Sophos

Troj/Virtum-Gen

Aliases
  • Virtumundo
  • Virtumonde
  • Vundo
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Protection available since 19 October 2007 20:12:09 (GMT)
Last updated 8 September 2008 23:19:19 (GMT)
Detected by All Sophos products
  • Endpoint Security and Control 9.0
  • Small business solutions 4.0

Action

Issue

How to remove Troj/Virtum-Gen (also known as Virtumundo) from your computers.

Sophos product and version

Sophos Anti-Virus for Windows 2000+

Operating system

Windows 2000, Windows XP, Windows 2003

What to do

IMPORTANT: Do not attempt to use SAV32CLI to remove Troj/Virtum-Gen (Virtumundo).

If a Sophos on-access, or on-demand, scan detects Troj/Virtum-Gen, the 'Clean Up' and 'Delete' options become unavailable. You must run a full system scan to remove it. You can run the scan either from Enterprise Console or locally on the infected computer.

  1. Run a full system scan:
    • From Enterprise Console,
      1. In the console, right-click the infected computer.
      2. From the menu, select 'Full system scan'. 
    •  On the infected computer(s)
      1. Right-click the Sophos shield and select 'Open Sophos Anti-Virus'.
      2. Click 'Set up a new scan'.
      3. Select all drives.
      4. Click 'Configure this scan'.
      5. In the dialog box, ensure that 'Scan all files' is selected, click OK.
      6. Click 'Save and start'.
  2. Once the scan completes, the 'Clean Up' option should be available. Select that option.
  3. When prompted, reboot the computer(s).
  4. Run a second scan to verify that Troj/Virtum-Gen has been removed.

If this procedure fails to remove Troj/Virtum-Gen, contact Sophos Technical Support.

If you need more information or guidance, then please contact technical support.

These instructions are also available in the knowledge base article: Troj/Virtum-Gen (Virtumundo) clean up procedure.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer