VirtuMonde Removal Guide
Do you have VirtuMonde?
This “VirtuMonde Removal Guide” article will show you how to identify and remove VirtuMonde. This guide will be updated as more information is available.
VirtuMonde Detection Test
Run SpyHunter’s Spyware Scanner to check for VirtuMonde infections on your PC.
VirtuMonde Description
Parasite Type: Adware
VirtuMonde Method of Automatic Detection
The removal of spyware such as VirtuMonde can be a difficult process. If you regularly run a spyware scan with a good spyware remover, you can automatically detect VirtuMonde and other Spyware, Adware, Worms, Trojans and Browser Hijackers.
To quickly detect VirtuMonde, follow the instructions below:
Download SpyHunter’s Spyware Scanner.
- Select “Start Scan” to run a full system VirtuMonde scan.
- Reboot your computer.
- Run another scan to pick up any remaining VirtuMonde infections.
** SpyHunter’s Spyware Scanner only allows you to detect VirtuMonde and other spyware. In order to remove VirtuMonde, we advise you to buy the full-version of SpyHunter. Weekly VirtuMonde file updates and technical support are available with SpyHunter’s spyware remover.
VirtuMonde Manual Removal
Use Caution! Please read the instructions below carefully. Manual removal of VirtuMonde is a delicate procedure. Proceed at your own risk. We advise you to backup your system before you manually remove VirtuMonde.
If you are still having problems with VirtuMonde after completing these instructions, we recommend you download SpyHunter’s Spyware Detection Tool to safely detect VirtuMonde.
To manually remove VirtuMonde, follow these removal steps:
Stop VirtuMonde Processes
- To open Task Manager, use CTRL+ALT+DEL or CTRL+SHIFT+ESC.
- Go to Image Name to find “VirtuMonde” processes by name.
- Find and stop the “VirtuMonde” processes listed below.
Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
ces005dr.exe
nnx22011.exe
kopCFEWV.exe
castlecops[1].exe
unknown.exe
svci.exe
psdrv.exe
rasrun.exe
nwonknu.exe
editpad.exe
quicken.exe
winhost.exe
editpad.exewindowsupd2.exe
quicken.exe
winhost.exe
windowsupd2.exe
Unregister VirtuMonde DLL Files
- Go to Start > Run > type cmd and then press OK.
- To unregister “VirtuMonde” DLL file, type in the exact directory path +
regsvr32 /u + [DLL_NAME] (ex., :C\ VirtuMonde \> regsvr32 /u VirtuMonde.dll). - Find and unregister “VirtuMonde” DLL files listed below.
%SYSTEMROOT%\system32\ngcsqxjk.dll
%SYSTEMROOT%\system32\emwggtak.dll
%SYSTEMROOT%\system32\qkojjk.dll
%SYSTEMROOT%\system32\qyyrxbhh.dll
%SYSTEMROOT%\system32\vbtqveed.dll
%SYSTEMROOT%\system32\sdjomk.dll
%SYSTEMROOT%\system32\ddcCSMdc.dll
%SYSTEMROOT%\system32\pifgzo.dll
%SYSTEMROOT%\system32\nosemdos.dll
%SYSTEMROOT%\system32\efcDVnNG.dll
%SYSTEMROOT%\system32\jfewhfce.dll
%SYSTEMROOT%\system32\nrlvkj.dll
%SYSTEMROOT%\system32\mlJAsTll.dll
%SYSTEMROOT%\system32\mlJArpOh.dll
%SYSTEMROOT%\system32\sxvaedyd.dll
%SYSTEMROOT%\system32\dedyfg.dll
%SYSTEMROOT%\system32\ferskkrw.dll
%SYSTEMROOT%\system32\aglydi.dll
%SYSTEMROOT%\system32\vqivmg.dll
%SYSTEMROOT%\system32\knkkeu.dll
%SYSTEMROOT%\system32\qkqtodyv.dll
