Since I started reviewing Anti-Malware applications (I’ve reviewed OneCare, Kaspersky and NOD32) I’ve discovered one scary trend…Virtumonde is beating the pants off commercial anti-malware applications and not much is being done about it.
Here are some quick facts on Virtumonde:
- Virtumonde is adware, horribly pernicious adware that displays a stream of popunder advertising.
- It resides on your PC as a .dll (usually random letters and numbers like: yayVNDuT.dll)
- Virtumonde is often injected into winlogon.exe making cleaning difficult. Winlogon.exe often runs at 20-40 percent cpu usage when Virtumonde is present.
Malware authors are being paid very well to change Virtumonde multiple times a days, sometimes dozens of times each day to avoid detection. Commercial anti-malware applications can prevent and remove some of these Virtumonde variants, however most are not ever caught and removal has a very slim success rate.
Below is a quote from the NOD32 forum administrator
Eset Moderator
Join Date: Nov 2002
Posts: 5,171
Re: NOD can’t get rid of VirtuMonde!
I’d suggest removing the Virtumonde dlls using Undll.
April 27th, 2008, 01:47 AM 
So, the NOD32 forum admin tells us to manually remove Virtumonde using their manual dll removal tool (which is very good and does work)…but what about the 90% of those who don’t know what a dll is much less how to even find the right dll to remove (nod32 doesn’t detect every variant)???
The basic pc user is left feeling they just got ripped off because their commercial anti-malware application claimed it could remove adware. Anti-Malware applications bought online or at the store should say that their products remove SOME of the adware on your PC.