locked
OneCare does not detect Virtumonde RRS feed

  • Question

  • About a week ago my computer became infested with an especially nasty version of Trojan.Virtumonde that OneCare let in and still will not even detect in a complete scan.  I have manually located a number of virus files myself, and other files that the malware/virus has altered or infected, yet OneCare happily tells me that my computer is perfectly clean.  In fact one of the files that the virus infected is winssnotify.exe, which I believe is part of OneCare.  Just yesterday I uninstalled OneCare 1.6 that I've had for several months and upgraded it to 2.0, and the new winssnotify.exe was infected with the virus as soon as it installed.

     

    I've tried all the Virtumonde fixes I can find on the internet, including VundoFix.  I've also tried PC Tools Spyware Doctor, which at least does detect the malware and blocks some of its attempts to launch adware popup windows.  With these I can remove some of the malware files and registy settings, but enough always gets missed that within minutes they recreate everything that I delete.  Is there any hope of OneCare eventually being able to cure this?  If not, the malware has spread itself into so many parts of my registry and hard drive that it looks like I'll have to reformat it and start over.

    Monday, December 24, 2007 10:24 PM

Answers

  • As you've noted, Virtumonde is particularly difficult to remove as it is constantly morphing. How did you determine that winssnotify is infected?

     

    You should contact support to report the infection and get help with removal.

     

    How to reach support - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    If it fails to validate your subscription, select the option that you are using a trial or beta copy and you can proceed to email support without validation once you've signed in.

     

    -steve

    Monday, December 24, 2007 10:59 PM
    Moderator