%SYSTEMROOT%\system32\rcggbwks.dll
%SYSTEMROOT%\system32\gtkbbs.dll
%SYSTEMROOT%\system32\xmmjlipj.dll
%SYSTEMROOT%\system32\erqfnx.dll
%SYSTEMROOT%\system32\uituyc.dll
%SYSTEMROOT%\system32\vsiots.dll
%SYSTEMROOT%\system32\scpxmz.dll
%SYSTEMROOT%\system32\jsfoig.dll
%SYSTEMROOT%\system32\tfvkod.dll
%SYSTEMROOT%\system32\axqnlt.dll
%SYSTEMROOT%\system32\eauuah.dll, mppzqf.dll, lmvvgenc.dll
%SYSTEMROOT%\system32\grzquz.dll
%SYSTEMROOT%\system32\riuosl.dll
%SYSTEMROOT%\system32\zatvky.dll
%SYSTEMROOT%\system32\vrzbdi.dll
%SYSTEMROOT%\system32\pmnmnLEX.dll
%SYSTEMROOT%\system32\ysdbsq.dll
%SYSTEMROOT%\system32\exqwxcji.dll
%SYSTEMROOT%\System32\bcmlvh.dll
%SYSTEMROOT%\System32\xxydwc.dll
%SYSTEMROOT%\system32\dsekqy.dll
%SYSTEMROOT%\System32\emgnzr.dll
%SYSTEMROOT%\system32\jajepkfx.dll
%SYSTEMROOT%\system32\ttyiplei.dll
%SYSTEMROOT%\system32\jhvwulaq.dll
%SYSTEMROOT%\system32\iyfgdvyy.dll
%SYSTEMROOT%\system32\tfpdhn.dll
%SYSTEMROOT%\system32\edljqdbo.dll
%SYSTEMROOT%\system32\jtrwal.dll
%SYSTEMROOT%\system32\skibqpxt.dll
%SYSTEMROOT%\system32\xxywWpqR.dll
%SYSTEMROOT%\system32\ufrxqr.dll
%SYSTEMROOT%\system32\efccddCU.dll
%SYSTEMROOT%\system32\ddcCtsqQ.dll
%SYSTEMROOT%\system32\jihacv.dll
%SYSTEMROOT%\system32\mgjdax.dll
%SYSTEMROOT%\system32\ucqrjj.dll
%SYSTEMROOT%\system32\prnwlk.dll
%SYSTEMROOT%\system32\drczbq.dll
%SYSTEMROOT%\system32\vtUkjKba.dll
%SYSTEMROOT%\system32\jpzzqm.dll
%SYSTEMROOT%\system32\bindnvej.dll
%SYSTEMROOT%\system32\ahjvks.dll
%SYSTEMROOT%\system32\ehowpify.dll
%SYSTEMROOT%\system32\oaisli.dll
%SYSTEMROOT%\system32\zpsdjn.dll
%SYSTEMROOT%\system32\vsdfgdqx.dll
%SYSTEMROOT%\system32\tzbgbt.dll
%SYSTEMROOT%\system32\bkcosq.dll
%SYSTEMROOT%\system32\mmwotqsl.dll
%SYSTEMROOT%\system32\mlJYpQjg.dll
kadpbbdr.dll
temlxopqgdk.dll
wvwxv.dll
winsrc.dll
pmnnn.dll
opnlifg.dll
opnkjjg.dll
ljjhgee.dll
mljighf.dll
mljgf.dll
ddcabya.dll
ddayy.dll
yayxuus.dll
opnnopq.dll
mljiggd.dll
iiffgfd.dll
vtutron.dll
gebabcd.dll
pmnlmnk.dll
ddcawvv.dll
nnlif.dll
fccdbab.dll
ssqpono.dll
urqollm.dll
opnlm.dll
ssqpq.dll
efcbbcc.dll
iifcyab.dll
ssqopqo.dll
ddaya.dll
mljgh.dll
byxxy.dll
xxyvspp.dll
byxvs.dll
jkhfe.dll
awtqomn.dll
opnnlmn.dll
hgggdbx.dll
nnlmn.dll
tuvutus.dll
ddcaaxu.dll
efcdaab.dll
khffefd.dll
cbxussr.dll
tuvvsrp.dll
gebyxuu.dll
ssqnolm.dll
ssqqn.dll
hggdefc.dll
pmnlj.dll
awtttqr.dll
mljjk.dll
bndsrsqo.dll
awtqopm.dll
geeby.dll
jiinhuyb.dll
sstqq.dll
mljhghe.dll
vtuts.dll
rqrssro.dll
byxurqq.dll
rqron.dll
mllmm.dll
jkhhf.dll
urstr.dll
vtsss.dll
ddcca.dll
pmnnm.dll
ssqqomk.dll
xxyxwxv.dll
wvursqn.dll
vtsts.dll
rqrppon.dll
ljjgedc.dll
khfcdba.dll
ddcyx.dll
tuvwuss.dll
sstur.dll
mljkkhf.dll
khfcdaw.dll
opnnljj.dll
cbxxywx.dll
nnnmmlk.dll
vtuspmn.dll
mllkk.dll
sstrs.dll
awtqqnl.dll
ddcbabx.dll
iifddby.dll
pmnlk.dll
SbCIe02b.dll
ssttr.dll
geebc.dll
pmnno.dll
jtr0079me.dll
hrj6051se.dll
cidrules.dll
rulesak.dll
lspak.dll
Delete VirtuMonde Registry Values
- Go to Start > Run > type regedit and then press OK.
- To search for VirtuMonde, press Ctrl + F and type VirtuMonde to
locate the key that has the value you want to delete. - To delete “VirtuMonde” value, right-click on it and select Delete.
