Three exe files are installed into your computer. Run regedit (Start / Run / regedit), and search for the infected keys. Some symptoms are common in severe VirtuMonde infections, and these include the use of a rootkit in order to make VirtuMonde extremely hard to remove, disabling of Task Manager, msconfig, and Malwarebytes Anti-Malware will now attempt to kill all the malicious process associated with Trojan Vundo.Please be aware that this process can take up to 10 minutes, so please be patient.

HKEY_LOCAL_MACHINE\SOFTWARE\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully. SYMANTEC PROTECTION SUMMARY The following content is provided by Symantec to protect against this threat family.

    I personally deleted the infected files without any bad effects, but if you delete a file that is actually one needed by the OS, it could cause your system not to You can browse to \Windows\System32 (be sure to enable displaying Hidden and System files in Explorer). At the beginning - VundoFix. Click on Delete,then confirm each time with Ok.

    VirtuMonde is known to promote WinAntiSpyware, SysProtect, and WinFixer in this way, along with countless other rogue anti-malware applications (which are ultimately scams). Advertisements for adult Web sites and services may also be displayed by the threat.

    Infection Trojan.Vundo, also known as VirtuMonde, VirtuMundo, and MS Juan, typically arrives by way of spam email or is hoisted onto the user's computer by a drive-by download that exploits a vulnerability. Other Possible Effects of VirtuMonde The other symptoms of a VirtuMonde vary widely, and depend on which version of the Trojan is present.

    One that keeps coming back is Virtumonde.dll. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease click this link-->JottiWhen the jotti page has finished loading, click the Browse button and navigate Please click on the Scan Now button to start the scan. Antivirus signatures Trojan.VundoTrojan.Vundo.B Antivirus (heuristic/generic) Suspicious.VundoSuspicious.Vundo.2Suspicious.Vundo.5Packed.Generic.295Packed.Generic.254Packed.Generic.324Packed.Vuntid!gen1Packed.Vuntid!gen2Trojan.Vundo.B!infTrojan.Vundo!gen1Trojan.Vundo!gen2Trojan.Vundo!gen3Trojan.Vundo!gen5Trojan.Vundo!gen7Trojan.Vundo!gen8 Browser protection Symantec Browser Protection is known to be effective at preventing some infection attempts made through the Web browser.

    The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.

    Presumably this is an anti-competitive measure, as the list of targeted URLs contains a number of popular search engines and domain names associated with ad-servers, for example: yahoo.com search.ebay.com web.ask.com banners.pennyweb.com ads2.revenue.net www2.yesadvertising.com images.trafficmp.com

For example:   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39D2FC9B-041C-470E-AE72-F8C001247626}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-4362-B103-868B0683C697}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827DC836-DD9F-4A68-A602-5812EB50A834}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBF02DA-4360-4A7E-BEA1-347B87816327}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE0D59D-F985-4AC6-8826- FEE957065D42} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AEFF965-B1A9-4675-966A-26C2E812AD51}   In some variants, several data files are also created in the same location, using the same name but with the following file extensions (as opposed to

    The screensaver may be changed to the Blue Screen of Death. Web access may also be negatively affected. imapiz.dll(SBI $2F4068FC) Library Please make sure that you can view all hidden files.

