x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Virtumonde

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Virtumonde
Technical name:Spyware/Virtumonde
Threat level:Low
Alias:Monder,Vundo,, InetAdpt, NewtonKnows, Vundo
Type:Spyware
Effects:  

It logs keystrokes and displays advertising messages periodically. It does not spread automatically by its own means.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Oct. 8, 2004
Detection updated on:June 15, 2010
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Virtumonde is a spyware program that creates a DLL (Dynamic Link Library), which logs keystrokes and connects to a certain web page, in order to obtain miscellaneous information and display advertising messages periodically.

Virtumonde connects the DLL it creates to the system process explorer.exe. By doing this, it goes memory resident, and checks if Virtumonde is currently running. If not, Virtumonde is launched again.

Additionally, Virtumonde registers itself as LSP (Layered Service Provider), in order to harvest users' information about their connection, such as Internet usage, pages viewed, phone connection details, inventory of the applications installed in the computer, etc.

Spyware can be installed with the user consent and awareness, but sometimes it is not. The same happens with the knowledge or lack of knowledge regarding data collected and the way it is used.

 

Note:

LSP (Layered Service Provider) is a Windows feature that allows to specify a number of programs, in order to process all the TCP/IP traffic taking place between Internet and the applications that are accessing Internet (such as the web browser, the email client, etc.).

For example, it could be specified a computer security program, which analyses the traffic in search for viruses or other threats before transferring it to the final application of the traffic.

However, this structure can also be used by adware and spyware programs, in order to intercept the communication across the Internet, and, what is worse, if they are deleted without taking precautions, the Internet connection will stop working indefinitely.

Visible Symptoms 

    

Virtumonde is easy to recognize, as it displays advertising messages periodically.