My Date with Virtumond

June 24th, 2007 by mkatz

Spent the weekend cleaning a computer of Virtumond and tons of other spyware, bots, trojans, backdoors and various crap that an unprotected Windows PC can suck in. Here are a few observations.

First of all, antivirus vendors are really in the dark with spyware. Nod32 happily let Virtumond totally infect the machine along with about 20 other spyware related malware’s. To their defense, the updates were a few weeks old, but the license was valid and Virtumond has been out since 2005, so there’s really no excuse. F-PROT could detect it but couldn’t remove it. They were able to stop it from executing most of the time, but it was still able to execute at times.

Secondly, commercial spyware and spybot programs weren’t a hell of a lot better. Adaware detected Virtumond but couldn’t remove it nor stop it from executing. Adaware did find and remove about 20 other problems, but even after it was finished, Spybot found plenty of issues (free) and SpyHunter by Enigma Software found tons more, even after both of these were done. None of them could remove Virtumond though.

After Adaware, Spybot and Spyhunter finished, F-PROT was able to find some backdoor’s that remained, but still none of the quartet could fix Virtumond. I found a Symantec utility that claimed it could do the trick, but 20 minutes into it’s job I finally found a utility that a laman wrote, Vundufix.exe that did the trick faster than Bill Clinton can stain a dress.

I found it amazing that all of the computer scientists at Frisk, Lavasoft, Enigma, Spybot and Symantec could not do the job that one guy did with his utility that ran in about 20 seconds. There are many conclusions that one could draw - about the power of the Internet that I could find this one guy’s small program or the power of community in the after-days of hyper-investment in the computer security world, but the only conclusion that I draw is that is a great thing to to thank the guy that wrote Vundufix.exe and wish him well. The next time I am cleaning spyware I am going to spend a lot more time learning before I plunk down $40 for software that can’t do what it claims, such as SpyHunter and Adaware and I suggest you all do the same.

Technorati Tags: , , , , , ,

Posted in Opinions on Email Security, Uncategorized |

One Response

  1. Computer Software » Computer Software June 24, 2007 10:34 pm Says:
    June 24th, 2007 at 9:38 pm

    […] My Date with Virtumond I found it amazing that all of the computer scientists at Frisk, Lavasoft, Enigma, Spybot and Symantec could not do the job that one guy did with his utility that ran in about 20 seconds. There are many conclusions that one could draw … […]

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.