Skip navigation.

Troj/Win32-virtumonde *

The naming convention on this sucker is quite large so it makes it difficult to classify the exact variant as that is a quite large field as well.

Either way I'm looking at one on a remote system right now and its actually hooking about 13 process. Its very difficult to kill since its running under so many processes. ordlix.dll I've got all the other loaded dlls out of the system and have prevented everything from loading up. Per request I can submit this dll if anyone would like to mess with it.

Any ideas on killing a dll in normal windows *since I'm remotely controlling the system* would be appreciated.


PS Md5


_ wh0[s] watch!ng y0u?


As I've just discovered you can deny perms and voila restart and delete

*cacls (name.dll) /p everyone:n
Delete dll

_ wh0[s] watch!ng y0u?

Probably the OSAM could help

Probably the OSAM could help you:
I have removed a lot of Virtumonde versions this way.

The only detail, for

The only detail, for removing Virtumonde, you should temporarily turn on the option: Disable objects using driver > Always.