Get rid of Vundo or Virtumonde or Virtumondo
I use Windows XP. It’s a crime and MS must pay its users for mental harassments they go through when Windows is infected. Mine got infected 3rd time in last 8 years. This time it was Vundo or Virtumonde or Virtumondo that told me that my machine i.e. laptop was infected and I must install Antivirus 2009. Antivirus 2009 is a rogue software that invites more spy wares to party. And the party goes on till the time you either stop using Windows or reformat machine or 3rd option, get rid of this wonderful Vundo.
You will need Ubuntu and Hijack this. I don’t have words for this WOW thing. I hate myself for not completely migrating to Ubuntu. Ubuntu is much better than any desktop OS I have ever used. For uninformed, I have used Windows 9x series, Windows 2K, ME and XP. I am still away from Vista. According to me 98SE was the best thing and then it was Windows 2K with service packs applied. Now I use XP at work. Get bootable CD of Ubuntu. You can order a free CD from here and download Hijack this from here. I suggest downloading zipped Hjackthis.
Vundo exploits the BHO module of IE to compromise the laptop and it even hijacks Firefox. Hijackthis will search all these BHOs and will give you a list. Then you just need to stop some process, remove registry keys and delete some dll files. Thats it! No rocket science.
So start with this.
- Disconnect your machine from network. Turn off your wifi if you use wifi. Make sure you are not connected to internet.
- Run HijackThis and save the log to a convenient location. Some times these spy wares don’t appear in the log. Now if you don’t find anything wrong but you still see pop-ups that say download Antivirus 2009 then simply reboot the machine in safe mode. Rename the hijackthis executable to your name.exe and copy it to some other location. Run it. Save the log.
- Remove the registry keys which sound strange to you. I suggest removing all references to BHO objects in registry. Nothing serious will happen, the least you can do is mess up your windows installation. No big deal.
- Now reboot using Ubuntu Live CD.
- Open a file browser and locate your log and using log you can find the name of files you have to delete. Most of these will be in system32 folder in windows folder. Simply delete. Even if you are unable to reboot into Windows you still have Ubuntu.
- Reboot into Windows and Tada! Spy wares bye bye!
- Repeat above said processes if you still see pop ups saying you need to install Antivirus 2009.
Better migrate to Ubuntu. Its better than any thing you may have used. Only Open Office sucks some time and I miss Adobe Photoshop & Dreamweaver a lot.
Trackbacks
Use this link to trackback from your own site.
In the first place itself I fail to understand how the hell did you even fall for such a pathetic trick?
This way even Ubuntu at fault. If you use it as root always and then complain that the OS sucks? Any OS expects a certain amount of ‘thinking’ by the user. I do agree Windows sucks sometimes but praising Linux just because it makes you a part of a smaller group of users and possibly different is not good.
Better migrate to Ubuntu. Its better than any thing you may have used. Only Open Office sucks some time and I miss Adobe Photoshop & Dreamweaver a lot.
1. How many people know about Ubuntu (minus the tech savy)??
2. Even if they do, are they aware of Wubi? Cause the general perception is that Linux is difficult to install.
3. How many people actually care about whether their software is open source or not?
4. Does the end user really care whether if he compiles his own software he will get some performance benefits?
5. What about the plethora of software that doesn’t run on Ubuntu? Photoshop? Y!Messenger? Windows Live? AutoCAD? Games?
Oh my God!
Bhai, I dint praise Ubuntu for nothing. 2ndly, I was trying to do some thing which invited those nasty spy wares to my system and as I have never ever faced such an irritating situation I decided to share my easy way out with people. Nothing special yaar.
And you know windows sucks.
You know what I still consider you my Guru but I seriously hate people who blame EVER problem with Windows.
Like that DNS cache poisoning, some smart ass on /. said,’I bet this doesn’t affect Linux.’
First of all calm down. 2nd thing, I know real world not tech savvy people using Ubuntu. Shed the cocoon you are wearing. I have seen people using Mac, Ubuntu and Windows here in Los Angeles and they are real world not “IT” people. Not every one is like a typical Indian who needs all the damn softwares on PC just coz they are cool. We need Oracle, .NET, AutoCad, Adobe Studio, Games, A/V softwares and everything, but do we really need?
Dude, every OS has got its own share of problem. But believe it or not *nix are better than Windows. Raise a kid in *nix environment and that kid will never ever use Windows. If same kid used Mac he/she will never ever use windows or *nix. You grew under windows influence so you tend to hate/criticize Linux. I dont want to start a flame war but yes Ubuntu is a better OS and I never ever used
a) VB
b) Java
c) Oracle
d) .NET
e) Cad Softwares
f) remixing softwares, yes I had audacity to record my conferences.
I do use Photoshop now and then but am trying to master Gimp. It’s just a matter of personal choice. I have right to say Salman Khan sucks and you have right to say he is the only guy who knows how to act.
You grew under windows influence so you tend to hate/criticize Linux.
WRONG.
Just read your blog post.
This virus is not a backdoor - it comes when you yourself click on it. There is a difference. I never did deny that Linux or Mac is better than Windows, but I never said this on the basis of the fact that I myself clicked on a pop up which said you have spyware on your computer.
b) Java? What do you mean by this?
c) Oracle: http://www.oracle.com/technologies/linux/index.html
Oracle is available for Linux.
I was talking about the end user . A person for whom the ideology of KISS is based upon. A person who need not give compiler flags so that his software runs faster.
“”I was trying to do some thing which invited those nasty spy wares to my system”" I don’t understand.
And I am not being rash or anything. Just talking matter-of-factly. You know I use Ubuntu also, but I make it a point not to blow my trumpet when I know it sucks badly in many ways.
I dint Java means like every other guy u know who install JRE/JDK to do some java.class stuff, yes I have java plugins but I dint program in Java.
Regarding that spy ware, yes I did some thing wrong thats why my PC got infected. Read the post again. 2nd thing, I knew I must not click these pop ups but what about the end users. They are prompted to click and they click. This wont happen on Mac/*nix.
Dude, I know Oracle is available for Linux. I said “I never used Oracle”.
Come on man, again a matter of personal choice.
OK end of topic.
It is always nice having a debate with you.
Since you are out of India and obviously feeling home sick today, I will give you - VICTORY! You win man! Be happy!
Happy Independence Day.
For those that are not tech savvy enough to use Highjack this you can always use the system restore option in XP and Vista. Go back to a time when Virtumonde was not present. Then once the restore is done download Smitfraudfix and Spybot Search and Destroy (Both 100% free) and run the scans in safe mode to remove any left over traces. This works for most people. I remove this bad boy all the time and in most cases it works well.
The system restore works great. Do it all the time for issue like this. the sad thing is most people who get infected with this just did not have protection in the right place. I’m not saying everyone but most people.