NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove VirtuMundo. Description and removal instructions

 
Title: VirtuMundo
 Also known as: VirtualMundo,VirtuMonde
Type: Adware
Severity scale:VirtuMundo severity is 45  (45 / 100)
 
VirtuMundo, also known as VirtualMundo and VirtuMonde, is a widely spread adware parasite that downloads from the Internet and displays large amount of unsolicited pop-up advertisements. The threat regularly contacts predetermined web sites to receive ads and additional instructions. VirtuMundo is bundled with some parasites and advertising-supported programs. It can also be manually installed. The threat automatically runs on every Windows startup.

FORUM:
Discuss VirtuMundo in
spyware removal forum

Related files: windowsupd1.exe, sysupd.exe, windowsupd2.exe, winhost.exe, quicken.exe, editpad.exe, lspak.dll, rulesak.dll, cidrules.dll, nwonknu.exe, rasrun.exe, psdrv.exe, svci.exe, unknown.exe, hrj6051se.dll, jtr0079me.dll, pmnno.dll, geebc.dll, ssttr.dll, SbCIe02b.dll, pmnlk.dll, 2chkdsk, iifddby.dll, ddcbabx.dll, castlecops[1].exe, gf1.0.0.2, kopCFEWV.exe, awtqqnl.dll, sstrs.dll, mllkk.dll, vtuspmn.dll, nnnmmlk.dll, cbxxywx.dll, opnnljj.dll, khfcdaw.dll, mljkkhf.dll, sstur.dll, tuvwuss.dll, ddcyx.dll, khfcdba.dll, ljjgedc.dll, rqrppon.dll, vtsts.dll, wvursqn.dll, xxyxwxv.dll, ssqqomk.dll, pmnnm.dll, nnx22011.exe, ces005dr.exe, ddcca.dll, vtsss.dll, urstr.dll, jkhhf.dll, mllmm.dll, rqron.dll, byxurqq.dll, rqrssro.dll, vtuts.dll, Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe, Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe, mljhghe.dll, sstqq.dll, jiinhuyb.dll, geeby.dll, awtqopm.dll, bndsrsqo.dll, mljjk.dll, awtttqr.dll, pmnlj.dll, hggdefc.dll, cbgzgdqt, ssqqn.dll, ssqnolm.dll, gebyxuu.dll, tuvvsrp.dll, cbxussr.dll, khffefd.dll, efcdaab.dll, ddcaaxu.dll, tuvutus.dll, nnlmn.dll, hgggdbx.dll, opnnlmn.dll, awtqomn.dll, jkhfe.dll, byxvs.dll, xxyvspp.dll, byxxy.dll, mljgh.dll, ddaya.dll, ssqopqo.dll, iifcyab.dll, efcbbcc.dll, ssqpq.dll, opnlm.dll, urqollm.dll, ssqpono.dll, fccdbab.dll, nnlif.dll, ddcawvv.dll, pmnlmnk.dll, gebabcd.dll, vtutron.dll, iiffgfd.dll, mljiggd.dll, opnnopq.dll, yayxuus.dll, ddayy.dll, ddcabya.dll, mljgf.dll, mljighf.dll, 904598c7, ljjhgee.dll, opnkjjg.dll, opnlifg.dll, pmnnn.dll, winsrc.dll, wvwxv.dll, temlxopqgdk.dll

VirtuMundo properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic VirtuMundo removal:

remover for VirtuMundo

VirtuMundo manual removal:

Kill processes:
windowsupd2.exe winhost.exe quicken.exe editpad.exe nwonknu.exe rasrun.exe psdrv.exe svci.exe unknown.exe castlecops[1].exe kopCFEWV.exe nnx22011.exe ces005dr.exe Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CLASSES_ROOT\atlevents.atlevents
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\targetsoft
D01C9902-73AF-47FF-B784-05FDB6604FCF
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
68616403-4FFB-4B19-B360-0B0B1F55D5EC
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
D714A94F-123A-45CC-8F03-040BCAF82AD6
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
83B28A74-640D-48F4-9F51-E80EED7CC7E0
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
D38439EC-4A7F-42b4-90C2-D810D7778FDD
6148028B-D532-4417-8C0B-5A4A0B745393
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
A05DA7E0-383C-4E99-A72A-742050A152A2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
B763C083-57E0-4993-B058-13008952DF68
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
662BB3E3-204F-44FA-A827-143B8AB4B036
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
B2030C9A-DE59-457D-A042-D827AD69C8F3
F00EFDF5-0042-4F5E-9F20-C688409CF918
F73AF695-229D-4549-B1A0-20DA99A81F19
22E58089-6DB5-45D9-BF87-6C8975246D26
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
5A4A2D56-931A-4733-9121-033A2D95A274
1FB63E52-4D6E-48C1-A08F-F630FE50F337
01ABD624-98FE-4B37-81F2-4E5B41799B6B
05029E1B-4C41-4681-8F7F-2AEC346136F4
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
8410970E-714C-4F14-AA6B-B3B2F3246827
82412A22-FFED-4A67-B37D-4127EBA1BB02
095514BB-363E-451D-9BAE-A054E51BD0B0
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
27534EA2-AF0A-4405-9143-8837572099BC
28DD5FA9-7526-4463-A548-BD2877B2710A
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
855879EC-968C-4480-976B-870669F5F95A
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
1f9137dc-0b86-43e1-a596-8b2b49125124
719C7140-463A-45CB-BA90-828B11FCF5A4
F9C57A10-3FFE-4E94-924E-264713738291
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
35B868E9-614B-47BA-81F7-841B8B055247
F40114E6-51D4-4EE4-9F38-2E979AF84593
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
837B45D6-BF85-457D-AABF-6D2E7815F791
45B20293-5C68-4271-B4FD-F43A4075A2E3
89AD4D75-2429-462e-BD4E-443F233F6033
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
4E35C785-B803-471E-AF03-74BDE42EA65A
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
6980D6C1-F025-4067-B8B8-F12029EA0CD2
2AD3123A-16FF-404E-92E5-47128E40D281
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
9DC8B477-C55C-4373-953D-8913334A8D8B
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
DA0053C8-1501-48C6-BD86-167AA3DEC119
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
90375CC7-C153-4D5C-B81D-C4011A3C16D3
B1F4D9B0-7300-408A-B70A-677CC7276EF6
429E0606-5905-4CCD-998A-9D2C29DE6F33
582C46EE-9E66-4DE0-92A5-34B971099C0C
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
3385764C-85FC-45CC-B290-E97646306BB2
90624170-D668-409E-A2F5-C0710044760F
A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
232D2677-68EE-4FA1-B988-279EBC8969ED
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
C408EC5B-CC5E-451D-B831-6DB83DA47244
634BBAB7-3F60-4426-944F-A62B9007F67F
AB30E818-2B0F-4336-BB29-35D245598EDB
01CD0B31-9154-45F2-9414-F5D64B74EAF6
200D0AAD-71B1-51C9-DDB0-092BA4662A54
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnolm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebyxuu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvsrp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxussr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khffefd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcdaab
2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B
A288996D-94BC-4C73-8CC7-A20F8A435A98
46523B68-2656-4D4D-B415-20907B8E649A
F95B14B7-B316-49DA-972C-1225025AFB7A
AEBF6926-DBA6-4100-A838-1CED0169AB78
9D88DD0F-5C78-417D-9E48-DDE4BCC53E9F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcaaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmkjj
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvutus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hgggdbx
6551122A-4DEB-4949-8ABF-72972775F028
88741C23-A892-4B7E-8F89-4A69CB12DA67
F9491793-47BB-4F3C-9B1A-08A8E4F88D0D
3FABB570-CFE9-43FB-82F4-F065466077B4
326F7029-5B4F-4D02-8D77-F16322C282C1
A47BD9A5-EF81-4E2D-B5D8-A5AF7099683E
817A8844-1AF6-4093-B74A-DD91676A179E
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqomn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdcdd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\xxyvspp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxxyay
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\qommlii
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxvusr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlmjh
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqopqo
DB1F1927-3FFC-4313-82AD-6A75758E5D32
6A30EED0-7D3E-40AC-946D-CF769A3ACDF5
506602EA-3290-416C-84E7-B2B331D2DFA2
81182B58-0DB8-4671-A345-BD9B20E6FC72
6A061FA1-352D-4902-94FB-46BD37FD7FAF
259B6215-70A2-4789-9978-64CD33632682
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urqollm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifcyab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqpono
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcbbcc
9DEC9A9D-E4F1-4081-A06E-76601F998EB4
CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134
47A21439-A069-4BC1-BB70-54C9ED60691F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccdbab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuspmn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcawvv
1A4318F1-865F-43A0-88A6-22666DDB6F47
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqolkll
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnlmnk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtutron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebabcd
5AAF23D8-4489-43D8-A064-319D1254ABCA
CA28FAC6-6381-4F89-9090-F399BBAFC26C
415D402F-A6FC-4CA2-927B-2323BAAFB966
49D63E18-33B1-46F2-82C2-39431FB94794
98663E21-9CCE-4CF6-863C-911A9523A66F
7F96901E-BEB4-4316-B165-5C4F2D6314CA
C3A84C81-8E37-4EAA-8E6C-C4FF35A67F96
D604A3C9-1BDF-48AA-8CB3-80C2752FB6C5
F7608A7B-DB2D-4CF1-8930-708A32896876
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnnopq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayxuus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggeeee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljiggd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiffgfd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdaxu
20EC205F-3300-4013-A537-69DDC176CF42
7D7F29A5-8D07-44FE-89B6-A8F4DFFD03FB
24C61C09-62C0-42ED-B640-53F7FEC9098A
64C8EADA-5CDB-4A79-9213-F3F68E851D56
DB7BB42E-456D-4203-ADCF-C0B999112DA0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcabya
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuuutt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiigefg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrqon
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljighf
FA6E43E6-F825-4317-BBCC-EC8462D1F3A5
7de1e3d1-c102-4dca-bd3d-43cbe8303ee5
BCB279E3-2BB4-4A4B-90C5-3CEBACC6B15C
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcawvu
E180F496-8A4B-44E2-9FE0-0364E345DB7F
D81BE140-D159-4732-BCE8-185C9210E38E
FFF29BE4-24AC-4E31-B99B-45238B764111
571A01F0-FBF2-4411-A41B-BBB3CE6189E4
037C7B8A-151A-49E6-BAED-CC05FCB50328
5A7CFD83-8907-460B-88C5-8CBAD95F1CF1
9543B1E1-5B66-4DFA-B579-0B392D0BB33C
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxyvwu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcbaxw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjhgee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkjjg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlifg
9FEA8F43-D4ED-458C-B727-B667025676A0
B0BCDD0D-1EC9-4EA4-A013-5642B9598271
A98D0065-7326-41B5-B8D9-C5B692CDB82F
F2A65CD2-0CDE-4E63-B8F3-16D90EF77603
63AB48C9-01A8-495C-8194-A715DB8A37A2
4C16CAB4-7053-2AD8-5166-2C00BAB3D8BE
59FEDA57-3BE1-450E-B368-F93067B94C86
B82F29E4-8368-4B14-9C00-5138C0D94034
B5FAC233-228C-4106-BB63-3031B84E2AB9
5550F659-4DE0-497D-B8A2-3E1AFB973784
12C71A70-09ED-4515-A39C-99E973B8E9F7
826A5ED9-1316-4EFD-87F8-AA400C5D551A
3A0909EF-95E0-47B3-B117-FA03D9FDDBD1
AA8DFF57-1E4B-4A01-9681-AB25E1CF6532
3BE9150C-E2ED-4294-8F70-4CCA872A7BB3
90696A05-6C9A-488F-957D-4D4A3D5F61C2
2FEAE5F7-1F4D-A231-30D1-04759E1C1FCB
7FDF7614-0DF6-4A84-9041-2D873AB5C2C5
24E9519B-3F70-429B-99BC-4B2B49B96F66
965585E8-9537-45FE-952F-DDE5BE10AE52
ea3f2b22-4a94-4b29-8101-881882e0d8b9
f4ececf2-73d0-474e-06da-11f818303327
6bffbb42-ac73-4d2f-8109-562f11353e93
3DB7BCD6-5AB2-4224-9D5C-91596FDA31B9
3CAB59B4-55A3-4737-9FD5-B93C6430BF75
963db810-b29b-4595-aea0-649db6103abc
0f70b574-9236-469c-bb21-9654dac1f67d
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtUno
9F24CE12-437E-4413-BA41-0BF61D67EC80
9B5D62CC-A31F-41E6-AB67-9D51D48B5C07
B1FFEAF8-F7C8-445D-98FE-9AD04897C6AE
a1e653d7-374b-4f3c-aa1d-fd259c751c11
82B8E0B5-45F5-4779-966A-C474164F8F7F
956677BE-F493-4F74-ACD6-E5A0E62904A5
9D9294A6-8FB0-4206-AD93-5E9A9EF0B517
EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsRjhg
684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
CB5A3EDC-08DA-48D4-BD49-AC53308B64DC
8B522498-4803-4A8D-A297-46AE273C44A6
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYpmkK
59148BE8-B764-447A-9302-4AEB7187D3CB
D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
9936EFFC-4A2C-4F1B-BB68-DEDC6916EE19
03F408E7-0903-46E1-9284-EC56550C3597
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
4846D90B-B1ED-402A-A718-91E88C6E2839
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPGXp
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrrsPH
a7ef6dba-8a53-4f52-bd9a-01a6a4e083c0
60ABF6AC-BAE2-4400-8936-0593C3C9A8A8
HELP:
how to remove registry entries

