In the Wild: VirtuMonde

I decided to add the title of “In the Wild” to the “Security” category. ITW focuses on internet security threats such as viruses, adware, spyware, and malware.


VirtuMonde is perhaps one of the most popular viruses of our modern age, changing form more often than any other variation in the wild.

It is widespread mainly via earlier or outdated versions of the JAVA runtime enviroment, infecting Browser Helper Objects, DLL files, WinLogon, and Explorer (exe). Infection is fairly easy to contract, as most virus and adware protections do not detect VirtuMonde until after the moment after infection. By then infection spreads quick and hard.

While VirtuMonde does not inflict damaging results (hard drive loss, etc), it does nearly disable Windows ability to function. Sure signs of infection include the hammering of advertising ads triggered for Sysprotect, Storage Protector, AntiSpyware Master, and WinFixer. Unfortuately, none of the advertised programs will rid your system of Monde. Monde also affects search triggers and many web sites rendering them not to load (Google, Hi5, Yahoo).

As Monde evolves often, it is hard for developers to create protection against the new strains of Monde.

Even more unfortunate is that it may not be worth the time and effort to successfully clean Monde from your system, as tracks left behind do leave their impact. But it is possible to remove Monde if you do see the signs right away.

Upon a recent infection to my personal system, I was able to rid Monde from my system. My computer acted as if it had done a 360 toward fatal sickness. This made me suspect a virus, where as I ran Spybot. Spybot identified Monde…. I knew it was bad when I got the results.

Restarting my system immediately via the hard reset button (logging off of Windows correctly via the shut down command will infect your system more as WinLogin is called and executes higher infection.

The trick is to go to safe mode. In safe mode run the following tools: AVG Anti-Virus, Spybot S&D, Malwarebytes’ Anti-Malware, and VundoFix. One program or another may tell you that infected files can not be deleted and give you the option to delete on reboot: this is okay. Keep going in to Safe Mode to perform all scans over and over until the infection does not reappear. This may take 2 to 5 times.

One Response to “In the Wild: VirtuMonde”

  1. Vundo Says:

    Virtumonde is one tuff bad boy to remove. I deal with this guy a few times a week. It’s hard to remove but looks like you already sovled your issue. Some free programs worth mentioning that can help out are Spybot, Smitfraudfix and vundofix. Nothing beats real paid for software but the three mentioned about can help out big time. I like Malwarebytes as well and running them in safe is the best way to go. Make sure you do safe mode with networking so you can update all the programs or just install them all and then boot into normal safe mode.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: