Skip navigation.
Home

Troj/Win32-virtumonde *

The naming convention on this sucker is quite large so it makes it difficult to classify the exact variant as that is a quite large field as well.

Either way I'm looking at one on a remote system right now and its actually hooking about 13 process. Its very difficult to kill since its running under so many processes. ordlix.dll I've got all the other loaded dlls out of the system and have prevented everything from loading up. Per request I can submit this dll if anyone would like to mess with it.

Any ideas on killing a dll in normal windows *since I'm remotely controlling the system* would be appreciated.

PS

PS Md5

133a961d981476d04a3b1e7a8575df9b

_ wh0[s] watch!ng y0u?

EDIT

As I've just discovered you can deny perms and voila restart and delete

*cacls (name.dll) /p everyone:n
Restart
Delete dll

_ wh0[s] watch!ng y0u?

Probably the OSAM could help

Probably the OSAM could help you:
http://www.online-solutions.ru/en/osam_autorun_manager.php
I have removed a lot of Virtumonde versions this way.

The only detail, for

The only detail, for removing Virtumonde, you should temporarily turn on the option: Disable objects using driver > Always.