Unregister DLLs:
lspak.dll rulesak.dll cidrules.dll hrj6051se.dll jtr0079me.dll pmnno.dll geebc.dll ssttr.dll SbCIe02b.dll pmnlk.dll iifddby.dll ddcbabx.dll awtqqnl.dll sstrs.dll mllkk.dll vtuspmn.dll nnnmmlk.dll cbxxywx.dll opnnljj.dll khfcdaw.dll mljkkhf.dll sstur.dll tuvwuss.dll ddcyx.dll khfcdba.dll ljjgedc.dll rqrppon.dll vtsts.dll wvursqn.dll xxyxwxv.dll ssqqomk.dll pmnnm.dll ddcca.dll vtsss.dll urstr.dll jkhhf.dll mllmm.dll rqron.dll byxurqq.dll rqrssro.dll vtuts.dll mljhghe.dll sstqq.dll jiinhuyb.dll geeby.dll awtqopm.dll bndsrsqo.dll mljjk.dll awtttqr.dll pmnlj.dll hggdefc.dll ssqqn.dll ssqnolm.dll gebyxuu.dll tuvvsrp.dll cbxussr.dll khffefd.dll efcdaab.dll ddcaaxu.dll tuvutus.dll nnlmn.dll hgggdbx.dll opnnlmn.dll awtqomn.dll jkhfe.dll byxvs.dll xxyvspp.dll byxxy.dll mljgh.dll ddaya.dll ssqopqo.dll iifcyab.dll efcbbcc.dll ssqpq.dll opnlm.dll urqollm.dll ssqpono.dll fccdbab.dll nnlif.dll ddcawvv.dll pmnlmnk.dll gebabcd.dll vtutron.dll iiffgfd.dll mljiggd.dll opnnopq.dll yayxuus.dll ddayy.dll ddcabya.dll mljgf.dll mljighf.dll ljjhgee.dll opnkjjg.dll opnlifg.dll pmnnn.dll winsrc.dll wvwxv.dll temlxopqgdk.dll
HELP:
how to unregister malicious DLLs

