Infected with TrojanVirtumond

Hi all
I m infected with Trojan Virtumonde, but my Avast! pro can t see this Adware.
I found and deleted this files, but virus came again and again…
What to do? whait adding this virus to signatures or change AV??? :-
Other AV s detect this Adware >:(

Sorry for my bad elgnish

I suggest a forum search in Viruses and Worms for Virtumonde as I believe this has cropped up before. This is just one such post, http://forum.avast.com/index.php?topic=27258.msg222209#msg222209.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

Hi tsilo,

See here:

http://www.bleepingcomputer.com/forums/topic18610.html

Waiting is not an good solution :slight_smile:

Send the sample to the address that David is mention.

Well I have 3 files, idetified as virtumond, i send that files to Avast!
Also i submitted files to virustotal.com but Alwil reacts to slowly…

Run the specialist tool(s) mentioned in my post and they should sort you out straight away.

An AV will never cope well with something like Virtumonde because it uses various tricks to protect itself.

:slight_smile: Hi Tsilo :

 "Trojans", and "Virtumonde" in particular, are best dealt with by
  antiSPYWARE programs or by a "Specialty Tool" such as "Vundo Fix",
  that was developed by antiSPYWARE Expert "ATribune" . In this
  situation, should DEFINITELY follow the Advise of Frank by going to
  www.atribune.org/content/view/24/2/  . 

  Should NOT expect an antiVIRUS program to detect and quarantine
  every piece of malware coming through the phone lines .

  And Virtumonde primarily gets on a computer because of an
  out-of-date Java program .

I think Avast! must detect such kind of malwares, why other AV do this a long time?

Probably in this forum there is several users, who are ifected with Virtumond, but they don t know it, if they use Avast! ::slight_smile:

They may not know they are infected by a Variant of Virtumond the avast virus database has a number of Virtumond signatures.

Any symptoms that are present would indicate infection though not what one. This is also why I don’t have only one application looking after security but take a multi-level/application approach to security, as indicated in my signature.

In my computer I found 5 different versions of Virtumond undetected by Avast!, “hope” finde them again :-\

If I were continually getting infected in this way I would look to tighten my security to stop them getting established, getting out and limiting damage.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Well i sent one too at 1.4. so i hope it gets added in usual malware weekend roundup :slight_smile:

Files i send to Alwil are still undetected … :-\

Don’t hold your breath! :wink: