Background of The Trojan Horse
Virtumonde or Vundo Trojan is a Trojan horse, which is known to cause pop-ups, advertising for anti-spyware programs, and sporadically other misbehavior for example, performance degradation, and denial of some websites like Facebook and Google.
History of The Trojan Horse
It happened hundreds of years ago during the Greek empire. Greece and Troy were at war. The Greeks had come in their ships to attack Troy. For ten long years, they besieged Troy but the Trojans would not surrender. Also, there we
re strong and high walls around the city of Troy. No enemy could enter the city when the gates were closed. The Greeks made several attempts to break down the walls and the gates but failed each time. So, Greeks built a huge wooden horse and was placed on a large platform with wheels underneath. A few of the bravest Greek warriors including Ulysses hid themselves in the hollow stomach of the horse. When troys opened the gates and came out, they could only see the wooden horse left behind by the Greeks. They thought it was the idol of some Greek God.The capture of the wooden horse was, to them, a symbol of their victory over the Greeks. They began to celebrate their success with feasting and merry - making. “The danger is over, at last. We can sleep in peace now,” they said to one another. Late at night, they went to sleep.
The Trojan Horse Infects
The Trojan Horse Infects
At the dead of night, when the Trojan were fast asleep, the Greek warriors who were inside the stomach of the horse came out quietly. They opened the gates 
Soon, thousands of Greek soldiers rushed into the city. They killed thousands of Trojans men, women and children. They burnt their houses and looted the city. Even before the Trojans were fully awake, their magnificent city was in ruins. Before they could realize what was happening, Troy was in the hands of Greeks.
Thus, the Greeks succeeded in punishing the Trojans for dishonorable act of refusing to hand over Helen to them. The architect of their great victory was brainy and wily leader Ulysses who brought the long-drawn war to close by a masterstroke of cunning and foul play.
Trojan Horses Today
Personal Encounter with Vundo
When Windows 2000 Millennium edition surfaced, virus softwares were not capable yet, in keeping malicious viruses away from computers. My personal computer was infected by Vundo itself. The degradation of my PC was rather slow, firstly, my system started slowing down, gradually, my system hanged and constant rebooting was done. Further on, i noticed files were not functioning properly, especially the registry files for Windows. As a result, Pop-ups from registry files displayed errors, inability to acces or delete certain system files that were infectd, and the worse of all, my whole monitor went brown with stripes.
How Vundo/Virtumonde infects: Be Afraid!
Note: Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. For instance, Distribution channels, which include IRC, peer-to-peer networks, and newsgroup postings are some common online communication channels which Virtumonde seeks, as opportunities to enter other computers.
The most common cause for infection varies depending on the user. However , many people get infected by installing a codec of some sort after downloading a song or movie from P2P sharing networks or other illegitimate sites. One particular Codec is the Storm Codec (displayed on the right), do not download or install this codec on your computer at all if you happen to come across it.Another way in which the Virtumonde infects your computer is by exploiting a security gap in the Java application. You see the Java runtime environment allows independent applets to install files onto your computer. Now the designers of Virtumonde's see this as a perfect opportunity and they exploit this hole to create fake DLL and Browser Help Object files and infect you with them. You may also get infected by visiting a malicious website that contained a virtumonde virus in one its files and downloaded the Virus that way.
There are many ways to get hit by these deadly viruses, however the important thing to note is that if you were properly protected in the first place you would not have fallen prey to these malicious programs. It is absolutely imperative that you have some sort of anti-virus and anti-spyware program installed on your computer, other
wise you are asking for trouble.Just remember prevention is better than cure, so make sure you are properly protected. With identity theft as the number one cyber crime in the world today, protection of your computer and personal details should be your number one priority, especially if you conduct a lot of financial transactions online. Now If you have been unfortunate enough to be infected by a Virtumonde virus then don't worry, your PC isn't doomed forever. With the right tools you can get rid of Virtumonde, Vundo Trojans and other malicious viruses at the click of a button.
Method of Removal
Due to Vundo Trojan Viruses having a variety of forms, there is no single specific set method to delete them. Having said that, the simplest response to "How To remove a Virtumonde 
Virus" would be to uninstall the Vundo by using the "add/remove programs" utility. More importantly, as there may still be hidden Vundo files, it's possible that Vundo will reappear after reboot.
