I had downloaded cracks, but some of them worked. Those cracks were OK. But later, when I've wanted to download another crack (from same site and possibly same crack) , it seemed suspicious. It had .zip.exe extension. Then I've got confused. To download or not to download? With luck, I've decided to not download it. You should never download something with .zip.exe (a.k.a. expanded extensions) extensions (or .txt.exe, .bmp.exe, .mp3.exe .bla.exe
). Now I've removed cracks.
A Question:
Does Virtumonde has something with WinSoftware (WinAntiVirusPro,WinFixer and ErrorSafe)?
from microsoft: Technical Information
Win32/Virtumonde is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Virtumonde is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Installation
Members of the Virtumonde family may compromise an affected system in a number of different ways. They use diverse methods of installation that often includes multiple components.
Virtumonde may use a dropper/downloader component that may be detected as one of the following:
TrojanDropper:Win32/Virtumonde.A
TrojanDropper:Win32/Virtumonde.B
TrojanDownloader:Win32/Virtumonde
Virtumonde also disables pop-ups if a targeted URL contains "mil" or "gov" in the domain.
Modifies System Security Settings
Virtuemonde makes the following registry modification in an attempt to bypass firewalls:
Sets value: "ProxyBypass"
With data: "1"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
Sends Information to Remote Server
Virtuemonde may gather and send the following information from the affected machine to a remote server:
Outlook Express Accounts
Information from Software\Microsoft\Internet Account Manager\Accounts
Pop3 and SMTP user names
Registered owner
OS version number
Network adapter info
MAC address
Keyboard layout
Installation time
Crash log
Additional Information
Virtumonde has been observed in the wild being bundled with rogue anti-spyware products, for example, it has been observed being bundled with 'Evidence Eraser Pro'.
Virtuemonde has also been observed using encryption techniques in order to obfuscate its communications with remote sites.
This family may create the following registry entries in which to store data:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aldd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SysUpd
The Win32/Virtumonde family is closely associated with the Win32/Vundo and Win32/Conhook families.
from f-secure: Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde.
Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.
Virtumonde infects Windows XP and 2000.
from wikipedia: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs.
As the virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, as when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojan, but Apple Safari seems to be unaffected by the Trojan's .dll file.
Depending on versions, Vundo attempts to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager or Windows registry editor. WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware program. In worst-case scenarios, it may embed itself in Internet Explorer and become part of the program, thus being nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses.
i dont know if it can infect vista, but java can be installed on vista so i think it can infect vista too if java is outdated. i dont know if it infects in other ways than java, maybe someone here knows if it could? as you see above: Virtumonde has been observed in the wild being bundled with rogue anti-spyware products.
i dont know if everything from wikipedia is true, i think i have read somewhere that all who wants can edit sites on wikipedia.
i didnt know so much about viruses and spyware when using kazaa, i was downloading software from kazaa some years ago and one time my antivirus detected that a virus was infecting files on my computer, the antivirus went crazy. i also downloaded many software from
www.download .com and i got spyware on the computer from some of the software from
www.download .com i dont remember if i downloaded something from warez sites.
so i will not recommend anyone to use cracks from filesharing programs or warez sites and not from other places either.
i was also visiting porn sites and got alot of malware from that sites, the malware was installing when visiting the porn sites without me knowing it.
at that time i didnt know that i should download updates from microsoft, so the only software that was updated on the computer was my antivirus. the firewall was disabled at that time too and i think that that setting was the default setting some years ago.
games,cracks, piggyback)
