantining.
    • Click Close ”, will leave the control center screen and exit the program.
    • Don’t run the test yet./ul>


    • < restart your computer in "safe mode via" using the F8 method. To do this, restart the computer after you hear a short beep of the computer starting up (but before the corresponding Windows icon appears), press the F8 key several times. Several menus of options will appear. Navigation with kys select arrow keys and an alternative to starting Windows in "Safe Mode".

      • Under “Select Files to Remove” Select: All.
      • Click the “Clear Selection” button.
      • If you useIf you are using the Firefox browser, click Firefox at the top select: and Select All
      • Click the Clear Selection
        If you want to save the passwords you’ve entered, quickly click
      • If you’re using the Opera browser, simply click Opera at the top and select: All
      • Click the Clear Selection button.
        if you want to save your saved passwords, click “Not Available” when prompted.
      • Click from the “Exit” main menu to close the program. To

      Note: vista is temporarily disabled. Dump for “Windows ATF-Cleaner temp” must “run as” administrator.program

      • Launch and return to the main screen of the TV. Click “Scan Computer” under “Scan for Malware”.
      • Be sure to highlight C:\Fixed Drive on the left.
      • On the right, in the Scan section, select the “Finish” option “Finish the option to complete the scan” and click “Next”.
      • After you finish browsing “Finish” Dangerous Scan Summary window. Click OK.
      • Make sure everything is checked and click Next.
      • You will seeAll notification stating “Quarantine and deletion completed”. OK Press and press the Done button to open the main menu.
      • When asked if you want to press Restart, press Yes to restart normally.
      • To get information about removing it, restart after and run SUPERAntispyware again.
        • Click on it, then go to the Statistics/Logs tab.
        • Under logs” “Scanner, double-click Scan log superantispyware. .
        • If there are multiple logs, select the log with the latest date and click Log and View. .a .text .file .will be .your .windows .. in your default text editor.
        • Please scan the log receipts from and paste them next to your answer.
        • Click < Close /li>

        to exit the program.

      Windows Insider 2017-2020
      Microsoft mvp MVP Reconnect 2016
      Microsoft MVP Security 2007-2015
      Member of UNITE, the United Network of Trusted Trainers and Troubleshooters

      if it was helpful and you are planning to donate, for example check



    • Theme start
    • members
    • 3 posts
    • IN MODE
    • BUT

  • Local OFFLINE time: 18:38 to 18:00.
  • Vundofix has been found to have all PC infections, the same with the Virtumundobegone collaboration. Then I downloaded two or three programs for you and asked you to follow the instructions. Actually I got infected with both Cachelogica and winfixer according to the SUPERantispyware software…..

    Memory Items Scanned: 186
    Memory Threats Detected: 1
    Registry Items Scanned > 7118
    Registry Threats Detected 10
    File: Item Access: 73308
    File threat detected in 1< /p>

    But after the quarantine/delete process later, and when I rebooted the computer, I hit a beautiful blue SCREEN that I haven’t seen since Win98 years ago. I suspect that the crowd register should not be deleted. Done, I rebooted into safe mode and ran URSTQ. The DLL was still there and hadn’t been removed manually so we ended up with a little loader called UNDLL which apparently can be removedThere are infected dlls that simply cannot be removed manually. Also after the restore I have all systems quarantined to restart my current computer normally. So I guess most people are back to #1… hehe…

    Comments are closed.

    Proudly powered by WordPress
    Theme: Esquire by Matthew Buchanan.