Another way is manually deleting it from the registry. Now Manual deletion can be very tricky and you will need to understand how to edit the windows system registry and be able to fix various problems within your computers system( ask a professional, or seek help at registered websites, eg. Microsoft, Symantec, Mcafee, etc.).
Virus" would be to uninstall the Vundo by using the "add/remove programs" utility. More importantly, as there may still be hidden Vundo files, it's possible that Vundo will reappear after reboot.Another way is manually deleting it from the registry. Now Manual deletion can be very tricky and you will need to understand how to edit the windows system registry and be able to fix various problems within your computers system( ask a professional, or seek help at registered websites, eg. Microsoft, Symantec, Mcafee, etc.).
Viruses are persistent and removing one can take a considerable amount of time and knowledge of how an operating system works. If you believe you have what it takes then just go to Google and conduct a simple search of "how to remove virtumonde virus" using registry and there should be a handful of tutorials that will guide you through the process.
Now There can be anywhere from 30-50 associated files associated with a virtumonde virus. This includes DLL, windows registry, and startup files. So manully Removing them all on your own can become quite a mission. Also Another sneaky feature of the Virtumonde v
irus is that if you miss deleting a few files they will simply regenerate themselves after you reboot your computer.
irus is that if you miss deleting a few files they will simply regenerate themselves after you reboot your computer.Also, however, using the registry incorrectly can cause serious problems that may require you to reinstall your whole operating system. And bear in mind that you could encounter the Trojan virus or other viruses again in the future, so manually deleting them isn't going to be permanent solution and stop them from re-occurring.
Your best option would be to invest in a good anti-spyware program; they are easily able to detect and remove Trojan's and other viruses automatically and most of them offer a free download. A spyware program is the only way to completely remove a virtumonde virus and it will continue to protect your computer from future viruses and spyware threats.
Possible Sympthoms of Vitumonde Virus
Here are some examples of What a Vundo Trojan Virus is capable of:
Here are some examples of What a Vundo Trojan Virus is capable of:
- Vundo will cause the infected web browser to pop up advertisements; many of which claim a need for software to fix system "deterioration".
- The desktop background is changed to the image of an installation window saying there is adware on the computer.
- The screensaver is changed to the Blue Screen.
- In the Display Properties Control Panel, the background and screensaver tabs are missing because their "Hide" values in the Registry were changed to 1.
- Both the background and screensaver are in the System32 folder, however the screensaver cannot be deleted.
- Windows autmatic updates may also be disabled and it is not possible to turn them back on.
- Infected DLLs (with randomized names such as "__c00369AB.dat") will be present in the Windows/System32 folder and references to the DLLs will be found in the user's start up (viewable in MSConfig), registry, and as browser add ons in Internet Explorer.
- Vundo may attempt to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager or Windows registry editor.
- Another symptom of Vundo may be the desktop icons will disappear and so will the taskbar and reappear after a short period. This becomes very frustrating if you are trying to run programs or get access to your files as the process gets automatically aborted.
- In addition, popular anti-Malware programs such as Spybot or Malwarebytes' Anti-Malware may be deleted or immediately closed upon loading, on one recently infected machine the "TeaTimer" component of Spybot Search
and Destroy was deleted between reboots. A workaround is to copy or rename the executable, giving it a random name, this bypasses the automatic shutdown defenses of Vundo, allowing the scan to run.
- Web access may also be negatively affected. Vundo may cause many websites to be inaccessible.
- The hard drive may start to be constantly accessed by the winlogon process, thus periodic freezes may be experienced.
- Symptoms may also include the disabling of Windows Automatic Updates or other web-based services.
To End Off
Hence, although it is not completely possible to be free from Trojans and Viruses, it is important that we as Internet surfers, follow the basic anti-virus guidelines to help protect our computers from any forms of malicious viruses. At least, we still can have 99 percent control of the safety of our computer.
Like any other credited or registered anti-Trojan / Virus recommends, it is essential to practice regular checks on your computer, ensure that softwares are up to date, avoid opening spam or unusual emails, and refrain from websites which are unsafe for viewing.
Writing this blog on Vundo, till today, still scares me.
interesting info about the virus, never knew such a thing existed. good use of pictures too, it made your blog entry more alive! I felt that the video was helpful in teaching us how to get rid of the virus..if ever we encounter one! cheers!
ReplyDelete