Virtumonde (also known under a variety of aliases as Virtu Monde, Virtu-Monde, VirtuMonde Adware, Adware.VirtuMonde, VirtuMonde Spyware, VirtuMonde Virus) is a software application that monitors your browser and keeps track of your browsing habits. VirtuMonde uses this specific information to send targeted advertisements based upon your web-surfing activities directly to your computer. Usually installed as a component of another program, VirtuMonde infects the following systems: Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT, Windows XP and Windows Server 2003. VirtuMonde begins running as soon as your computer starts up, and since it operates in the background, it may often go unnoticed. Assisting this play of stealth is VirtuMonde's capability of renaming itself during execution.

Posted on February 14, 2007 in Rogue Anti-Spyware Program


SpywareKnight (also known as Spyware Knight) is a rogue anti-spyware application generally installed onto a computer through trojans or browser security weaknesses, without user knowledge or consent. Once active, SpywareKnight begins generating fake system scans depicting fictitious and grossly exaggerated infection results, along with fraudulent warning messages and pop-up windows. These tactics are to ensure the user believes the system is infected. The user is then prompted to purchase SpywareKnight in order to combat these non-existent threats.

Posted on February 10, 2007 in Rogue Anti-Spyware Program


SpySoldier (also known as Spy Soldier) is a rogue anti-spyware application that typically installs itself onto a computer with the aid of affiliated trojans or through browser security vulnerabilities. SpySoldier launches on Windows startup and may generate fake system scans that display fictitious and sometimes grossly exaggerated infection results, along with fabricated warning messages and popups, in order to trick the user into believing the computer has been infected. The user is then prompted to purchase and download the full version of SpySoldier in order to combat these threats.

Posted on February 9, 2007 in Rogue Anti-Spyware Program


Torpig is a Trojan horse that typically infiltrates a computer via security exploits and without the user's knowledge or consent. Once active, Torpig records the keystrokes and transmits the sensitive information to a remote server. Torpig also may create a security hole through which unauthorized users may gain remote access to personal and financial information, which may lead to identity theft.

Posted on December 12, 2006 in Spyware

'Update Available' Popup

'Update Available' Popup is a fake warning alert from the rogue program WinPC Antivirus. The text reads: "Update available. WinPC Antivirus has detected that new threat database is available. Would you like to download and install update now? Installation is recommended" If the user downloads and installs the update, they will automatically download and install WinPC Antivirus on their computer. Annoying pop-ups will continue with the intention of tricking the user into purchasing the full paid version of the rogue application WinPC Antivirus. It is strongly recommended that the user does not purchase the rogue program and removes the infection immediately.

Posted on October 12, 2006 in Fake Error Messages

'Firewall Warning' Fake Popup

'Firewall Warning' Pop up is a fake security warning alert created by the rogue anti-spyware application WinPC Antivirus. The 'Firewall Warning' Pop-up text reads: "FIREWALL WARNING. Hidden file transfer to remote host was detected. WinPCAntivirus has detected that somebdoy is trying to transfer your private data via Internet. We strongly recommend you to block the attack immediately. Details of the attack: remote host transfer IP; remote user computer name 'FORENSICS'" It is important that the user ignore the fake warning. If the user clicks on the warning notification, the WinPCAntivirus application will automatically download and the users screen will be flooded with annoying pop-ups. The purpose of the fake notifications and pop-ups are to trick the user into purchasing the full paid version of the rogue application...

Posted on September 19, 2006 in Fake Error Messages

New Support Log System

Due to the constantly evolving nature of spyware, when you use SpyHunter you may come across application issues that cannot be immediately resolved. To limit any frustration and further protect you against spyware infection, our developers have created the Support Log System. Our exclusive Support Log System takes snapshots of all the points of execution on your operating system, allowing us to precisely identify each and any problem. With a click of a button, you can send us your Support Log, and within hours you'll receive a repair file specially tailored to your PC. Once you follow the instructions and run the custom fix file, your system is purged of most spyware parasites, including those not already in our database of parasites! If your Support Log reveals a parasite not yet included in our database, it will be automatically...

Posted on September 18, 2006 in Product Releases

SpyHunter Keeps Displaying a Security Settings Message. What to Do?

If SpyHunter keeps displaying the message 'Unable to restore your security settings. It is possible a malevolent program has locked these settings on your computer', it does not necessarily mean that you are infected by a virus or by a parasite. SpyHunter will display such message if another program that provides security to your system is locking your windows security like an anti-virus program, another Spyware program or a firewall program. If SpyHunter is displaying the security settings message and when you scan your computer, no parasites are detected, that means you can either be over protected, which is good, or that means you are infected by something more advanced than a parasite like a virus or a trojan-virus. If your computer does not display pop-ups, if your internet explorer home page is not hijacked or if your computer...

