LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 12-23-2017, 07:06 PM   #1
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Rep: Reputation: 20
Question Virtumonde Trojan (Windows 10)


I never encountered this trojan before. It is a serious pain in the backside. I am in the process of ridding someones Windows 10 laptop of it. I know this is a Linux forum but I trust peoples advice or suggestions here before I do anywhere else.

This thing is annoying. It slows down hardware and internet connection, stops windows from updating and makes a copy, one or more, of itself incase the first one crashes. Antivirus programs don't seem to pick it up but Spybot did, kind of. It has been around for awhile. I don't understand why no one has found a way to stop it. Anyways back to my original question before that little rant.

Does anyone have any suggestions or advice concerning this?

Thanks in advance.

I am so glad I use Linux only these days.

Last edited by Zyblin; 12-23-2017 at 07:34 PM.
 
Old 12-23-2017, 07:40 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,698
Blog Entries: 22

Rep: Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601
This one is something. It has its own Wikipedia article!

A web search for Vitumonde Trojan turns up many articles and removal guides. I'd be inclined to start with the one from WikiHow, if only because I've generally found their information reliable.

Once I got a removal tool and was ready to being removing it, I'd take the machine off the network if I could.
 
Old 12-24-2017, 07:11 PM   #3
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Original Poster
Rep: Reputation: 20
Thanks for the info.

Apparently this has been a problem since the end of November. Now I am seeing a keylogger, and the like, and NO windows based anti virus, etc., is picking them up. This is a mess. Not use to this anymore since I use Linux only these days.

I am about ready to just do a clean install. But I want to see if I can fix this first... I know I am smarter than Windows 10, so I will win this.

Last edited by Zyblin; 12-24-2017 at 07:19 PM.
 
Old 12-24-2017, 08:41 PM   #4
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,698
Blog Entries: 22

Rep: Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601
I am very fortunate not to have encountered this beastie myself, but I am a very cautious web surfer and I do not handle email on my Windows 7 machine, which is locked down like a drum. You might take a look at Spybot S & D; I've been using it on Windows since the 90s to supplement my AV programs.

Best of luck to you and please post the rest of the story.
 
Old 12-25-2017, 07:00 PM   #5
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Original Poster
Rep: Reputation: 20
Still working on this but it is looking so much better. Finally got Windows to update. Oddly for Windows programs the one that has helped a lot is Zone Alarm Anti Virus and Firewall, the free version. AVG, Windows scanning tools, etc. Did nothing. The only program that gave me a hint something was wrong was spybot. But even that didn't fix the issue. Yes, I am trying to do all of this in Windows with those programs for a couple of reasons, though I did cheat and had to use linux a few times.

I am not done yet only because I am in over paranoid mode. I want to double, triple check everything once it looks clean and fixed. Trojans are sneaky little....
 
Old 12-26-2017, 08:48 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,252

Rep: Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727
I've never trusted antivirus to do much good on windows. If I ever have a need to fix windows I do it from a clean install from known good media. All of the local media is suspect too. Usb drives, backups, cd's and networked media all have to be treated or wiped.
 
Old 12-26-2017, 09:40 PM   #7
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Original Poster
Rep: Reputation: 20
It looks like I cleaned it. Re-Checked it a few times, monitored it, etc. It runs great now, even updates fine. Funny. When I first started using Linux I was lost, but MS Windows I was fine with. Now it is completely reversed. I am so use to Linux I am lost on Windows. While I was working on that computer I kept trying to hit the F12 button to bring up Guake.
 
Old 12-26-2017, 10:34 PM   #8
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 13,698
Blog Entries: 22

Rep: Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601Reputation: 3601
Quote:
I've never trusted antivirus to do much good on windows. If I ever have a need to fix windows I do it from a clean install from known good media. All of the local media is suspect too. Usb drives, backups, cd's and networked media all have to be treated or wiped.
I have always been a cautious web surfer and avoided dodgy websites and suspicious links in emails, but I have had good luck with AV programs on Windows. I have had them more than once catch malicious attacks and prevent them from infecting my machines.

I remember a long time ago inserting a floppy disk in my disk drive (remember floppy disks? Aside: it was on the same week as the attack on the Federal Office Building in Oklahoma) and having F-Prot, which I was using at the time, inform me that the disk was infected with an MBR virus and prevent it from infecting my machine.

I would argue that Windows AV programs can do a lot of good, so long as user does not undermine them.

PEBCAK is always the biggest vector for malware.

Last edited by frankbell; 12-26-2017 at 10:36 PM.
 
Old 12-27-2017, 08:36 AM   #9
Zyblin
Member
 
Registered: Oct 2013
Distribution: Linux Mint 18.3 (64)
Posts: 175

Original Poster
Rep: Reputation: 20
Yeah I am starting to think this is user related myself. I tried to do this all in Windows. That way I can walk them through it over the phone if they are any issues, well small issues hopefully. In short there are reasons I don't do Facebook and the like online. But they do so I have to work with that. Avg failed big time with this. Yet Zone Alarm Anti-Virus, free version, was the opposite. I use to love AVG... well I don't hate it now. It is more likely that AVG was disabled by the Trojan and uninstalling AVG and the new install of Zone Alarm anti-virus and firewall worked better because it was a new install.

Last edited by Zyblin; 12-27-2017 at 08:43 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
windows admin stolen by trojan administrative share windows isnt talkin about how to 00_Fax_00 LinuxQuestions.org Member Intro 0 08-10-2012 03:44 PM
My windows OS just got taken down by a trojan paintedbull Linux - Newbie 6 12-05-2008 08:49 PM
Trojan removal on windows greygoose80 General 7 01-19-2005 09:05 PM
Windows ME is a Trojan HadesThunder General 12 04-16-2004 11:34 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 01:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration