Solution to sagipsul, virtumonde, etc.

Status
Not open for further replies.
Hi, folks,

Yesterday my computer got infected by some spyware that keeps popping out advertising webpages every several minutes. One of the webpages is called 'sagipsul.com' and that is why I googled to find this forum and found so many people are having the same trouble. Now after half-day working on this, I believe I have completely cleaned this spyware from my computer and I feel obligated to let other people know how to get it cleaned on their own computers.

First of all, this has nothing to do with 'sagipsul', it is all about a spyware called 'virtumonde'. I have tried spybot and ad-aware 2008, both of which can detect virtumonde and remove it from registry. The problem is that the virus is quite smart and is attaching to some memory-resident normal process, so that it can always recover and randomly generate several new registry entries. So every time after I detect and clean using spybot, it comes out again.

Now, here is the solution I found after googling 'virtumonde': (sorry I am not allowed to post any weblink directly, but here is how to get there:)
google virtumonde
click the first link (to wikipedia)
go down to the last section 'external links'
click the first link there

Basically you need to download four recommended softwares and run them one after another. For my case, the first two softwares did not detect any infected files on my computer. But the next two softwares helped to completely remove virtumonde and it never shows up when I run spybot now. I did not follow the instruction completely, e.g., I did not turn my computer to safe mode, I did not backup my computer either. You should consider how to follow the instruction at your own risk though.

Good luck
 
Status
Not open for further replies.
Back