Delete files:
windowsupd2.exe winhost.exe quicken.exe editpad.exe lspak.dll rulesak.dll cidrules.dll nwonknu.exe rasrun.exe psdrv.exe svci.exe unknown.exe hrj6051se.dll jtr0079me.dll pmnno.dll geebc.dll ssttr.dll SbCIe02b.dll pmnlk.dll 2chkdsk iifddby.dll ddcbabx.dll castlecops[1].exe gf1.0.0.2 kopCFEWV.exe awtqqnl.dll sstrs.dll mllkk.dll vtuspmn.dll nnnmmlk.dll cbxxywx.dll opnnljj.dll khfcdaw.dll mljkkhf.dll sstur.dll tuvwuss.dll ddcyx.dll khfcdba.dll ljjgedc.dll rqrppon.dll vtsts.dll wvursqn.dll xxyxwxv.dll ssqqomk.dll pmnnm.dll nnx22011.exe ces005dr.exe ddcca.dll vtsss.dll urstr.dll jkhhf.dll mllmm.dll rqron.dll byxurqq.dll rqrssro.dll vtuts.dll Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe mljhghe.dll sstqq.dll jiinhuyb.dll geeby.dll awtqopm.dll bndsrsqo.dll mljjk.dll awtttqr.dll pmnlj.dll hggdefc.dll cbgzgdqt ssqqn.dll ssqnolm.dll gebyxuu.dll tuvvsrp.dll cbxussr.dll khffefd.dll efcdaab.dll ddcaaxu.dll tuvutus.dll nnlmn.dll hgggdbx.dll opnnlmn.dll awtqomn.dll jkhfe.dll byxvs.dll xxyvspp.dll byxxy.dll mljgh.dll ddaya.dll ssqopqo.dll iifcyab.dll efcbbcc.dll ssqpq.dll opnlm.dll urqollm.dll ssqpono.dll fccdbab.dll nnlif.dll ddcawvv.dll pmnlmnk.dll gebabcd.dll vtutron.dll iiffgfd.dll mljiggd.dll opnnopq.dll yayxuus.dll ddayy.dll ddcabya.dll mljgf.dll mljighf.dll 904598c7 ljjhgee.dll opnkjjg.dll opnlifg.dll pmnnn.dll winsrc.dll wvwxv.dll temlxopqgdk.dll
HELP:
how to remove harmful files

