Halting Virtumonde Before Installation

Discussion in 'Malware Help (A Specialist Will Reply)' started by melbeach, Nov 25, 2008.

  1. melbeach

    melbeach Private E-2

    Has anybody ever halted an attempted Virtumonde installation before it could happen? In other words, did your AV software prompt you about an attempted installation, which you then denied? If so, which software were you using?

    Thanks!
     
    melbeach, Nov 25, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Most people who get Vundo infections have downloaded and installed something to cause it. Thus they have bypassed their protection software in most cases to install it. In general, no protection software can protect you if you choose not to listen to it. Also Vundo infections change ALL the time. Also sometimes Vundo sneaks into a system due to not having proper security updates or current versions of software installed. Vundo takes advantage of these security holes. One are that has been of concern is having old versions of Sun Java installed.

    At the current time no antivirus programs that I know of will properly protect you from, detect all forms of the infections, and remove them. Your best bet is to purchase tools like Malwarebytes Anti-Malware and SUPERAntispyware which are much better at detecting and removing Vundo infections.
     
    chaslang, Nov 26, 2008
    #2
  3. melbeach

    melbeach Private E-2

    A little late, but thanks for the reply! From what I've been reading about this, it sounds like this current rash of Virtumonde is kind of a mystery. Nobody knows for sure how it's getting in. I use Norton AV at highest settings and it didn't warn me. Although Norton did catch a couple that had to do with Flash in banner ads. Apparantly one made it thru undetected. It's that Antivirus 2009 popup. Once you click it to close, it's too late! That's what happened to me. Now I know, ctrl-alt-del when that happens. I did have an old Java version still hanging around, like you say.

    This guy here is on the trail: http://mice.org/blog/rubotted-notices-are-slowing-down/. That part about ad.yieldmanager.com hits home. That's one of the tracking links that Spybot caught in my case.
     
    melbeach, Nov 29, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It comes from many places just like SmitFraud type infections. Sometimes it is from accessing questionable websites or downloading codecs to view "videos".

    ad.yieldmanager.com is just an advertisement link seen on may webpages. I'm not sure that it can be blamed for Vundo infections.....although many sites often have to review who is buying advertisement space from them and if not check frequently enough, could be guilty of posting ads for rogue applications.
     
    chaslang, Dec 1, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds