Spyware Database
 Uninstall VirtuMonde
VirtuMonde Description and Removal Instructions
VirtuMonde is an adware program that downloads and displays targeted pop-up adverts. VirtuMonde may hijack your browser to unwanted advertising-related sites. In addition, VirtuMonde may monitor your Web surfing habits so it could bombard you with hundreds targeted ads.
IMPORTANT DISCLAIMER
Please note: This website is NOT associated or affiliated in any way
with VirtuMonde or its creators. The content provided in this article should NOT be construed as an endorsement, a recommendation or an advertisement for VirtuMonde.
The goal of this article is to assist computer users on the detection and removal of VirtuMonde. This article is provided on an "as is" basis and to be used for informational purposes only. |
Why Should I Remove VirtuMonde?
Note: Manual removal is a difficult process and it is not recommend
unless you are an expert in this field. Therefore, your best defense is to
download and install a reliable anti-spyware program to scan VirtuMonde and other spyware on your machine.
In order to detect VirtuMonde in the easiest and fastest way possible, we advised trying the free SpyHunter scanner provided on this website.
The free version of SpyHunter is only a detection utility.
However, if you wish to continue to the VirtuMonde removal stage with SpyHunter, you must first purchase the full version of SpyHunter or you
can manually remove VirtuMonde by moving on to the "Remove VirtuMonde Manually" section.
Online threats constantly change to avoid detection, and therefore SpyHunter comes equipped with a full technical support, as well as a
one-on-one customer support service called Spyware HelpDesk which gives its support technicians the ability to create a custom automated
fix tailored to your PC. If SpyHunter is unable to detect and remove VirtuMonde, the Spyware Helpdesk will generate a custom fix, transmit
it to your SpyHunter removal tool and completely remove VirtuMonde from your PC.
 Download SpyHunter Scanner.
- Run a full system scan to detect VirtuMonde files.
- Once you've detected VirtuMonde on your PC, you will then need to purchase SpyHunter to start the removal process.
- Reboot your PC and rerun the scan for any remaining traces of VirtuMonde.
** SpyHunter scanner version is ONLY for detection. To remove VirtuMonde
and other threats, you will need to purchase SpyHunter's removal tool.
Remove VirtuMonde Manually
Tip:
If you are not an expert in this field, we highly
recommend you use SpyHunter to scan your PC for VirtuMonde. You'll run
the risk of damaging your computer if you make a mistake
during the manual removal process.
Stop the following VirtuMonde processes:
windowsupd2.exe
winhost.exe
quicken.exe
editpad.exe
nwonknu.exe
rasrun.exe
psdrv.exe
svci.exe
unknown.exe
castlecops[1].exe
kopCFEWV.exe
nnx22011.exe
ces005dr.exe
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
Remove the following
VirtuMonde registry keys:
HKEY_CLASSES_ROOT\atlevents.atlevents
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\targetsoft
D01C9902-73AF-47FF-B784-05FDB6604FCF
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
68616403-4FFB-4B19-B360-0B0B1F55D5EC
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
D714A94F-123A-45CC-8F03-040BCAF82AD6
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
83B28A74-640D-48F4-9F51-E80EED7CC7E0
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
D38439EC-4A7F-42b4-90C2-D810D7778FDD
6148028B-D532-4417-8C0B-5A4A0B745393
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
A05DA7E0-383C-4E99-A72A-742050A152A2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
B763C083-57E0-4993-B058-13008952DF68
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
662BB3E3-204F-44FA-A827-143B8AB4B036
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
B2030C9A-DE59-457D-A042-D827AD69C8F3
F00EFDF5-0042-4F5E-9F20-C688409CF918
F73AF695-229D-4549-B1A0-20DA99A81F19
22E58089-6DB5-45D9-BF87-6C8975246D26
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
5A4A2D56-931A-4733-9121-033A2D95A274
1FB63E52-4D6E-48C1-A08F-F630FE50F337
01ABD624-98FE-4B37-81F2-4E5B41799B6B
05029E1B-4C41-4681-8F7F-2AEC346136F4
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
8410970E-714C-4F14-AA6B-B3B2F3246827
82412A22-FFED-4A67-B37D-4127EBA1BB02
095514BB-363E-451D-9BAE-A054E51BD0B0
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
27534EA2-AF0A-4405-9143-8837572099BC
28DD5FA9-7526-4463-A548-BD2877B2710A
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
855879EC-968C-4480-976B-870669F5F95A
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
1f9137dc-0b86-43e1-a596-8b2b49125124
719C7140-463A-45CB-BA90-828B11FCF5A4
F9C57A10-3FFE-4E94-924E-264713738291
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
35B868E9-614B-47BA-81F7-841B8B055247
F40114E6-51D4-4EE4-9F38-2E979AF84593
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
837B45D6-BF85-457D-AABF-6D2E7815F791
45B20293-5C68-4271-B4FD-F43A4075A2E3
89AD4D75-2429-462e-BD4E-443F233F6033
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
4E35C785-B803-471E-AF03-74BDE42EA65A
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
6980D6C1-F025-4067-B8B8-F12029EA0CD2
2AD3123A-16FF-404E-92E5-47128E40D281
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
9DC8B477-C55C-4373-953D-8913334A8D8B
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
DA0053C8-1501-48C6-BD86-167AA3DEC119
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
90375CC7-C153-4D5C-B81D-C4011A3C16D3
B1F4D9B0-7300-408A-B70A-677CC7276EF6
429E0606-5905-4CCD-998A-9D2C29DE6F33
582C46EE-9E66-4DE0-92A5-34B971099C0C
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
3385764C-85FC-45CC-B290-E97646306BB2
90624170-D668-409E-A2F5-C0710044760F
A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
232D2677-68EE-4FA1-B988-279EBC8969ED
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
C408EC5B-CC5E-451D-B831-6DB83DA47244
634BBAB7-3F60-4426-944F-A62B9007F67F
AB30E818-2B0F-4336-BB29-35D245598EDB
01CD0B31-9154-45F2-9414-F5D64B74EAF6
200D0AAD-71B1-51C9-DDB0-092BA4662A54
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnolm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebyxuu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvsrp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxussr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khffefd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcdaab
2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B
A288996D-94BC-4C73-8CC7-A20F8A435A98
46523B68-2656-4D4D-B415-20907B8E649A
F95B14B7-B316-49DA-972C-1225025AFB7A