Posted on August 20, 2006 in Product FAQ

Extended Download Service vs. Regular Account

The advantage of purchasing the Extended Download Service from compared to downloading the software from our website is that Digital River ( will provide a download replacement of your software if for some reason our site is not functioning. The extended download service does not cover product updates.

Posted on July 22, 2006 in Product FAQ

Re-Downloading/Re-Installing SpyHunter

Please, follow the instructions below to re-download and re-install the SpyHunter program. MAKE SURE that you UNINSTALL all the versions of the SpyHunter before re-downloading and/or re-installing the new version. To Uninstall the SpyHunter: Click on the Windows "Start" button (in the bottom left corner of your screen. Click on "Control Panel" (or "Settings", and then "Control Panel"). In the "Control Panel", double-click "Add/Remove Programs". In the list of programs that appears, find any mentions of SpyHunter. Left click the SpyHunter item once. A button that says "REMOVE" or "CHANGE/REMOVE" will appear below the item. Click this button. Go through the uninstaller, making sure to select the "Uninstall" option. Repeat step 4 for any other "SpyHunter-related" programs in your program list. Close the "Add/Remove Programs" section, and...

Posted on July 9, 2006 in Product FAQ, also know as or, is a tracking cookie designed to record users' internet activities. collects information such as the type of browser or IP address being used, the number of times certain websites are accessed, the length of time spent on each site and any other internet related information. Cookies were originally created and used for legitimate reasons such as storing user preferences, therefore they were not considered real computer threats. However, cyber criminals soon discovered that cookies can be utilized to steal users' confidential information. A cyber criminal can even steal a user's cookies via packet sniffing, a process that involves the intercepting and decoding of data streams flowing across a network. As harmful as some cookies may be,...

Posted on June 8, 2006 in Rogue Websites


Win32.Agent is an adware program that generally downloads unwanted software onto the compromised computer. When Win32.Agent is launched, it copies itself to %WINDIR%System32 under a random name and it will begin running each and every time Windows starts up.

Posted on May 2, 2006 in Trojans

Locating the Username and Password in the Receipt E-Mail

This article shows you how to locate the right Username and Password in the Receipt E-Mail to be used on the "SpyHunter Account Settings". Below is a copy of the Receipt E-Mail: The Username and Password on the top of the Receipt (#1) is the account information that you will use on the "SpyHunter Account Settings". It will also be used to log on to our website for future downloads and technical support requests. Note: When setting up the "SpyHunter Account Settings", make sure that there are no spaces before or after your username/email or password. For further directions and visual aid of the account setting process, go to HOW TO Set Up Your Account Settings on SpyHunter. The Username and Password on the bottom of the Receipt (#2) is the account information that you will use to download the SpyHunter program from's...

Posted on April 8, 2006 in Documentation

Netbus Trojan

Netbus Trojan, more frequently referred to as Netbus, is one of the most dangerous and readily-available pieces of malware on the Internet. Anyone can find Netbus and download it. If you leave your computer unprotected, Netbus can do amazingly extensive damage to your computer and to your own privacy. Essentially, Netbus allows a remote hacker to enter your computer, and to cause it to do literally anything they want it to do, and to get any information off of it that they want to get. With Netbus, a complete stranger can do anything with your computer that you can do, and that is no exaggeration. How Netbus Spreads and What It Does To be clear, Netbus is not a virus, because Netbus can't spread on its own. Netbus must be installed by the user of the infected computer. Netbus is called a Trojan, because in order to get the victim to...

Posted on March 29, 2006 in Trojans

Dark Bot

Dark Bot is a sad case, as far as malware goes. In general, because there is a very serious threat named Dark Bot causing a lot of infections right now, anything named Dark Bot needs to be treated with suspicion. In other words, unless you are already familiar with Dark Bot, avoid Dark Bot like the plague. History and Nature of Dark Bot Dark Bot did not begin as malware. Dark Bot was originally written in 2003, as an IRC chatbot, capable of carrying out basic conversations with people. Dark Bot was created with the best of intentions, in order to provide automated answers to repetitive questions on help channels, by pulling information from a database. In other words, Dark Bot was written so that more people could get help with their questions, while requiring less effort from human users at the answering end. Dark Bot is widely used,...

Posted on March 29, 2006 in Trojans