Barron of Blog Wife, Kids, and the Pursuit of Happiness

5Jan/092

Removing WinFixer / Virtuamonde / Msevents / Trojan.vundo

Flu VirusI spent a couple hours over the weekend trying to figure out a particularly nasty virus called (among other things) "Virtuamonde" or "Virtumonde". What makes this trojan virus particularly nasty is that it redirects a lot of useful anti-virus and anti-spyware websites to point to localhost (127.0.0.1). The blocked websites include:

  • Windows update (windowsupdate.microsoft.com and update.microsoft.com)
  • Windows support sites (support.microsoft.com)
  • Spybot Search & Destroy website
  • AdAware website
  • ... and many other forums and support sites that provide solutions.

To help others who have this same issue and do not have the luxury of a second computer running linux, or cannot connect to these sites for other reasons, I am providing the necessary programs here to FIX the problem.

TO FIX:
Download, install, and run Malwarebytes' Anti-Malware. This was the only malware/spyware removal program that actually found and fixed the problem.

You may have to run this program in safe mode (reboot your computer and keep pressing F8 until you see a prompt for "Safe Mode"). If this still doesn't catch your problem you can download and install VundoFix.

(via bleepingcomputer, which is another site that is explicitly blocked by this trojan virus)

Filed under: dev, geek Leave a comment
  • Kathy Krejci

    Thank You Very Much, Mike. We were having problems with Windows updates along with a bunch of adaware and spyware pop-ups. The Malwarebytes' Anti-Malware download fixed the problem. Our computer is running great now.

  • Kathy Krejci

    Thank You Very Much, Mike. We were having problems with Windows updates along with a bunch of adaware and spyware pop-ups. The Malwarebytes' Anti-Malware download fixed the problem. Our computer is running great now.