Virtumonde is not your friend

I was the victim of a very annoying piece of malware I have been avoiding the corporate install of Internet Explorer for months now, and I have been using Firefox 2 and 3 instead. I am sure I was doing something I should not have been, because for the last two weeks these strange popups have been plaguing my Firefox browsers, and my machine has been running like there was taffy on my hard drive. I tried to remove the trojan with Spybot S&D, and that did not work. It did identify a Browser Helper Object (BHO) and some registry entries that I could not get rid of. That is when I knew it would be bad. Derek recommended that I try Macafee Avert Stinger. That was no help either. I tried HijackThis. That was informative, but not as helpful as I had hoped. So I did some more digging online, and an article recommended Malwarebytes’ Anti-Malware (MBAM). That was a big step forward. It clearly identified my problem as the Virtumonde Trojan. There were 59 DLLs, BHOs, data files, and registry entries all over my computer from this one trojan. I used MBAM to remove all of them, but the BHO registry entry was stubborn. This meant there was still more. I did some research on Virtumonde, and found that a tool called ComboFix will wipe it out entirely. It took about 20 minutes to run, rebooted my machine, and took another 20 minutes to complete. But when it was all done, I was trojan free. No more popups when I use Firefox, and my machine is fast again. Now… if only I knew what I did that was so bad…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s