AEBF6926-DBA6-4100-A838-1CED0169AB78
9D88DD0F-5C78-417D-9E48-DDE4BCC53E9F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcaaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmkjj
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvutus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hgggdbx
6551122A-4DEB-4949-8ABF-72972775F028
88741C23-A892-4B7E-8F89-4A69CB12DA67
F9491793-47BB-4F3C-9B1A-08A8E4F88D0D
3FABB570-CFE9-43FB-82F4-F065466077B4
326F7029-5B4F-4D02-8D77-F16322C282C1
A47BD9A5-EF81-4E2D-B5D8-A5AF7099683E
817A8844-1AF6-4093-B74A-DD91676A179E
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqomn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdcdd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\xxyvspp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxxyay
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\qommlii
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxvusr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlmjh
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqopqo
DB1F1927-3FFC-4313-82AD-6A75758E5D32
6A30EED0-7D3E-40AC-946D-CF769A3ACDF5
506602EA-3290-416C-84E7-B2B331D2DFA2
81182B58-0DB8-4671-A345-BD9B20E6FC72
6A061FA1-352D-4902-94FB-46BD37FD7FAF
259B6215-70A2-4789-9978-64CD33632682
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urqollm
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifcyab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqpono
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcbbcc
9DEC9A9D-E4F1-4081-A06E-76601F998EB4
CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134
47A21439-A069-4BC1-BB70-54C9ED60691F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccdbab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuspmn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcawvv
1A4318F1-865F-43A0-88A6-22666DDB6F47
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqolkll
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnlmnk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtutron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebabcd
5AAF23D8-4489-43D8-A064-319D1254ABCA
CA28FAC6-6381-4F89-9090-F399BBAFC26C
415D402F-A6FC-4CA2-927B-2323BAAFB966
49D63E18-33B1-46F2-82C2-39431FB94794
98663E21-9CCE-4CF6-863C-911A9523A66F
7F96901E-BEB4-4316-B165-5C4F2D6314CA
C3A84C81-8E37-4EAA-8E6C-C4FF35A67F96
D604A3C9-1BDF-48AA-8CB3-80C2752FB6C5
F7608A7B-DB2D-4CF1-8930-708A32896876
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnnopq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayxuus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggeeee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljiggd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiffgfd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdaxu
20EC205F-3300-4013-A537-69DDC176CF42
7D7F29A5-8D07-44FE-89B6-A8F4DFFD03FB
24C61C09-62C0-42ED-B640-53F7FEC9098A
64C8EADA-5CDB-4A79-9213-F3F68E851D56
DB7BB42E-456D-4203-ADCF-C0B999112DA0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcabya
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuuutt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiigefg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrqon
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljighf
FA6E43E6-F825-4317-BBCC-EC8462D1F3A5
