Virtumondo – virus hunt
The other day I got an unsuspected pop up window using Internet Explorer. Strange, I thought, this kind of problems must be extinct years ago, I surely did something wrong…?
The problem was pervasive.
I use a virus killer and a firewall , and I don't install software I'm not supposed to, except maybe Opera and Java.
I tried spyware killers of Google and Microsoft. It worked. One day later, the problem reappeared… and in addition they reported (and did not fix) a virus named "Virtumondo"!
The net is full of fixes and people telling stories of hours of work without result. Except the obvious, two "low hanging fruits" emerged:
1. Blocking Virtumondo.com and all popping up sites in %windir%\system32\drivers\etc\hosts
2. Removing write-access to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
I then restarted into safe mode with command prompt, ran anti virus, and removed all (three) reg keys under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" starting with "__".
That's it, I don't feel certain I removed the malware, but this is all I have time for, if the thing reappears I guess I'll ask for a new machine or full reinstall.
Tomorrow will be better.