Delete Virtumonde

How to Delete Virtumonde(4)

Advanced Instructions for Windows XP

11.Select the option for Repair/Rebuild using Command line

12.Select the infected boot disk (e.g. C:\WINDOWS) and enter the computer's original admin password

13.Enter "cd C:\WINDOWS\System32".

14.Use the "dir filename.dll" command to show the suspected infected dll files. Most dll's will be old, but infected files will have a date of the infection. They will be hidden systems files.

15.Delete each infected file ("del filename.dll") or rename them if in doubt ("rename filename.dll newname1.dll"). I personally deleted the infected files without any bad effects, but if you delete a file that is actually one needed by the OS, it could cause your system not to operate properly.

16.Enter "dir *.dll" to review ALL dll files in the system32 directory. Write down any suspicious files - those with the date of the infection that are 8 random characters. You may well find a few more that you were unaware of in previous steps.

17.Delete or rename the suspicious files as described above.

18.Reboot normally and repeat steps 5-17 as necessary. It may take a couple of attempts, because Virtumonde constantly generates new infected files with random names and places them in the registry and in the System32 directory.

19.If successful, you will be able to run your virus program (e.g. Spyware Doctor) several times in a row after rebooting without it reporting a new infection. Re-connect the internet and celebrate!

the article source:http://www.wikihow.com/Delete-Virtumonde