7de1e3d1-c102-4dca-bd3d-43cbe8303ee5
BCB279E3-2BB4-4A4B-90C5-3CEBACC6B15C
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcawvu
E180F496-8A4B-44E2-9FE0-0364E345DB7F
D81BE140-D159-4732-BCE8-185C9210E38E
FFF29BE4-24AC-4E31-B99B-45238B764111
571A01F0-FBF2-4411-A41B-BBB3CE6189E4
037C7B8A-151A-49E6-BAED-CC05FCB50328
5A7CFD83-8907-460B-88C5-8CBAD95F1CF1
9543B1E1-5B66-4DFA-B579-0B392D0BB33C
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxyvwu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcbaxw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjhgee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkjjg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlifg
9FEA8F43-D4ED-458C-B727-B667025676A0
B0BCDD0D-1EC9-4EA4-A013-5642B9598271
A98D0065-7326-41B5-B8D9-C5B692CDB82F
F2A65CD2-0CDE-4E63-B8F3-16D90EF77603
63AB48C9-01A8-495C-8194-A715DB8A37A2
4C16CAB4-7053-2AD8-5166-2C00BAB3D8BE
59FEDA57-3BE1-450E-B368-F93067B94C86
B82F29E4-8368-4B14-9C00-5138C0D94034
B5FAC233-228C-4106-BB63-3031B84E2AB9
5550F659-4DE0-497D-B8A2-3E1AFB973784
12C71A70-09ED-4515-A39C-99E973B8E9F7
826A5ED9-1316-4EFD-87F8-AA400C5D551A
3A0909EF-95E0-47B3-B117-FA03D9FDDBD1
AA8DFF57-1E4B-4A01-9681-AB25E1CF6532
3BE9150C-E2ED-4294-8F70-4CCA872A7BB3
90696A05-6C9A-488F-957D-4D4A3D5F61C2
2FEAE5F7-1F4D-A231-30D1-04759E1C1FCB
7FDF7614-0DF6-4A84-9041-2D873AB5C2C5
24E9519B-3F70-429B-99BC-4B2B49B96F66
965585E8-9537-45FE-952F-DDE5BE10AE52
ea3f2b22-4a94-4b29-8101-881882e0d8b9
f4ececf2-73d0-474e-06da-11f818303327
6bffbb42-ac73-4d2f-8109-562f11353e93
3DB7BCD6-5AB2-4224-9D5C-91596FDA31B9
3CAB59B4-55A3-4737-9FD5-B93C6430BF75
963db810-b29b-4595-aea0-649db6103abc
0f70b574-9236-469c-bb21-9654dac1f67d
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtUno
9F24CE12-437E-4413-BA41-0BF61D67EC80
9B5D62CC-A31F-41E6-AB67-9D51D48B5C07
B1FFEAF8-F7C8-445D-98FE-9AD04897C6AE
a1e653d7-374b-4f3c-aa1d-fd259c751c11
82B8E0B5-45F5-4779-966A-C474164F8F7F
956677BE-F493-4F74-ACD6-E5A0E62904A5
9D9294A6-8FB0-4206-AD93-5E9A9EF0B517
EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsRjhg
684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
CB5A3EDC-08DA-48D4-BD49-AC53308B64DC
8B522498-4803-4A8D-A297-46AE273C44A6
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYpmkK
59148BE8-B764-447A-9302-4AEB7187D3CB
D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
9936EFFC-4A2C-4F1B-BB68-DEDC6916EE19
03F408E7-0903-46E1-9284-EC56550C3597
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
4846D90B-B1ED-402A-A718-91E88C6E2839
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPGXp
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrrsPH
a7ef6dba-8a53-4f52-bd9a-01a6a4e083c0
60ABF6AC-BAE2-4400-8936-0593C3C9A8A8
77e00874-1b7e-41c6-ba97-43e2463efada
499E5F81-EBE0-4D08-818D-3E88B0A13542
71A4297F-F337-45B4-9B5C-4D6EE32AC45B
fc796ded-5fa6-4a4b-8473-3636b0fe9d1b
cdfbb87c-0d5f-48b3-bf4a-2f5c3db9b0de
D7336D32-62F7-43B5-8B8C-3963C72CA498
32E451A3-6C66-412C-8F6E-65778F016BC6
804B913C-F0BD-4FC0-8D86-2A8DE2F682B2
135B4804-7728-4137-B6D8-5CC590110C9D
F24F5951-B29D-49B0-9BB3-BE6818CA6940
32D0CCCB-4D89-4510-BAF7-028BC11E60DB
EB338DB6-EC2C-456B-B5AD-ED97FB489684
71e40ee5-71ae-4e0d-8324-949376d44774
0c294220-1a9d-476a-a918-53f2da2571e4
4CAFAF0C-C38F-43C1-8080-390E776254DE
04e6699f-53a0-4c02-aefd-7bfff3835ea2
84178bfa-b729-48a8-af52-836f668dc7e8
