How to remove Troj/Virtum-Gen (also known as Virtumundo) from your computers.
Sophos product and version
Sophos Anti-Virus for Windows 2000+
Windows 2000, Windows XP, Windows 2003
What to do
IMPORTANT: Do not attempt to use SAV32CLI to remove Troj/Virtum-Gen (Virtumundo).
If a Sophos on-access, or on-demand, scan detects Troj/Virtum-Gen, the 'Clean Up' and 'Delete' options become unavailable. You must run a full system scan to remove it. You can run the scan either from Enterprise Console or locally on the infected computer.
- Run a full system scan:
- From Enterprise Console,
- In the console, right-click the infected computer.
- From the menu, select 'Full system scan'.
- On the infected computer(s)
- Right-click the Sophos shield and select 'Open Sophos Anti-Virus'.
- Click 'Set up a new scan'.
- Select all drives.
- Click 'Configure this scan'.
- In the dialog box, ensure that 'Scan all files' is selected, click OK.
- Click 'Save and start'.
- Once the scan completes, the 'Clean Up' option should be available. Select that option.
- When prompted, reboot the computer(s).
- Run a second scan to verify that Troj/Virtum-Gen has been removed.
If this procedure fails to remove Troj/Virtum-Gen, contact Sophos Technical Support. You may wish to discuss with them whether you can use Sophos Bootable Anti-Virus.
Refer also to Current major threats: Conficker, Virtumundo