Sophos Anti-Virus for Windows 2000+: removing Troj/Virtum-Gen (Virtumundo)

  • Article ID: 35439
  • Rating:
  • 1 customers rated this article 2.0 out of 6
  • Updated: 14 Jan 2011


How to remove Troj/Virtum-Gen (also known as Virtumundo) from your computers.

Sophos product and version

Sophos Anti-Virus for Windows 2000+

Operating system

Windows 2000, Windows XP, Windows 2003

What to do

IMPORTANT: Do not attempt to use SAV32CLI to remove Troj/Virtum-Gen (Virtumundo).

If a Sophos on-access, or on-demand, scan detects Troj/Virtum-Gen, the 'Clean Up' and 'Delete' options become unavailable. You must run a full system scan to remove it. You can run the scan either from Enterprise Console or locally on the infected computer.

  1. Run a full system scan:
    • From Enterprise Console,
      1. In the console, right-click the infected computer.
      2. From the menu, select 'Full system scan'.
    • On the infected computer(s)
      1. Right-click the Sophos shield and select 'Open Sophos Anti-Virus'.
      2. Click 'Set up a new scan'.
      3. Select all drives.
      4. Click 'Configure this scan'.
      5. In the dialog box, ensure that 'Scan all files' is selected, click OK.
      6. Click 'Save and start'.
  2. Once the scan completes, the 'Clean Up' option should be available. Select that option.
  3. When prompted, reboot the computer(s).
  4. Run a second scan to verify that Troj/Virtum-Gen has been removed.

If this procedure fails to remove Troj/Virtum-Gen, contact Sophos Technical Support. You may wish to discuss with them whether you can use Sophos Bootable Anti-Virus.

Refer also to Current major threats: Conficker, Virtumundo

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent