We have two Virtumone spyware on our computer that we cannot remove. We have used Ad-Aware, Microsoft-Antispyware and Spybot. They all show the spyware and we delete it but when we run the program again they are still there. So it's like it's automatically regenerating right when they are deleted. I have gone to websites that show how to manually delete these and where they say there normally located in the computer they are not. What to do?

reply #1
Hi mchell

From reading about VirtuMonde on various websites it sounds like it can be a tricky one to remove. However they do mention several tools that should get rid of it:

On the Symantec security website http://securityresponse.symantec.com/avcenter/venc/data/pf/adware.virtumonde.html there are two tools to use to remove Virtumonde:

Trojan.Vundo removal tool
and
Adware.VirtuMonde removal tool

After running both of these try running your antivirus and spyware checkers again to see if it reappears.

If the Symantec tools don't help, this web site also appears to have a tool to remove VirtuMonde:
http://www.spywareremove.com/removeVirtuMonde.html

Let me know if you have any luck with these tools. Also if you currently use Internet Explorer, try switching to Mozilla Firefox instead if possible. Firefox is a much safer browser and should prevent most spyware like this from infecting your PC in the future.
http://www.mozilla.org/products/firefox/

reply #2
I used the Trojan vondu removal tool and Adware.virtumonde removal tool. The Trojan one said there was 1 trojan and I deleted it. The Adware.virtumonde said there was no virtumonde adware on the computer. Then the second time I ran the Trojan one it said there were no Trojan's. The Adaware I was using before still shows 2 virtumonde. Is it possible that they are not actually there and that it see's a file that looks like it might be but it's not really. I go to the exact locations in HKEY_LOCAL_MACHINE etc.... and it is not there.

reply #3
OK looking further into it when I run Microsoft anti-spyware it says the virtumonde is located in MSevents.
Do you know what MSevents is meant for? What does it do?

reply #4
All the mentions of the MSevents object I have found from searching the Web seem to be linked to spyware such as Win Fixer and VirtuMonde. Are you seeing any of the symptoms for VirtuMonde (adverts popping up, computer slowing down)?

I did find mention of people successfully removing Virtumonde using SpySweeper. If you want to try it, you can download and install SpySweeper from http://www.webroot.com/consumer/ then follow these instructions:

1) Turn off System Restore (see below for instructions)
2) Restart your PC in Safe Mode (see below)
3) Run SpySweeper to remove Virtumonde
4) Restart your PC in normal mode
5) Turn System Restore back on (see below)

If that doesn't work there is also a tool called VundoFix which is supposed to remove Virtumonde:
http://forums.majorgeeks.com/showthread.php?t=74267

I would also recommended you clear the temporary files from Internet Explorer:
In Internet Explorer click Tools, Internet Options, Delete Files, check the box in front of Delete All Offline Content, then OK.

Try to use Firefox rather than Internet Explorer if possible and make sure to get the latest updates for Spybot, Adaware and your virus checker (AVG from www.grisoft.com is a good free virus checker).

Hope this helps

reply #5
Turn off System Restore

This is necessary because otherwise infected files may still remain on your PC in the Restore folders, which are backups of your PC's files at particular times in the past.
This can cause virus or spyware checkers to report infections when they have actually been removed already.

Right-click the My Computer icon on the Desktop.
Click Properties.
Click the System Restore tab.
Tick Turn off System Restore.
Click Apply, and then click OK.

Restart your PC in Safe Mode

Restart your PC and as soon as it starts up again start tapping the F8 key until you see a menu. Choose Safe Mode and press Enter. Your PC will now start in Safe Mode.
To restart in normal mode later, just restart your PC as normal without pressing anything.

Turn System Restore back on

Once your system is clean you should switch System Restore back on as it is a useful tool to restore your PC back to how it was at a particular time, for example if you make a change to your computer which causes problems and need to undo it.

Right-click the My Computer icon on the Desktop.
Click Properties.
Click the System Restore tab.
Un-tick Turn off System Restore.
Click Apply, and then click OK.

reply #6
Hey thanks the spysweeper worked. It was free too for 14 days. It's for sale in this Sundays adds for $10.00 so I'm going to go buy it for any future Virtumonde infections. I have been trying to get rid of it for weeks now and yes I was having pop ups that were slowing it down. I was also worried that someone could get information from my computer with it. A couple places said that is also a risk with it. So I am so glad it's gone. I have so many anti-virus and anti-adware programs on my computer now from all of this. They each seem to get rid of something different. It would be nice to have something that gets rid of everythiing. I am sure there is something like that for the right price that is. Anyway thanks again.

reply #7
That's good news, glad this helped