avast! Didn't know of a virus and now I've had to reformat my computer

Day before yesterday it came to my attention I had a virus on my computer and avast! failed to notice it, however, I gave it the benefit of the doubt and ran the updater and did a BOOT System Scan; no viruses found.

The name of this virus is: virtumonde. I have run several programs that have detected it, but haven’t removed it (or at least charge for the service of removing it–in some cases). Now, I have been extremely pleased with avast! in the 9months (or so) I’ve had it; but because of the above this has really given me doubt as to whether I should trust/use avast! again.

There are two reasons for posting this:

  1. To raise awareness to the developers of avast! and hopefully get the anti-virus software to recognise said virus and delete it.
  2. To see what measure are going to be taken to assure that avast! anti-virus is up-to-date with the latest known viruses /etc?

[…because of virtumonde and avast! anti-virus incapability to remove virtumonde I have been forced to reformat my computer >:( which is my main annoyance.]

there are almost always different ways than the last chance by format + reinstall… it would help us, when you’re able to tell us which file(s) was (were) detected by the other scanners as Virtumonde… many Virtumonde variants are detected as Win32:TratBHO [trj] and a new Virtumonde droppers are detected as Win32:KdCrypt [Cryp] (new detection with VPS 080422-0)…

several programs that have detected it, but haven't removed it (or at least charge for the service of removing it--in some cases).

There are several free tools/programs that will detect and remove vundo. There are also several rogue programs that “detect” something and charge a fee. What where some of the programs you used?


Spybot - Search & Destroy also detects many version of virtumonde.

You should always try many ways (different programs, ask for help,etc) to solve a problem before doing a reformat which is a last resort.


As does SUPERantispyware On-Demand only in free version.

Sorry, I didn’t note down the results. I do recall that there were at least 4 entries in the registry that it picked up, but again, I never thought to jot them down.
However, when I was doing some research on virtumonde I did locate a few forum topics outlining the common files and registry entries–a simple Google search of “virtumonde” will give loads of results.
The best details I can find right now are in the link provided, I advise you take a look at this because it does detail file names and registries: [Clicky]

-----------------------------------------------------/

I used all the things listed on this topic: [Clicky]
I also used: Adware, Spybot - Search & Destroy, SpyDoctor and AVG.
Adware = It claimed to have removed/deleted the virus but it didn’t. It returned each time I did a scan.
Spybot = I kept receiving loads of prompts asking if I was sure I wanted to do the following action, I ticked the box saying remember this choice (or whatever it says) and that didn’t freakin’ work >:( So I gave up!
SpyDoctor = Said I had to register to remove the crap, I then got told if I download the Google pack it’d be free (thus allow me to delete the crap) but that didn’t work neither.
AVG = I came stuck when it asked about some networking connection and it asked what I wanted to do with it. I find it bad that it didn’t give me details of the connection so I didn’t get too far with AVG.

Symantec’s list is pretty generic and the guide you used is 2 years old. Vundo has evovled since it was made. Still, there are tools that make short work of this infection plus good forums in guiding on their use…

The programs you used were pretty lightweight.

For future reference: perhaps you could name some of these tools? And any “good forums”?

The forum you are on now :wink: Geeks to go, bleeping computers, aumha and there are more.

HJT, combofix, smitfraud fix, Deckards, Superantispyware. All these tools are free. Except for SAS, they should be used under the advisement of someone familar with them.

One recommendation in my Reply #4 SAS which has a good number of Vundo detections, there is also Vundofix, a specialist tool which considering it is only tracking Vundo would potentially be better than a non-specialist anti-virus/spyware application.

Vundo Fix Tool - Aliases - WinFixer / Virtumonde / Msevents / Trojan.vundo.
Here are the cleansing instructions for Virtumonde: http://www.bleepingcomputer.com/forums/topic18610.html

Download VundoFix.exe to your desktop.

Also VirtumundoBegone (if VundoFix does not work) - http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Note this tool has within it a means of killing processes (so it can deal with the infection) and that may be detected by a number of AVs (not avast) as a risk tool, etc. which is why I have broken the direct link, replace the XX with tt.

VirtumundoBeGone.exe/data005 contains an intrusion tool Tool.Prockill

As oldman mentions guidance when using these tools is advisable.

Thank You.

I’ve already mentioned that I have used that topic.