f06718dd-b23e-4c0f-bcd8-24bcdc5e2df4
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\135B4804-7728-4137-B6D8-5CC590110C9D
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk
E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmjhIY
BB7EA5A7-A6AE-4575-96A3-098A577D4765
b72df2c1-1205-4f44-b188-8dda6f84e30b
5850d2e6-6e49-4d0a-bb2e-a49e8fa2eee6
4EF267EE-D1A4-4C92-85A9-B51B58A53BE4
60EDCEE2-B6AF-4F2E-BB15-14F101364B47
0955079E-3A5E-4FF7-A7C9-2A65CAAE1EF2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\60EDCEE2-B6AF-4F2E-BB15-14F101364B47
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyywTMD
7B0FCA45-023B-452A-B893-D007523A9ED8
0b27b1d3-b168-4d26-a135-9f44ae91793f
90a0468b-3120-48fc-8aa1-378d2a4228db
4c23403e-346b-40b4-8fe8-b80516c8ada9
f6473971-cbf4-49ab-96a1-74b92d63f718
0a7a4957-9298-4605-9872-24da8a514db6
1764AF3F-400C-415E-9A92-67A7D55C2C71
45e6b878-e844-4765-81dc-7bc1bc01b2b0
e43f6db8-d6dd-40b0-bfce-80a032475332
90b7bdb9-8798-4b86-a3c7-c3ba8069b2eb
71fd4dba-7b71-4919-b15a-2ca0f68cd384
11ece6bb-8155-4e05-bacf-a452151107af
4caf47ba-df5a-4ebf-b5f5-9965d8060939
ec8020d0-89dc-4531-9200-c9cefe301e90
242fe30b-f264-49b8-9ac1-3095389fba03
8a2fa032-bb09-4ef3-9ec0-bafb1412cb8e
9E91EF7B-6846-45C3-A8AB-67CF7C900783
35843B6D-FA05-42C7-BBF3-6343F011D444
AD72687B-CF83-4463-8E95-2CB3198CA5F6
A51F62AE-D855-44B8-BB71-352C69FBF257
A1C50067-D883-45F4-B991-D5FAAAA4CAB1
FFA0E487-277F-4C2D-A509-EE12E51D03EC
7252d783-5e03-4621-b9dc-29c2e6da8086
f55bcd71-47e0-4c7b-81ae-53e197293088
866d26cd-56b2-4a3f-84ba-825ea199099b
29681927-b22c-4eea-b7c0-4a34fb62529e
5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AD72687B-CF83-4463-8E95-2CB3198CA5F6
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbBRKD
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNgGx
2AABD0C3-1B64-4DE0-AE17-BBBE806197F2
e43f1b7c-71ac-4ecb-a398-36faf7513768
87bbb91d-3535-44ff-b209-91b49ca8e1fa
e2dd9458-f71a-42cf-8706-a694f147e8a8
9b2bb67d-12d6-49b8-a186-2eec081a548e
7a03a593-de50-4edb-b682-a5d5e9d3d967
f9f2d698-4bb7-4b32-9059-e9b7bb328337
4d58f285-10b4-48d5-a378-63102081359e
5d89cb9c-f2a1-43a5-a6fd-bdbf3688747b
55900762-469d-421f-9268-162d00bc2ab3
4b58dd09-080f-4417-8dc4-2d19bbe49fc7
75ABCF92-9764-4DFA-A83F-5142C3905052
03b9c36c-139b-40df-a510-c3224aedf48f
93350c7e-163b-4a3b-96e5-154b58d33d6a
92f69757-bae4-4c71-9dae-3298ed7c11aa
3f30d137-f50e-4b40-927e-b40ec125a068
299B5FAC-2168-4A5D-A67D-AA4C8F8055DA
237873d9-d1b9-42b6-987b-f086140b383e
62D1390B-75E8-445C-A99D-3340E08FD4C5
037E77C2-A153-4A29-8D9A-16A031629FFd
49a5d05d-e4a9-4670-8c4d-4099031c1453
11EDF9E4-A3CE-44B8-8DBB-64948F77B808
AFFCBA64-651F-43DD-97BC-684C179618A5
CB5DC5A5-F162-4B48-BBF6-3DDC62836285
14315df3-d035-49e2-949b-ae8c2a23c739
4cab59b4-55a3-4737-9fd5-b93c6430bf76
C31C05B4-0A01-4DC2-8E5E-0315459F508E
519AD75B-6F4F-4E48-B7C9-3793CE64B509
ca00c181-714f-4d26-acb0-b0f33c6439e5
7be88cbc-6d7b-4a98-857e-6c65523b813f
B0B3393C-62D1-44D8-ABF5-08E0F067F29E
A63E645F-13BD-45ED-B15F-6E8C1BD57279
0524B01A-F7AF-4665-8BE1-BE460478A4FF
3c7e20d1-e787-4e3b-8dac-a7687d1899ff
505964f0-9ad9-41a7-9ffb-49c060d720ce
a6cefe49-8b87-471d-a1ce-495714b78b80
01178AD0-E0BA-4624-A2A7-2FF828A80844
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AFFCBA64-651F-43DD-97BC-684C179618A5
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmKDtU
7DDB071D-FE54-4B5C-B577-380F3DDFF000
E7683750-B89A-402F-8F22-EBF3DA3F70C2
5102b002-845b-4545-8c80-fdf9cf4a910b
a2a4374d-86be-4a53-96aa-de8d5c353558
f92a2961-c48e-48f9-94c4-9b16f66b2e05
1326b103-1a17-4dcd-a1e9-d7444462b3f5
f29ac8c0-9bf7-49f6-89a6-56f4a920a9ac
b299062f-1444-40af-b413-1b0b0d774129
03ce200e-8abf-4048-a20e-fdec08f7c2b1
a42c261d-6894-412d-a472-326f7d6208d9
2c09d555-e7ea-44d7-aa02-77fa0c8c5637
bef5aa5e-1743-4644-bc53-d9051958a72b
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\E7683750-B89A-402F-8F22-EBF3DA3F70C2
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\037C7B8A-151A-49E6-BAED-CC05FCB50328
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrRIy
5248db72-612a-4475-b7c8-275de6aec6cb
Unregister the following VirtuMonde DLL files:
lspak.dll
rulesak.dll
cidrules.dll
hrj6051se.dll
jtr0079me.dll
pmnno.dll
geebc.dll
ssttr.dll
SbCIe02b.dll
pmnlk.dll
iifddby.dll
ddcbabx.dll
awtqqnl.dll
sstrs.dll
mllkk.dll
vtuspmn.dll
nnnmmlk.dll
cbxxywx.dll
opnnljj.dll
khfcdaw.dll
mljkkhf.dll
sstur.dll
tuvwuss.dll
ddcyx.dll
khfcdba.dll
ljjgedc.dll
rqrppon.dll
vtsts.dll
wvursqn.dll
xxyxwxv.dll
ssqqomk.dll
pmnnm.dll
ddcca.dll
vtsss.dll
urstr.dll
jkhhf.dll
mllmm.dll
rqron.dll
byxurqq.dll
rqrssro.dll
vtuts.dll
mljhghe.dll
sstqq.dll
jiinhuyb.dll
geeby.dll
awtqopm.dll
bndsrsqo.dll
mljjk.dll
awtttqr.dll
pmnlj.dll
hggdefc.dll
ssqqn.dll
ssqnolm.dll
gebyxuu.dll
tuvvsrp.dll
cbxussr.dll
khffefd.dll
efcdaab.dll
ddcaaxu.dll
tuvutus.dll
nnlmn.dll
hgggdbx.dll
opnnlmn.dll
awtqomn.dll
jkhfe.dll
byxvs.dll
xxyvspp.dll
byxxy.dll
mljgh.dll
ddaya.dll
ssqopqo.dll
iifcyab.dll
efcbbcc.dll
ssqpq.dll
opnlm.dll
urqollm.dll
ssqpono.dll
fccdbab.dll
nnlif.dll
ddcawvv.dll
pmnlmnk.dll
gebabcd.dll
vtutron.dll
iiffgfd.dll
mljiggd.dll
opnnopq.dll
yayxuus.dll
ddayy.dll
ddcabya.dll
mljgf.dll
mljighf.dll
ljjhgee.dll
opnkjjg.dll
opnlifg.dll
pmnnn.dll
winsrc.dll
wvwxv.dll
temlxopqgdk.dll
kadpbbdr.dll
%SYSTEMROOT%\system32\mlJYpQjg.dll
%SYSTEMROOT%\system32\mmwotqsl.dll
%SYSTEMROOT%\system32\bkcosq.dll
%SYSTEMROOT%\system32\tzbgbt.dll
%SYSTEMROOT%\system32\vsdfgdqx.dll
%SYSTEMROOT%\system32\zpsdjn.dll
%SYSTEMROOT%\system32\oaisli.dll
%SYSTEMROOT%\system32\ehowpify.dll
%SYSTEMROOT%\system32\ahjvks.dll
%SYSTEMROOT%\system32\bindnvej.dll
%SYSTEMROOT%\system32\jpzzqm.dll
%SYSTEMROOT%\system32\vtUkjKba.dll
%SYSTEMROOT%\system32\drczbq.dll
%SYSTEMROOT%\system32\prnwlk.dll
%SYSTEMROOT%\system32\ucqrjj.dll
%SYSTEMROOT%\system32\mgjdax.dll
%SYSTEMROOT%\system32\jihacv.dll
%SYSTEMROOT%\system32\ddcCtsqQ.dll
%SYSTEMROOT%\system32\efccddCU.dll
%SYSTEMROOT%\system32\ufrxqr.dll
%SYSTEMROOT%\system32\xxywWpqR.dll
%SYSTEMROOT%\system32\skibqpxt.dll
%SYSTEMROOT%\system32\jtrwal.dll
%SYSTEMROOT%\system32\edljqdbo.dll
%SYSTEMROOT%\system32\tfpdhn.dll
%SYSTEMROOT%\system32\iyfgdvyy.dll
%SYSTEMROOT%\system32\jhvwulaq.dll
%SYSTEMROOT%\system32\ttyiplei.dll
%SYSTEMROOT%\system32\jajepkfx.dll
%SYSTEMROOT%\System32\emgnzr.dll
%SYSTEMROOT%\system32\dsekqy.dll
%SYSTEMROOT%\System32\xxydwc.dll
%SYSTEMROOT%\System32\bcmlvh.dll
%SYSTEMROOT%\system32\exqwxcji.dll
%SYSTEMROOT%\system32\ysdbsq.dll
%SYSTEMROOT%\system32\pmnmnLEX.dll
%SYSTEMROOT%\system32\vrzbdi.dll
%SYSTEMROOT%\system32\zatvky.dll
%SYSTEMROOT%\system32\riuosl.dll
%SYSTEMROOT%\system32\grzquz.dll
%SYSTEMROOT%\system32\eauuah.dll, mppzqf.dll, lmvvgenc.dll
