"VirtuMonde" Adware/Virus problem

[Vuvuzela]

If this is not in the right forum, please move it to the correct one.

 

 

 

My brother has been having problems with his computer lately. The problem is that whenever we try to go to a website this virus "VirtuMonde" redirects us to a pop up and we cannot load the website.

 

I've looked around and saw quite a few links on how to get rid of it. But, I cannot access any website on his computer because of the pop-ups.

 

We've tried using the spyware and anti-virus on the computer to remove it but, we've had no success. If it helps. His computer is dell inspirion 1100 laptop with windows xp installed. Appreciate it if anyone could help.

[OldJoe]

Start up in safe-mode and check if it works to get on another site.

 

If that doesn't work:

 

 

 

Take a usb memory, plug it into another computer and download Spybot Search&Destroy and Ad-Aware (you might want to download an AV like - Avira/Avast/AVG too), transfer to the usb. Plug the usb into the infected computer, install the programs, update and run scans.

 

Attention - If you have a cheap memory or something on 256/512 - use that. Because if you can't get rid of it, the virus will most likely transfer itself to the USB - plugging it into another computer will infect it. So be vary of this suggestion.

[Latinoking]

What antivirus/spyware programs have you tried?

[ClareJonsson]

Boot off a Windows XP CD, choose the repair option which takes you to a command prompt. navigate to c:\windows\help\mui\ and rename accas.dll to accas.old by doing the following:

 

 

 

c:

 

cd\windows\help\mui

 

ren accas.dll accas.old

 

 

 

Reboot and then scan your system with Defender which should find all instances of VirtuMonde.

[ClareJonsson]

Here's an addition, what you probably have is exactly what I am in the middle of sorting out at the moment on a PC someone just brought in. You have a trojan called Troj/Virtum-Gen. Here's some removal instructions:

 

 

 

1. On your PC, download THIS. Un-zip it and copy the contents to a CD or pen drive.

 

2. Boot your brothers machine into safe mode.

 

3. Insert the CD or pen drive.

 

4. Note down the drive letter of the CD or pen drive, I will assume it is D:

 

5. open a command prompt by typing CMD in the run box and pressing enter.

 

6. in the command prompt type SAV32CLI -REMOVE -P=C:\LOGFILE2.TXT and press enter.

 

7. when asked to remove a virus, press Y.

 

 

 

I have found 50 infected files so far!

 

 

 

Good luck,

 

Clare.

[____]

Just in slight addition to what Clare said; the dll you are looking for depends strictly on the strand you have. If no conventional software locates the dll (defender should though) then, and I stress this with A LOT of caution) go to your system32 folder sorted by DATE MODIFIED so the NEWEST is at the top and look for any abnormal dll's; google them. If you get no hits for them post them here. Especially if their modified date is roughly when you first got virtuemonde popups.

 

 

 

Edit: There is also a registry entry you can change to prevent keys which run on winlogon (executes for safe made also) from being called. And afaik virtuemode has an entry which references the dll it uses in the winlogon key. More on that late IF you require it.