How to remove VirtuMonde Adware..
Last week, my system got attacked with some Adware. Spyware Doctor and McAfee Scan showed that it’s Adware.VirtuMonde. But when I referred to the technical details of this Adware in Symantec website, the description didn’t match. Neither Spyware Doctor nor Windows Defender nor McAfee Enterprise could remove this Adware. Spyware Doctor and McAfee claimed that they removed it. But they didn’t. Windows Defender didn’t even notice its existence! Finally I had to remove it manually with great difficulty!
When I open any webpage on my system, this Adware used to replace all the Ads in that page with its own Ads! And that too some X-Rated Ads and some Ads that used to flicker and irritate the eyes. Suppose if you own a blog or website, and if this Adware is present on the system on which your website is being viewed, your Ads would be replaced by some other Ads. So if somebody clicks on those Ads, you won’t get the money! Somebody else will, the one who owns those Ads. I tried to catch at least the publisher’s ID by viewing the source of the webpage. But it doesn’t change the source and shows the original source! Google and a lot of publishers might have lost a lot of revenue because of this Adware.
When these so called Anti spywares and Anti Virus failed to remove, I went to the registry and checked whether there is any suspicious entry. There were some three suspicious entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ . I removed all of them and restarted the system. Even after reboot, this Adware was still present! I again checked the registry and there again, one entry was still remaining! It was “BM2ffa2d7f” and its value was “Rundll32.exe "C:\WINDOWS\system32\tnvyytik.dll",s”. Then I launched Process Explorer (SysInternals) and searched this dll, tnvyytik.dll. Alas! This DLL was attached to every process that was running in my system!!! The consequence of this is that you cannot delete this DLL even though you know its path. Simply because its attached to every process including the “Explorer” process. By this time, I was sure that tnvyytik.dll is the culprit.
Then I restarted the system. While it was booting, I pressed “F8” key and it took me to Windows booting options. I selected the option, “Safe Mode with Command Prompt”. Once it booted to the command prompt, I deleted using the tnvyytik.dll by the following command: del C:\WINDOWS\system32\tnvyytik.dll . It deleted this DLL successfully!
Then I restarted the Windows normally. Since the entry of this DLL was still present in the registry, Windows threw an error that it’s not able to find the tnvyytik.dll. Then I visited few Websites and saw that original Ads were being displayed. This damn Adware was finally thrown out of my system!!
Then one last work was pending. I removed the entry of this DLL from the registry and restarted the system. This time the entry didn’t appear again in the registry and my system was clean again..
I have experienced the same with kdsog.exe in the same library.