I have this really bad virus on my computer. According to SpyBot S&D this is what it is:

Description
Virtumonde copies itself to the system folder and creates a browser helper object (BHO). Virtumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. If you need help with removal please contact Team Spybot S&D via forums or email. These rules have been created based on the list of castlecops (http://www.castlecops.com/CLSID.html), thanks to Paul and Tony!!!

Everytime I restart my computer it comes back! How do I get rid of this?
It's called a "Virtumonde.generic" trojan.

:confused::eek::(:mad:

Wow. What do you do all day? You definitely have the most questions of anyone I've ever seen, as well as the Most problems with things.

Granted, that's NOT necessarily a BAD thing, It's good to be curious about things, and Eager to Learn new things. And, Of course, Those sometimes come with their share of problems. ;) Believe me, I've had my share of problems.

Gotta Love Google. Basically, if I have a problem with Spyware or Something Like this, I Google it.

Like, For instance, with this, I'd search for:

Virtumonde +Removal or something like that.

There are several Howtos there. A few down, there's a Program someone wrote that is posted on Ad-Aware's Forums that Automatically Removes it:

http://www.lavasoftsupport.com/index.php?showtopic=4031

Give that a Try. :)

Hmm... seems they've incorporated it into Ad-Aware... I'll try running a scan with that and see what happens.

Hmm... seems they've incorporated it into Ad-Aware... I'll try running a scan with that and see what happens.

Yeah, I didn't read that far down the page. Seems it is now.

Didn't detect it... I got the latest updates and everything...

Well, Try Running that Program that is on the Page I sent you, instead of From the Ad-Aware Program.


Fail. My Internet Connection is being Iffy.

*Waits for Google to Even TRY To Respond*

*Mutters Profanities Under His Breath. Walks Upstairs to Reboot Modem*

*Stares with Anger at Modem Status Page, which Says "No DSL Connection"*

Sorry, My Connection is a POS. I've had a 70+% downtime over the past few days, and a 50-60% downtime Periodically for the past 6 Months, although I do have occasions where It'll only have a down time of about 5-10% once in a while.

*Turns off Modem AGAIN for 5 Minutes*

Okay, I'm giving this a few more minutes, then I'm going upstairs, with my Laptop, and Using the PHONE line and using DIAL UP.

Alright. Dial Up Time. !!!!!

Nevermind, it finally came back. For the time.

Anyway, Forget the Mumbling and Complaining about the Internet:

Give this a Try: http://securityresponse.symantec.com/avcenter/FxVMonde.exe

Here are Supposed Manual Removal Instructions, if the Need Exists:


VirtuMundo manual removal:

Kill processes:
sysupd.exe, windowsupd1.exe

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\SysUpd
HKEY_CURRENT_USER\Software\Microsoft\WindowsUpd
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SysUpd
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysUpd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpd

Delete files:
sysupd.exe, windowsupd1.exe

Misc:
Filenames may vary.

VirtuMundo files usually can be found in main system directory C:\Windows or C:\Winnt.



If you still can't get rid of it, Run HiJackThis (http://www.merijn.org/files/HiJackThis_v2.exe), and Paste the Log File in here

SmitFraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) is also another Thing you Could Try. Running all of these in Safe Mode might be an Idea, as you'd have less chance of having problems removing them. Use Safe Mode with Network Support, though.

It's fun trying to help with things like this. Especially when you haven't personally Experienced them. I'm offering things that others have said does the Job. So, Hopefully one of them will. Some of them are also things I've used for Various Things in the past, but they're all things that WILL supposedly work for this SPECIFIC thing.

I used the SmitFraudFix program, it seems to be working. I'm running others though, just to make sure.

I know how to fix it download this http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe And update it then do a Complete System Scan When it's done click on Apply all actions!
If that does not work go to the Analysis on the AVG Anti-Spyware and see if you can find it on the list; If you do click on it and then click on Remove Object(s)
That will fix it!!