Other programs to remove VirtuMundo:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 29/10/09

Additional resources related to VirtuMundo:

Attention: If you know or you have a website or page about VirtuMundo removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about VirtuMundo parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2009-10-29 08:10:29
I have tried numerous times to unsubscribe but it is useless. Maybe a letter to the BBB or FCC will get some action against vitumundo. I have forwarded some of youe emails to the attorney general's office and asked for some help.

2. by Guest. 2006-09-03 11:09:15
yes please remove v4guitar@aol.com from all mailing ...........

3. by Guest. 2006-08-08 10:08:10
I have requested that the host of this website stop emails to me. Whom ever is using you as host is annoying and sending unwanted information to me. Virtumondo, I wish that you unscribe me for the last time. Also remove my email from the other engines that you are affilliated with.

janbillb2@aol.com

4. by Guest. 2006-06-25 21:06:42
Wouldn't want to post anything "harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially or ethnically objectionable." God Forbid. Can I mention God? Anyway, here's my totally uncensored comment about VirtuMundo: They're obviously a group of very nice, church-going young men who have been wrongly accused of heinous activity. Can I say the word "heinous"?

5. by Guest. 2006-06-04 09:06:27
remove me from future mailings shannasgm@aol.com

6. by Guest. 2006-05-27 12:05:15
I have requested that the host of this website stop emails to me. Whom ever is using you as host is annoying and sending unwanted information to me. Virtumondo, I wish that you unscribe me for the last time. Also remove my email from the other engines that you are affilliated with.

7. Joseph by Guest. 2004-11-29 13:11:06
I have Windows XP and I am not sure how to remove access to the file. Also, which users should deny access to and which should have access?
Thanks in advance

8. Problems following #4 by Guest. 2004-11-28 18:11:02
Hi! I am trying to remove the dvdfax.exe off of my computer... I have been using the procedure listed in #4. I have gotten to the point where I need to change the users on the file.. but, I don't have a security tab under properties and cannot find anywhere to change the users on the file... I am running XP - any suggestions?