- Find and delete “VirtuMonde” registry keys listed below.
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmKDtU
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AFFCBA64-651F-43DD-97BC-684C179618A5
01178AD0-E0BA-4624-A2A7-2FF828A80844
a6cefe49-8b87-471d-a1ce-495714b78b80
505964f0-9ad9-41a7-9ffb-49c060d720ce
3c7e20d1-e787-4e3b-8dac-a7687d1899ff
0524B01A-F7AF-4665-8BE1-BE460478A4FF
A63E645F-13BD-45ED-B15F-6E8C1BD57279
B0B3393C-62D1-44D8-ABF5-08E0F067F29E
7be88cbc-6d7b-4a98-857e-6c65523b813f
ca00c181-714f-4d26-acb0-b0f33c6439e5
519AD75B-6F4F-4E48-B7C9-3793CE64B509
C31C05B4-0A01-4DC2-8E5E-0315459F508E
4cab59b4-55a3-4737-9fd5-b93c6430bf76
14315df3-d035-49e2-949b-ae8c2a23c739
CB5DC5A5-F162-4B48-BBF6-3DDC62836285
AFFCBA64-651F-43DD-97BC-684C179618A5
11EDF9E4-A3CE-44B8-8DBB-64948F77B808
49a5d05d-e4a9-4670-8c4d-4099031c1453
037E77C2-A153-4A29-8D9A-16A031629FFd
62D1390B-75E8-445C-A99D-3340E08FD4C5
237873d9-d1b9-42b6-987b-f086140b383e
299B5FAC-2168-4A5D-A67D-AA4C8F8055DA
3f30d137-f50e-4b40-927e-b40ec125a068
92f69757-bae4-4c71-9dae-3298ed7c11aa
93350c7e-163b-4a3b-96e5-154b58d33d6a
03b9c36c-139b-40df-a510-c3224aedf48f
75ABCF92-9764-4DFA-A83F-5142C3905052
4b58dd09-080f-4417-8dc4-2d19bbe49fc7
55900762-469d-421f-9268-162d00bc2ab3
5d89cb9c-f2a1-43a5-a6fd-bdbf3688747b
4d58f285-10b4-48d5-a378-63102081359e
f9f2d698-4bb7-4b32-9059-e9b7bb328337
7a03a593-de50-4edb-b682-a5d5e9d3d967
9b2bb67d-12d6-49b8-a186-2eec081a548e
e2dd9458-f71a-42cf-8706-a694f147e8a8
87bbb91d-3535-44ff-b209-91b49ca8e1fa
e43f1b7c-71ac-4ecb-a398-36faf7513768
2AABD0C3-1B64-4DE0-AE17-BBBE806197F2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNgGx
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbBRKD
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AD72687B-CF83-4463-8E95-2CB3198CA5F6
5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
29681927-b22c-4eea-b7c0-4a34fb62529e
866d26cd-56b2-4a3f-84ba-825ea199099b
f55bcd71-47e0-4c7b-81ae-53e197293088
7252d783-5e03-4621-b9dc-29c2e6da8086
FFA0E487-277F-4C2D-A509-EE12E51D03EC
A1C50067-D883-45F4-B991-D5FAAAA4CAB1
A51F62AE-D855-44B8-BB71-352C69FBF257
AD72687B-CF83-4463-8E95-2CB3198CA5F6
35843B6D-FA05-42C7-BBF3-6343F011D444
9E91EF7B-6846-45C3-A8AB-67CF7C900783
8a2fa032-bb09-4ef3-9ec0-bafb1412cb8e
242fe30b-f264-49b8-9ac1-3095389fba03
ec8020d0-89dc-4531-9200-c9cefe301e90
4caf47ba-df5a-4ebf-b5f5-9965d8060939
11ece6bb-8155-4e05-bacf-a452151107af
71fd4dba-7b71-4919-b15a-2ca0f68cd384
90b7bdb9-8798-4b86-a3c7-c3ba8069b2eb
e43f6db8-d6dd-40b0-bfce-80a032475332
45e6b878-e844-4765-81dc-7bc1bc01b2b0
1764AF3F-400C-415E-9A92-67A7D55C2C71
0a7a4957-9298-4605-9872-24da8a514db6
f6473971-cbf4-49ab-96a1-74b92d63f718
4c23403e-346b-40b4-8fe8-b80516c8ada9
90a0468b-3120-48fc-8aa1-378d2a4228db
0b27b1d3-b168-4d26-a135-9f44ae91793f
7B0FCA45-023B-452A-B893-D007523A9ED8
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyywTMD
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\60EDCEE2-B6AF-4F2E-BB15-14F101364B47
0955079E-3A5E-4FF7-A7C9-2A65CAAE1EF2
60EDCEE2-B6AF-4F2E-BB15-14F101364B47
4EF267EE-D1A4-4C92-85A9-B51B58A53BE4
5850d2e6-6e49-4d0a-bb2e-a49e8fa2eee6
b72df2c1-1205-4f44-b188-8dda6f84e30b
BB7EA5A7-A6AE-4575-96A3-098A577D4765
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmjhIY
E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\135B4804-7728-4137-B6D8-5CC590110C9D
f06718dd-b23e-4c0f-bcd8-24bcdc5e2df4
84178bfa-b729-48a8-af52-836f668dc7e8
04e6699f-53a0-4c02-aefd-7bfff3835ea2
4CAFAF0C-C38F-43C1-8080-390E776254DE
0c294220-1a9d-476a-a918-53f2da2571e4
71e40ee5-71ae-4e0d-8324-949376d44774
EB338DB6-EC2C-456B-B5AD-ED97FB489684
32D0CCCB-4D89-4510-BAF7-028BC11E60DB
F24F5951-B29D-49B0-9BB3-BE6818CA6940
135B4804-7728-4137-B6D8-5CC590110C9D
804B913C-F0BD-4FC0-8D86-2A8DE2F682B2
32E451A3-6C66-412C-8F6E-65778F016BC6
D7336D32-62F7-43B5-8B8C-3963C72CA498
cdfbb87c-0d5f-48b3-bf4a-2f5c3db9b0de
fc796ded-5fa6-4a4b-8473-3636b0fe9d1b
71A4297F-F337-45B4-9B5C-4D6EE32AC45B
499E5F81-EBE0-4D08-818D-3E88B0A13542
77e00874-1b7e-41c6-ba97-43e2463efada
60ABF6AC-BAE2-4400-8936-0593C3C9A8A8
a7ef6dba-8a53-4f52-bd9a-01a6a4e083c0
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrrsPH
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPGXp
4846D90B-B1ED-402A-A718-91E88C6E2839
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
03F408E7-0903-46E1-9284-EC56550C3597
9936EFFC-4A2C-4F1B-BB68-DEDC6916EE19
D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
59148BE8-B764-447A-9302-4AEB7187D3CB
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYpmkK
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
8B522498-4803-4A8D-A297-46AE273C44A6
CB5A3EDC-08DA-48D4-BD49-AC53308B64DC
684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsRjhg
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
9D9294A6-8FB0-4206-AD93-5E9A9EF0B517
956677BE-F493-4F74-ACD6-E5A0E62904A5
82B8E0B5-45F5-4779-966A-C474164F8F7F
a1e653d7-374b-4f3c-aa1d-fd259c751c11
B1FFEAF8-F7C8-445D-98FE-9AD04897C6AE
9B5D62CC-A31F-41E6-AB67-9D51D48B5C07
9F24CE12-437E-4413-BA41-0BF61D67EC80
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtUno
0f70b574-9236-469c-bb21-9654dac1f67d
963db810-b29b-4595-aea0-649db6103abc
3CAB59B4-55A3-4737-9FD5-B93C6430BF75
3DB7BCD6-5AB2-4224-9D5C-91596FDA31B9
6bffbb42-ac73-4d2f-8109-562f11353e93
f4ececf2-73d0-474e-06da-11f818303327
ea3f2b22-4a94-4b29-8101-881882e0d8b9
965585E8-9537-45FE-952F-DDE5BE10AE52
24E9519B-3F70-429B-99BC-4B2B49B96F66
7FDF7614-0DF6-4A84-9041-2D873AB5C2C5
2FEAE5F7-1F4D-A231-30D1-04759E1C1FCB
90696A05-6C9A-488F-957D-4D4A3D5F61C2
3BE9150C-E2ED-4294-8F70-4CCA872A7BB3
AA8DFF57-1E4B-4A01-9681-AB25E1CF6532
3A0909EF-95E0-47B3-B117-FA03D9FDDBD1
826A5ED9-1316-4EFD-87F8-AA400C5D551A
12C71A70-09ED-4515-A39C-99E973B8E9F7
5550F659-4DE0-497D-B8A2-3E1AFB973784
B5FAC233-228C-4106-BB63-3031B84E2AB9
B82F29E4-8368-4B14-9C00-5138C0D94034
59FEDA57-3BE1-450E-B368-F93067B94C86
4C16CAB4-7053-2AD8-5166-2C00BAB3D8BE
63AB48C9-01A8-495C-8194-A715DB8A37A2
F2A65CD2-0CDE-4E63-B8F3-16D90EF77603
A98D0065-7326-41B5-B8D9-C5B692CDB82F
B0BCDD0D-1EC9-4EA4-A013-5642B9598271
9FEA8F43-D4ED-458C-B727-B667025676A0
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlifg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkjjg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjhgee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcbaxw
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxyvwu
9543B1E1-5B66-4DFA-B579-0B392D0BB33C
5A7CFD83-8907-460B-88C5-8CBAD95F1CF1
037C7B8A-151A-49E6-BAED-CC05FCB50328
571A01F0-FBF2-4411-A41B-BBB3CE6189E4
FFF29BE4-24AC-4E31-B99B-45238B764111
D81BE140-D159-4732-BCE8-185C9210E38E
E180F496-8A4B-44E2-9FE0-0364E345DB7F
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcawvu
BCB279E3-2BB4-4A4B-90C5-3CEBACC6B15C
7de1e3d1-c102-4dca-bd3d-43cbe8303ee5
FA6E43E6-F825-4317-BBCC-EC8462D1F3A5
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljighf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrqon
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiigefg
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuuutt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcabya
DB7BB42E-456D-4203-ADCF-C0B999112DA0
64C8EADA-5CDB-4A79-9213-F3F68E851D56
24C61C09-62C0-42ED-B640-53F7FEC9098A
7D7F29A5-8D07-44FE-89B6-A8F4DFFD03FB
20EC205F-3300-4013-A537-69DDC176CF42
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiffgfd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljiggd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggeeee
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayxuus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnnopq
F7608A7B-DB2D-4CF1-8930-708A32896876
D604A3C9-1BDF-48AA-8CB3-80C2752FB6C5
C3A84C81-8E37-4EAA-8E6C-C4FF35A67F96
7F96901E-BEB4-4316-B165-5C4F2D6314CA
98663E21-9CCE-4CF6-863C-911A9523A66F
49D63E18-33B1-46F2-82C2-39431FB94794
415D402F-A6FC-4CA2-927B-2323BAAFB966
CA28FAC6-6381-4F89-9090-F399BBAFC26C
5AAF23D8-4489-43D8-A064-319D1254ABCA
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebabcd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtutron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnlmnk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqolkll
1A4318F1-865F-43A0-88A6-22666DDB6F47
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcawvv
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuspmn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccdbab
47A21439-A069-4BC1-BB70-54C9ED60691F
CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134
9DEC9A9D-E4F1-4081-A06E-76601F998EB4
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcbbcc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqpono
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifcyab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urqollm
259B6215-70A2-4789-9978-64CD33632682
6A061FA1-352D-4902-94FB-46BD37FD7FAF
81182B58-0DB8-4671-A345-BD9B20E6FC72
506602EA-3290-416C-84E7-B2B331D2DFA2
6A30EED0-7D3E-40AC-946D-CF769A3ACDF5
DB1F1927-3FFC-4313-82AD-6A75758E5D32
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqopqo
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlmjh
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxvusr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\qommlii
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxxyay
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\xxyvspp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdcdd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqomn
817A8844-1AF6-4093-B74A-DD91676A179E
A47BD9A5-EF81-4E2D-B5D8-A5AF7099683E
326F7029-5B4F-4D02-8D77-F16322C282C1
3FABB570-CFE9-43FB-82F4-F065466077B4
F9491793-47BB-4F3C-9B1A-08A8E4F88D0D
88741C23-A892-4B7E-8F89-4A69CB12DA67
6551122A-4DEB-4949-8ABF-72972775F028
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hgggdbx
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvutus
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmkjj
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcaaxu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrsss
9D88DD0F-5C78-417D-9E48-DDE4BCC53E9F
AEBF6926-DBA6-4100-A838-1CED0169AB78
F95B14B7-B316-49DA-972C-1225025AFB7A
46523B68-2656-4D4D-B415-20907B8E649A
A288996D-94BC-4C73-8CC7-A20F8A435A98
2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcdaab
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khffefd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxussr
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvsrp
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebyxuu
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnolm
200D0AAD-71B1-51C9-DDB0-092BA4662A54
01CD0B31-9154-45F2-9414-F5D64B74EAF6
AB30E818-2B0F-4336-BB29-35D245598EDB
634BBAB7-3F60-4426-944F-A62B9007F67F
C408EC5B-CC5E-451D-B831-6DB83DA47244
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
232D2677-68EE-4FA1-B988-279EBC8969ED
A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
90624170-D668-409E-A2F5-C0710044760F
3385764C-85FC-45CC-B290-E97646306BB2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
582C46EE-9E66-4DE0-92A5-34B971099C0C
429E0606-5905-4CCD-998A-9D2C29DE6F33
B1F4D9B0-7300-408A-B70A-677CC7276EF6
90375CC7-C153-4D5C-B81D-C4011A3C16D3
2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
DA0053C8-1501-48C6-BD86-167AA3DEC119
A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
9DC8B477-C55C-4373-953D-8913334A8D8B
1B2E9329-C933-4A5D-908C-9A8251D1B7C6
CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
2AD3123A-16FF-404E-92E5-47128E40D281
6980D6C1-F025-4067-B8B8-F12029EA0CD2
53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
4E35C785-B803-471E-AF03-74BDE42EA65A
C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
89AD4D75-2429-462e-BD4E-443F233F6033
45B20293-5C68-4271-B4FD-F43A4075A2E3
837B45D6-BF85-457D-AABF-6D2E7815F791
B7672BAF-E9A3-49B6-86B2-C81719A18A4C
53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
F40114E6-51D4-4EE4-9F38-2E979AF84593
35B868E9-614B-47BA-81F7-841B8B055247
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
5A04F1F7-C0A5-41A1-8C23-7A96894B9002
F9C57A10-3FFE-4E94-924E-264713738291
719C7140-463A-45CB-BA90-828B11FCF5A4
1f9137dc-0b86-43e1-a596-8b2b49125124
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
855879EC-968C-4480-976B-870669F5F95A
44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
28DD5FA9-7526-4463-A548-BD2877B2710A
27534EA2-AF0A-4405-9143-8837572099BC
41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
095514BB-363E-451D-9BAE-A054E51BD0B0
82412A22-FFED-4A67-B37D-4127EBA1BB02
8410970E-714C-4F14-AA6B-B3B2F3246827
E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
05029E1B-4C41-4681-8F7F-2AEC346136F4
01ABD624-98FE-4B37-81F2-4E5B41799B6B
1FB63E52-4D6E-48C1-A08F-F630FE50F337
5A4A2D56-931A-4733-9121-033A2D95A274
3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
22E58089-6DB5-45D9-BF87-6C8975246D26
F73AF695-229D-4549-B1A0-20DA99A81F19
F00EFDF5-0042-4F5E-9F20-C688409CF918
B2030C9A-DE59-457D-A042-D827AD69C8F3
9CF8EE9B-0B2E-464A-9700-D7B46142BD99
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
662BB3E3-204F-44FA-A827-143B8AB4B036
C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
B763C083-57E0-4993-B058-13008952DF68
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
A05DA7E0-383C-4E99-A72A-742050A152A2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
6148028B-D532-4417-8C0B-5A4A0B745393
D38439EC-4A7F-42b4-90C2-D810D7778FDD
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
2FCAB754-0535-470E-8F80-BACB6CA1ACC1
83B28A74-640D-48F4-9F51-E80EED7CC7E0
Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
D714A94F-123A-45CC-8F03-040BCAF82AD6
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
22B271AB-3D0A-4CCB-8AD9-DD08183C356A
68616403-4FFB-4B19-B360-0B0B1F55D5EC
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
D01C9902-73AF-47FF-B784-05FDB6604FCF
HKEY_LOCAL_MACHINE\software\targetsoft
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
13589181-4f0d-4553-b9f8-b4b72172c139
HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\atlevents.atlevents
VirtuMonde Symptoms
There are many signs that your PC has been hijacked and infected with VirtuMonde or other spyware applications. To reduce the damage that can be done to your PC, start detecting VirtuMonde symptoms on time. Below is a list of possible VirtuMonde symptoms that your PC may have. Notice that certain spyware symptoms vary depending on upon the severity of the infection and other factors.
- Installs without your knowledge or permission. Usually spyware such as VirtuMonde may be installed from a website through an embedded script or program in a webpage. There are some malwares that install through web pop-ups or free software that require you to accept a downloadable file.
- Tracks your surfing habits. Spyware applications such as VirtuMonde are designed to track and collect details such as what websites you visit, what your usernames and passwords are and other sensitive information. Malware may even record and collect your login details for your online bank account.
- Bombards your PC with popup ads. Some unwanted applications such as VirtuMonde display annoying popups (often for adult or other objectionable web sites) while you are surfing the Web and even when your PC has been idle for many minutes.
- Modifies or hijacks your homepage and displays new desktop shortcuts. Some spyware programs like VirtuMonde add new unnecessary shortcuts on your desktop. Moreover, VirtuMonde may actually change your default homepage to a different homepage. Sometimes VirtuMonde won’t even allow you to change it back to your original homepage.
