Be on the watch for the latest version of VirtuMonde Trojan. I've tried everything I can think of to get rid of it.
Unfortunately, I can't find any reference to in in the eEye forums (if I am wrong, please show me where). I have scaned repleatedly with Blink, which didn't find it. I used PC Tools Spyware Doctor, which found it, but didn't fix it. I then tried NDO32 (had to temprarily shut Blink down), AVG AntiSpyware, Spybot, AdAware, Windows Defender, VundoFix.exe, etc. Some scans saw it, said they deleted it, then on restart (with system restore off), it's still there, playing havoc with Firefox and IE7. Symptoms are rogue spyware ads appearing. And with IE7, the privacy settings are turned OFF(!), which also affects Outlook.
Apparentlty, there is an infected dll file in the system32 folder called called "rqropnm.dll" (maybe a unique name to this computer), which corresponds to a file that appears in the C:\ root directory that logs the events simply called "Log.txt." There are also some odd temp files that appear at the same time.
Scan reports indicate this:
1.) The exact reference earlier today to Virtumonde trojan was this:
C:\windows\system32\GFPJTFHG.DLL "Win32/Adware.Virtumonde application"
2.) I also cannot remove "crvtpwgk.dll" from the msconfig/system startup.
(To be exact, it's: Rundll32.exe "C:\Windows\system32\crvtpwgk.dll",s)
3.) C:\Widnows\system32\rqroprm.dll (size 37376) was first quarantined by anti-malware, and is reported as "probably a variant of Win32/Genetik trojan"
So, beware, and if Blink has a remedy, I'd LOVE to hear about it.
Thanks,
Bob