%SYSTEMROOT%\system32\axqnlt.dll
%SYSTEMROOT%\system32\tfvkod.dll
%SYSTEMROOT%\system32\jsfoig.dll
%SYSTEMROOT%\system32\scpxmz.dll
%SYSTEMROOT%\system32\vsiots.dll
%SYSTEMROOT%\system32\uituyc.dll
%SYSTEMROOT%\system32\erqfnx.dll
%SYSTEMROOT%\system32\xmmjlipj.dll
%SYSTEMROOT%\system32\gtkbbs.dll
%SYSTEMROOT%\system32\rcggbwks.dll
%SYSTEMROOT%\system32\qkqtodyv.dll
%SYSTEMROOT%\system32\knkkeu.dll
%SYSTEMROOT%\system32\vqivmg.dll
%SYSTEMROOT%\system32\aglydi.dll
%SYSTEMROOT%\system32\ferskkrw.dll
%SYSTEMROOT%\system32\dedyfg.dll
%SYSTEMROOT%\system32\sxvaedyd.dll
%SYSTEMROOT%\system32\mlJArpOh.dll
%SYSTEMROOT%\system32\mlJAsTll.dll
%SYSTEMROOT%\system32\nrlvkj.dll
%SYSTEMROOT%\system32\jfewhfce.dll
%SYSTEMROOT%\system32\efcDVnNG.dll
%SYSTEMROOT%\system32\nosemdos.dll
%SYSTEMROOT%\system32\pifgzo.dll
%SYSTEMROOT%\system32\ddcCSMdc.dll
%SYSTEMROOT%\system32\sdjomk.dll
%SYSTEMROOT%\system32\vbtqveed.dll
%SYSTEMROOT%\system32\qyyrxbhh.dll
%SYSTEMROOT%\system32\qkojjk.dll
%SYSTEMROOT%\system32\emwggtak.dll
%SYSTEMROOT%\system32\ngcsqxjk.dll
%SYSTEMROOT%\system32\oxodam.dll
%SYSTEMROOT%\system32\mwktggcj.dll
%SYSTEMROOT%\system32\rgkvne.dll
%SYSTEMROOT%\system32\ybhwxj.dll
%SYSTEMROOT%\system32\uxqpfk.dll
%SYSTEMROOT%\system32\zgwlue.dll
%SYSTEMROOT%\system32\frcdmhox.dll
%SYSTEMROOT%\system32\jpjehkmn.dll
%SYSTEMROOT%\system32\vhsttu.dll
%SYSTEMROOT%\system32\wnhvnxjb.dll
%SYSTEMROOT%\system32\tbrxbxbw.dll
%SYSTEMROOT%\system32\tqwtqs.dll
%SYSTEMROOT%\system32\nnnlkkhg.dll
%SYSTEMROOT%\system32\labkne.dll
%SYSTEMROOT%\system32\bqjdrh.dll
%SYSTEMROOT%\system32\awtsPJcA.dll
%SYSTEMROOT%\system32\yayxyvwx.dll
%SYSTEMROOT%\system32\pfqjbewx.dll
%SYSTEMROOT%\system32\fdswmgss.dll
Locate and delete the following VirtuMonde
files:
windowsupd2.exe
winhost.exe
quicken.exe
editpad.exe
lspak.dll
rulesak.dll
cidrules.dll
nwonknu.exe
rasrun.exe
psdrv.exe
svci.exe
unknown.exe
hrj6051se.dll
jtr0079me.dll
pmnno.dll
geebc.dll
ssttr.dll
SbCIe02b.dll
pmnlk.dll
2chkdsk
iifddby.dll
ddcbabx.dll
castlecops[1].exe
gf1.0.0.2
kopCFEWV.exe
awtqqnl.dll
sstrs.dll
mllkk.dll
vtuspmn.dll
nnnmmlk.dll
cbxxywx.dll
opnnljj.dll
khfcdaw.dll
mljkkhf.dll
sstur.dll
tuvwuss.dll
ddcyx.dll
khfcdba.dll
ljjgedc.dll
rqrppon.dll
vtsts.dll
wvursqn.dll
xxyxwxv.dll
ssqqomk.dll
pmnnm.dll
nnx22011.exe
ces005dr.exe
ddcca.dll
vtsss.dll
urstr.dll
jkhhf.dll
mllmm.dll
rqron.dll
byxurqq.dll
rqrssro.dll
vtuts.dll
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
mljhghe.dll
sstqq.dll
jiinhuyb.dll
geeby.dll
awtqopm.dll
bndsrsqo.dll
mljjk.dll
awtttqr.dll
pmnlj.dll
hggdefc.dll
cbgzgdqt
ssqqn.dll
ssqnolm.dll
gebyxuu.dll
tuvvsrp.dll
cbxussr.dll
khffefd.dll
efcdaab.dll
ddcaaxu.dll
tuvutus.dll
nnlmn.dll
hgggdbx.dll
opnnlmn.dll
awtqomn.dll
jkhfe.dll
byxvs.dll
xxyvspp.dll
byxxy.dll
mljgh.dll
ddaya.dll
ssqopqo.dll
iifcyab.dll
efcbbcc.dll
ssqpq.dll
opnlm.dll
urqollm.dll
ssqpono.dll
fccdbab.dll
nnlif.dll
ddcawvv.dll
pmnlmnk.dll
gebabcd.dll
vtutron.dll
iiffgfd.dll
mljiggd.dll
opnnopq.dll
yayxuus.dll
ddayy.dll
ddcabya.dll
mljgf.dll
mljighf.dll
904598c7
ljjhgee.dll
opnkjjg.dll
opnlifg.dll
pmnnn.dll
winsrc.dll
wvwxv.dll
temlxopqgdk.dll
kadpbbdr.dll
VirtuMonde Advice
VirtuMonde manual removal process can be difficult to do because you're required to access and edit
sensitive files in your system registry.
