Question about Computers & Internet

1 Answer

Zlob and virtumonde

How can i remove zlob and virtumonde from my pc please

Posted by on

Ad

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

    Vice President:

    An expert whose answer got voted for 100 times.

  • Expert
  • 217 Answers

The Virtumonde or Vundo Trojan is a Trojan Horse Virus that is one of the most popular and deadly viruses infecting computers these days. It is a widely-spread trojan that shows a large amount of unsolicited pop-up advertisements and also silently downloads harmful files from the internet.

The virus is responsible for decreasing the amount of virtual memory available on your computer and it can considerably slow down the performance of your PC. That is not to mention all the other dangerous forms of activity it can spread across your Computer, such as installing more viruses adware, malware, spyware, and also Stealing private information such as passwords and credit card numbers.

Now If you are looking for a way to completely remove the Virtumonde virus from your computer then you've come to the right place. This page is dedicated to help you remove the virtumonde virus. It will run you through exactly what a Vundo Trojan is, where it comes from, how it effects your computer and how to completely remove it from your computer for good

Posted on Jul 15, 2009

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of.(from cars to computers, handyman, and even drones)
click here to download the app (for users in the US for now) and get all the help you need.
Goodluck!

Posted on Jan 02, 2017

Ad

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

2 Answers

How do you remove Virtumonde from Windows XP? I have tried malwarebytes and Ad Adware both with no success. I use Avast 5.0 which didn't catch it and Spybot S & D doesn't even spot it as a virus. This...


As far as free tools, you will want to try VundoFix and/or VirtumundoBegone.

VirtuMonde manual removal instructions:
Kill VirtuMonde processes:
kopCFEWV.exe
castlecops[1].exe
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
editpad.exe
quicken.exe
winhost.exe
editpad.exewindowsupd2.exe
quicken.exe
winhost.exe
windowsupd2.exe
Delete VirtuMonde files\folders and unregister dll’s:
opnnljj.dll
cbxxywx.dll
nnnmmlk.dll
vtuspmn.dll
mllkk.dll
sstrs.dll
awtqqnl.dll
kopCFEWV.exe
gf1.0.0.2
castlecops[1].exe
ddcbabx.dll
iifddby.dll
2chkdsk
pmnlk.dll
SbCIe02b.dll
ssttr.dll
geebc.dll
pmnno.dll
jtr0079me.dll
hrj6051se.dll
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
cidrules.dll
rulesak.dll
lspak.dll
editpad.exe
quicken.exe
winhost.exe
unknown.exewindowsupd2.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe

Remove VirtuMonde registry values (keys and subkeys):
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents

Mar 19, 2010 | Dell Dimension 3000 PC Desktop

1 Answer

Can you tell me how to delete zlob and virtumonde from my pc please


Go download this program from this website ( http://www.safer-networking.org/en/spybotsd/index.html ) ZLOB is a Trojan. ADD & REMOVE will not get rid of it.

Jul 15, 2009 | Computers & Internet

1 Answer

Zlob virus


I found this on the net, i hope this helps you out. It also says that this nasty virus is a tough one...and you still run the risk of ruining your info on the hard drive. Back-up critical info (Docs,Music, Game info etc)
And keep me posted on the results..i hope this helps you out! GOOD LUCK! 8-)


Step 1 : Use Windows File Search Tool to Find Zlob Path
  1. Go to Start > Search > All Files or Folders.
  2. In the "All or part of the the file name" section, type in "Zlob" file name(s).
  3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
  4. When Windows finishes your search, hover over the "In Folder" of "Zlob", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete Zlob in the following manual removal steps.

Step 2 : Use Windows Task Manager to Remove Zlob Processes
  1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  2. Click on the "Image Name" button to search for "Zlob" process by name.
  3. Select the "Zlob" process and click on the "End Process" button to kill it.
  4. Remove the "Zlob" processes files:
  5. msmsgs.exe nvctrl.exe msmsgs.exe nvctrl.exe
    Read more about How to kill Zlob Processes

Step 3 : Use Registry Editor to Remove Zlob Registry Values
  1. To open the Registry Editor, go to Start > Run > type regedit and then press the "OK" button.
  2. Locate and delete the entry or entries whose data value (in the rightmost column) is the spyware file(s) detected earlier.
  3. To delete "Zlob" value, right-click on it and select the "Delete" option.
  4. Locate and delete "Zlob" registry entries:
  5. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe, msmsgs.exeHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunRegSvr32=%System%msmsgs.exe HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe
    Read more about How to Remove Zlob Registry Entries

Step 4 : Use Windows Command Prompt to Unregister Zlob DLL Files
  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
  2. Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Zlob DLL file is located and press the "Enter" button on your keyboard. If you don't know where Zlob DLL file is located, use the "dir" command to display the directory's contents.
  3. To unregister "Zlob" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Zlob.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
  4. Search and unregister "Zlob" DLL files:
  5. uimcu.dll antzozc.dll dtjby.dll


Step 5 : Detect and Delete Other Zlob Files
  1. To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
  2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
  3. To change directory, type in "cd name_of_the_folder".
  4. Once you have the file you're looking for type in "del name_of_the_file".
  5. To delete a file in folder, type in "del name_of_the_file".
  6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
  7. Select the "Zlob" process and click on the "End Process" button to kill it.
  8. Remove the "Zlob" processes files:
  9. uimcu.dll antzozc.dll dtjby.dll dumpserv.com zxserv0.com vnp7s.net Protect RSA ncompat.tlb msvol.tlb hp[X].tmp msmsgs.exe nvctrl.exe dumpserv.com zxserv0.com vnp7s.net %UserProfile%\Application Data\Microsoft\Protect %UserProfile%\Application Data\Microsoft\Crypto\RSA ncompat.tlb msvol.tlb hp[X].tmp

Jun 07, 2009 | Toshiba Satellite Pro L300 Notebook

1 Answer

Zlob dns changer


check out PCWorld website for solution. they have many free utilities to solve problem.
Also, Windows Defender can stop virus from running at start up.

Jan 01, 2009 | Dell Dimension 5150 (DIM515MIN) PC Desktop

1 Answer

Pop up showing System Error. it reads Your system is infected with a dangerous virus----Note- strongly recommend to install Antispyware to clean system and avoid total crash of your computer. click OK to...


WINANTIVIRUSPro2008 spyware at its worst.

here are some removal options:

http://www.removeonline.com/remove-winantivirus2008-org-winantivirus2008-removal-instructions/

http://www.xp-vista.com/spyware-removal/win-antivirus-2008-removal-instructions

http://www.virtumonde.net/Winfixer/winfixer_removal.html

Sorry to tell you, but removal can be a pain

Jul 16, 2008 | Computers & Internet

1 Answer

Virtumonde virus/spyware


One of the first things you can try is a program called Vundofix. (http://vundofix.atribune.org/). But in my experience it only removes about 60% of cases. Depending on your expertise, your comfort level with command line and how important your data on your computer is. You have a couple of options:
1. You could reformat your computer (This has the down side of removing all of your data and programs but is much faster and easier than the other fixes)
2. You could (with guidance ie.me) try to remove it yourself (This has the down side of being time consuming but will save all of your information and will have the satisfaction of a job well done)
3. Take it in to a professional (Virtuemonde is one of the top 3 infections I see everyday in my line of work)

Jun 15, 2008 | Computers & Internet

6 Answers

Trojan.zlob


First thing to do is to download and run a decent anti-virus and anti-spyware program. The best free ones at the moment are AVGfree and AVGAS which are available for download from; http://www.free.grisoft.com/ Download the 2 programs, install them, update them, and then run a full system scan - first with the anti-virus then with the anti-spyware program. Hopefully they will find and deal with your trojan. Please ask again if you need more info, the AVG programs are very clear and simple to use :)

Sep 07, 2007 | Microsoft Windows XP Professional With...

Not finding what you are looking for?
Computers & Internet Logo

Related Topics:

115 people viewed this question

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...