2009-04-08

Delete Virtumonde


How to Delete Virtumonde(3)


Advanced Instructions for Windows XP


The above steps may not work for everyone, because Virtumonde is very difficult to eradicate. But, it also may be a last resort to avoid having to reload the computer and lose all your programs and data.


1.Download the Google Pack with PC Tools Spyware Doctor (free edition) [Note: you may have mixed results with other virus programs. For example, AVG did not detect Virtumonde for me.]


2.Install and run Spyware Doctor [or other virus program] - it should detect Virtumonde


3.If it detects Virtumonde, try "Fix" - it will partially but not completely remove the infection


4.Physically disconnect from the internet (disconnect the ethernet cable, and if you have Wi-Fi, turn off or disable the radio), and reboot


5.Run PC Tools Spyware Doctor [or alternate virus program] again.


6.If still infected, note the Registry key locations that are infected. Write down the names of any *.dll file associated with the infected registry keys.


7.Run regedit (Start / Run / regedit), and search for the infected keys. Write down the names of any .dll files associated with all the infected keys (they should include some of the dll files found in the above step). The infected dll's will often be indicated by "rundll filename.dll, s". The infected dll files will have 8-character random names, and will be in the Windows\system32 directory.


8.After deleting the infected keys, Exit to save the new registry entries.


9.Unfortunately, at least one or two of the infected .dll's will still be running and generating more infected dll files and registry keys. You can browse to \Windows\System32 (be sure to enable displaying Hidden and System files in Explorer). You can try deleting or renaming the infected dll files, but you won't be able to delete the ones that are actively running.


10.To delete all the infected dll's, you will need to Reboot using a Windows XP Install CD disk. (You can't use normal Windows nor Safe Mode to delete the infected files because the you will get "Access denied" when you try to delete a running .dll file).




the article source:http://www.wikihow.com/Delete-Virtumonde
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
My Zimbio
Top Stories