Warning: If you try to remove VirtuMonde files without being completely
sure what you are doing, you run the risk of damaging or losing important data on your computer.
Tip: To avoid this risk, we highly recommend you use a good spyware cleaner/remover to
automatically find and remove VirtuMonde as well as spyware,
adware, trojan and malware in your PC.
VirtuMonde Automatic Detection
To automatically search for VirtuMonde...
Download SpyHunter Scanner.
** SpyHunter scanner version is ONLY for detection. To remove VirtuMonde
and other threats, you will need to purchase SpyHunter's removal tool.
For more details on VirtuMonde, please read our "VirtuMonde Overview" below.
VirtuMonde Overview
In the following sections, we investigate and explain the key malicious properties that are attributed to VirtuMonde.
How VirtuMonde infects your PC
VirtuMonde may use one or more of these methods to infect your computer. VirtuMonde is spyware that may take
control of your entire system. VirtuMonde may infect your computer...
- Through unexpected email attachments. One of the most popular ways of becoming infected with spyware is by opening an attachment
sent via e-mail. You should never open unexpected email attachments. Confirm with the sender first that they did in fact send the
email.
- Through browser security loopholes while you're surfing the Web. Some spyware can even bypass firewalls by disguising itself as
part of legitimate software.
- Through instant messenger programs. If you're not secured by a good firewall, spyware can attach itself when you're
sharing files with your instant messenger.
- VirtuMonde recreates, repairs and updates itself. VirtuMonde and other complex spyware
applications may recreate, repair and update themselves to evade deletion. When VirtuMonde alters, restores and updates
its files, DLLs, registry keys and process, a scanner may only remove part of the program allowing the other
remaining files to execute procedures to repair and update. In these cases, it can make the VirtuMonde manual removal
process very difficult.
VirtuMonde Prevention Rules
Follow these VirtuMonde prevention rules and protect your computer from VirtuMonde and other spyware:
Rule #1: Ensure that your Windows Security is up-to-date.
Every week Microsoft provides their new updates that can always be downloaded manually from the Microsoft website. To get
Microsoft Update, you should do the following steps:
- Go to IE > Tools > Windows Update > Product Updates,
- Select "ALL High-Priority Security Updates" from the list,
- Open IE and go to Internet Options > Security > Internet,
- Press "Default Level" and then OK,
- Press "Custom Level."
Rule #2: Download and install a reliable anti-spyware software.
A good anti-spyware software that recognizes current VirtuMonde as well as other forms of spyware
can be the answer to all your security issues. Listed below is an anti-spyware program that can effectively
reverse the damage of your computer and detect VirtuMonde automatically.
Download SpyHunter Scanner.
** SpyHunter scanner version is ONLY for spyware detection. To remove VirtuMonde
and other online threats, you will need to purchase SpyHunter's removal tool.
Rule #3: Keep your anti-spyware definitions up-to-date.
New VirtuMonde files can be created every day, thus it is very important to ensure that your
anti-spyware program is up-to-date. Your anti-spyware scanner should have an update feature where with a click
of a button so you can get new spyware definitions immediately. Often, good anti-spyware software will open
an update window reminding you that there are new updates available.
Rule #4: Install and keep your firewall turned on.
A firewall is vital for a complete protection of your PC. Ensure that your firewall is always turned on.
A firewall can stop unwanted software like VirtuMonde from hijacking your PC.
VirtuMonde and other Spyware Related Info:
Wikipedia.org/Spyware - Wikipedia's definition of spyware.
StopBadware.org - A non-profit organization that aims to fight against badware.
Anti-Spyware Coalition - Is a group dedicated to building a consensus about definitions and best
practices in the debate surrounding spyware and other potentially unwanted technologies.
|
