Sep 22 2010

Virtumonde

Category: PersonalChrisM @ 12:15 pm

A friend of ours recently bought a new laptop (the first time I’ve had a chance to play with a proper Windows PC that has a touchscreen!), and asked for some help with her old one. I hadn’t seen the old laptop in nearly two years, so I assumed all was fine with the machine.
No, it wasn’t, would be the short version. With a couple of trojan and viruses onboard, the poor thing had slowed down to a crawl and wouldn’t behave at all well. Hardly ideal behaviour for a computer that the owner wanted to try and sell! Virtumonde (specifically the Trojan.vundo and Trojan.vundo.b variants) were causing the most bother to remove. In case I forgot in the future, or it helps someone, someday, to skip a few hours of head scratching and repeated virus scan, reboot, virus scan, swear, reboot cycles, I though I’d post a couple of links that proved very useful in removing the infections.
To see the different methods people have tried, head on over here, but in most cases, you can skip straight to here, to learn how to use Rkill and Malwarebytes’ Anti-Malware to clean your computer. Do read the notes carefully, and either print them out, or open them on a second PC, as you’ll need to close all programs at certain points.
There are other infections to clear off it, and I need to swap data from the old PC to the new one (I didn’t want to start the process of copying 45Gb until I knew it was clean), but I’m now getting there!