Home / Spyware Encyclopedia / Trojan.Virtumonde
 Trojan.Virtumonde Technical Details
Category Trojan
Discovered 3/31/2007 9:52:00 AM
Modified 7/17/2009 11:10:55 AM
Threat Level Critical
Category Description

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Notice
Summary

The following http urls were started:
•x22.a2000171.wrs.mcboo.com/retadpu.exe
The hosts file was updated with the following url-to-ip mappings: NA
The following internet connection was established:
216.188.26.161 : 80

The following Files were created:

NameVersionPublisherSignature (MD5)File Size (in KB)
..\setup.exe0.0.0.0http://www.HoldemIndicator.com 4d43ed6cf24d2ac12e578bfbfdcd508c2863451
..\db8852bd.exe6.0.2900.2180eset1b2489095c2f1d7b4fdd13cc1a0f6b55696832
..\wvurolk.dll  6f459298a5b88418119aed85923412c2 
..\qonmnm.dll   131426
..\hgggeb.dll   131160
..\nnmkkk.dll   135015
..\hgggddd.dll  93b1b76e0282fcdbae330ad47959209e 
..\com\wr.exe1.0.0.2 ea36b08eab25063d83bd0daec8893ed39814
..\ssqnoom.dll  d36eb3460f0ae31a974c0fc39cb4a024 
..\com\wr.exe1.0.0.2  9814
..\rqropoo.dll  fbc0934712b4543347955a6b18446745 
..\xmlole.dll   255282
..\ssqqnnk.dll  e18a0360dbd2f7f3d7fb3c927917ebf3 
..\b.exe  9092af592a2c2c6b87c7f148e49fdb1b9334
..\fccbxoic.dll  7814a616c1481815d0509ebccacf5aab 
..\b.exe   9334
..\jkkiatlf.dll  eca2cc23c44457f6d4b681268ec8f130 
..\vtuuvur.dll   22692
..\awtssst.dll   22728
..\qomlmjh.dll   22697
..\pmnkige.dll   22757
..\fccyyvt.dll   22584
..\awttrom.dll   22579
..\ljjkiii.dll  e2e97c5263447ff638754a0d9c7f084a 
..\crmlog\tcptapi.dll   175678
..\ljjijjk.dll  db5208e53fefcae16770c9013fec3442 
..\527704e1.dll   287766

The following Registry Entries were created:

..\Software\Microsoft\Windows\CurrentVersion\RunOnce\\"*36c48b35"
..\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnkjyvu
..\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcaqphb
Recommendation to remove Trojan.Virtumonde

Spyware Detector can remove Trojan.Virtumonde, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Search Threats
Customer Service Rating by LivePerson