Virtumonde Attacking the Web

Virtumonde Trojan demonstrates that contemporary antivirus protection leaves much to be desired. This malware seems to have been specially created to make popular security programs look imperfect. Some are able to detect the infection, but cannot remove nor quarantine them.

At a closer look Virtumonde is nearly a perfect virus. It self-protects, monitors the system memory of the infected computer, randomly names its malicious files, and integrates with Windows critical processes.

This Trojan is responsible for adware pop-ups, redirecting browsers to websites with ads and malicious scripts. Virtumonde is able to change the desktop background (wallpaper), screensaver, and disable some tabs of Desktop Properties. Besides, some variations of the trojan are capable of disabling Task Manager and Registry Editor thus making everything to prevent its successful removal.
Virtumonde loads a .DLL file into memory to ensure it's always up and running. A special module watches the environment inspecting the processes, and puts the virus back into memory whenever any program (e.g. antivirus) tries to close it.

Self-restoring mechanism allows virtumondo to restore its associated files if some of them are removed by security programs. That is, upon next computer reboot the Trojan is back and fully functioning.
The main files that are integrated with Windows Explorer and Winlogon processes make the infection resistant and hard to remove. Popular Windows security suites from biggest software manufacturers often cannot break the tight linking of the malware to critical components.

This explains why specific steps and virtumonde removal tools are needed to clean out infected computers.

• First, it is necessary to unload malware services from system memory.
• Second, registry entries and keys related to Trojan virtumonde should be deleted at once.
• Third, malicious files should be permanently erased from the system.

All this has to be done in one Windows session, without restarting, or the Trojan will be able to restore itself to previous state.

Several software companies and volunteer programmers decided to develop special tools to help users remove Virtumonde. Among others, Symantec provides a free fix tool for certain variations of the virus.

If you're a victim of the infection and want to remove the trojan with as little hassle as possible, get your hands on free virtumonde removal tools. Available removers are known to fix the malware without the need to call for expert help.
Alberta Glamerheim is an author and consultant who writes about Internet privacy management issues, and publishes articles related to PC security maintenance.