9. I had one error in my post #4 by Guest. 2004-11-23 10:11:59
I read post number 5 and realized I left one line out of the key to search for.
HKLMsoftwarewindowscurrentversion
should actually read:
HKLMsoftwaremicrosoftwindowscurrentversion

Sorry for any confusion there.
P.S. It took me the better part of a day to find out how to get rid of this thing. I should never have needed to but my AV company Computer Associates (e-trust) refuses to call this a virus. They bought an anti-spyware comapny in August '04 and now want you to buy that product to get rid of it.

Go figure!

10. Hello, to the author of post #4.... by Guest. 2004-11-22 14:11:14
I'm running XP home and as I run down the registry location you mention, I find:
HKEY_LOCAL_MACHINE
SOFTWARE

But no registry file under those two simply called "windows". I have "windows 3.1 migration status" but that's not it. No other files called or starting with windows under HKLM/SOFTWARE.

Any thoughts? Thanks!

11. "Follow Post #4 you must." - Yoda by Guest. 2004-11-20 22:11:29
My wife just spent an ENTIRE WEEKEND on the phone with the useless fools at Symantec (Yes, the Norton people), trying to get rid of this hellish, infernal Adware.Virtumonde trojan horse. She literally talked to 5 different "technicians" at Symantec, including a "specialist" from the "VirusRemoval Team" and none of them had a clue--they kept telling her to do things that were redundant or treating other problems, but not the Virutumonde. Our CPU usage was at 100% and it was nearly impossible to do anything. We had nearly resigned ourselves to re-formatting our hard drive of which I am pathologically terrified), when my wife found the instructions in Post 4 above. She tried it, and it actually worked. Thank you, oh, thank you, whoever posted Post 4. What are you, anyway, a PhD in Computer Science? A PC Jedi Master? Whatever you are, whereever you are, we are both very grateful.

12. Bravo Number 4 Post by Guest. 2004-11-20 12:11:03
This really works!! U don't have to take your PC to a professional to do the job.'

I've been bothered by VirtuMonde for some time, tried many things, Norton can't delete it, Ad-Aware can't delete it, almost going to reinstall my PC. Luckily I found this post, and followed the instruction here, and it works.

Even though the files were not listed here, but i want to say "Thank You Very Much" to you, number 4 post.

13. Virtumonde variant by Guest. 2004-11-18 14:11:03
Here is how to remove it (long post sorry)
I read a comment made by another user that the files name was not windowsupd or the variations listed.

It may or may not be Virtumonde but it is a nasty bugger to get rid of.

Do the following exactly or it will come back to haunt you.

Open regetit and backup the registry (just in case)
Go to HKLMsoftwarewindowscurrent versionrunonce

There will be an entry starting with an asterisk *
The data section will point to a file on your system.
Find that file, right click, Properties, security.
Remove all access to the file. The users list needs to be blank or it won't work. If you have inherited permissions uncheck that and when you are asked to copy or remove just click remove.

Now save these changes by clicking OK all the way out.

Reboot.

Ok the virus is now inactive so you have to do the cleanup.

Open regedit go back to HKLMsoftwarewindowscurrent version and look under all the RUN keys (run, runonce, runex, etc) delete all entries that start with an *.

Now go back to the original file you removed access to and add yourself to the access list with full control.
Save changes and then delete file and empty recycle bin.

You should now be clean of the virus.

14. Different File by Guest. 2004-11-15 23:11:29
I seem to have this spy-ware on my system but I have dvdfax.exe running as the process not one of those windowsudp or sysudp files...

15. i can't seem to open.. by Guest. 2004-10-27 08:10:32
I can't seem to open "Run". I was able to do everything else. What else can I do?

16. re ....how do i find by Guest. 2004-10-25 19:10:59
if you have to ask how to find a registry key then you have no business even dealing with it ... take it to a professional ....
certified pc technician
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.