- Slows down your PC’s performance. One of the most common spyware symptoms is when your system suddenly starts operating slower than usual. Spyware applications use a lot of your PC’s resources to deliver popup ads and send information to third-parties which can results in a slow computer performance and system crashes.
VirtuMonde Method of Infection
One of the most common reasons for getting infected with VirtuMonde or other types of spyware is because people do not apply safe Internet practices. It is important to learn how one gets infected with VirtuMonde or other types of spyware. Once you know what not to do, you will be able to avoid falling victim to spyware.
Below we provide some possible reasons why you might have become infected with VirtuMonde:
- You received an e-mail with an attachment from someone you don’t know and opened it. This is one of the most common ways for Adware, Viruses, or Spyware like VirtuMonde to infect your PC. How do you know that the attachment is dangerous? It usually sends attachments that end with a .exe, .com, .bat, or .pif. Do not open email attactments if you don’t know who the sender is!
- You were surfing the Web and you clicked on a popup ad warning you that your PC is infected. You panicked and clicked on the ad’s OK button; thus you were directed to VirtuMonde’s website and it tried to push a product on you. Ignore such messages! We recommend closing these windows by clicking on the X instead of the OK button.
- You visited a questionable website. A large amount of spyware is mostly pushed through adult sites. You might have accidentally clicked on a link that automatically installed unwanted software such as VirtuMonde.
- You downloaded a freeware or shareware program. Some developers offer their software for free, but can come with other unwanted programs such as VirtuMonde bundled with it. Do not install any free software without reading its EULA. By simply reading a program’s EULA, you can determine whether a program you are installing has spyware bundled with it.
- You downloaded a peer-to-peer (P2P) or shared network application. Very often peer-to-peer sharing programs are bundled with spyware similar to VirtuMonde.
- You downloaded some program from Warez or Crack websites. The downloads from these websites are often overrun with dangerous infections such as VirtuMonde.
VirtuMonde Quick Prevention Tips
Follow the VirtuMonde prevention tips below to avoid VirtuMonde infections and other malicious software.
- Run Windows Updates regularly to ensure you have the most up-to-date and secure system. A good tactic is to set up your system to check for updates on a regular basis.
To set up your system to access automatic updating services, follow these steps:
Go to Start > Control Panel > System > Automatic Updates (XP) or Start > Settings > Control Panel > Automatic Updates (2000). - Use a firewall. A firewall is a software or hardware that serves as a blockade to keep data secure and safe and unauthorized users off your computer or network. You can choose from a variety of firewalls that are designed to meet different needs.
- Firmly secure Internet Explorer settings. If you’re using Internet Explorer as your browser, change its settings to block spyware applications.
To change Internet Explorer settings, go to Tools > Internet Options > Security > Custom Level.
You will see a section near the top of the dialogue box devoted to Active X controls. There you should disable downloading of both signed and unsigned Active X controls and those marked as unsafe. Some Active X objects are spyware, and this action will block them. - Install a good and reputable anti-virus program. Make sure that you install only reputable anti-spyware and anti-virus software like SpyHunter. Most reputable anti-spyware software programs today are also designed to identify known viruses, which could contain Trojan horses as well.
- Always keep your anti-spyware or anti-virus up-to-date with the latest malware definitions. The creators of anti-virus applications are constantly finding new security holes in their software and providing software updates. Therefore, it is important to make sure your anti-virus and anti-spyware programs are up-to-date. These updates are typically installed through an integrated update system.
- Practice safe Internet surfing habits. Stay away from any questionable sites, including pornography, gambling, hacking or other off-beat sites.
The purpose of this “VirtuMonde Removal Guide” article is to describe the removal process of SpyLocked. The SpyLocked manual removal instructions are to serve as a guide. We do not guarantee that the manual removal instructions will completely remove VirtuMonde. It is advised to use SpyHunter to safely remove SpyLocked.
