Not detecting commonaly known Trojan Vundo/Virtumonde

I just had a problem with Vundo Virtumonde.I haven’t installed anything for about 1 week.Im kind of surprised it was on here and I think I found and removed it about an hour after it came on here.
Because noticed nothing wrong then it got slow restarted couldnt use explorer.
I ran the MalwareBytes program and it removed and fixed the problem.It was a serious issue because it gave the userinit.exe problem that stops you from using windows explorer I had to run everything from task manager.
Anyway I fixed it.However im surprised as im using Comodo Firewall with Defense and Comodo AV and neither picked it up.
Also on another spyware scanner called ExterminateIt it gives C:\WINDOWS\System 32\monln.dll as Spy.Goldun Trojan.
Now of course we know thats a file used by comodo right?So whats going on here?Is comodo giving us Trojans?

Welcome To the Forums.

As for the Trojan, It’s a False positive.

regards to Vundo,
What mode are you using D+ in?

Using clean pc mode.
I have just installed BOclean this seems to have the vundo virtumonde sigs in it.
Now I have 3 programs running from Comodo using 9 processes more of cpu.
Can we not have all in one security suite?

I suggest you use SAFE MODE

Clean PC Mode: From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.

Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as ‘Safe’ by Comodo. It will also automatically create ‘Allow’ rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing ‘Treat this application as a Trusted Application’ at the alert. This will instruct the firewall not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in ‘Clean PC Mode’ then Safe Mode’ is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.

Ok thanks for that its on safe mode now.
My theory on all this is.
For the last year Ive been using avg free, comodo firewall, and avg anti spyware which used to be Ewido AS.
I used to get the updates manually from the old ewido site because I had no subscription.
I never had 1 issue of anything for 1 whole year (Except Vista deleting my whole hard drive through a simple registry error pertaining to error reporting files).
Since I installed this XP PRO I have only had Comodo Firewall and CAV.Not any antispyware shield.I have got spywareblaster and spybot S&D but with its helper thing disabled.
Spybot S&D picked up Virtumonde on scan but long after Malware Bytes had removed most of it.
Had I had the S&D Helper thing running it may have picked it up.
I recently altered pc to NOT clear pagefile on shutdown to speedup restarts.
I believe the Vundo in pagefile jumped onto HD on reboot probably picked it up on some crazy google picture search going from site to site quickly.
Virtuomonde is not really a virus that the Anti Virus would detect.It is more malware.Although it is considered a Trojan and can be altered to use to steal pw’s etc this one I got was purely just trying to turn my pc into an an advertising machine.I don’t think CAV has the Vundo sigs in it.However I know BOclean does.So I might not get it again.But ive set pagefile to clear just in case.Because the userinit.exe thing was reallly a pain.

Hey Tony I’m sorry to hear that :frowning: CAVS 3 is in developments and hopefully will be released at the end of this month :slight_smile: Hmm my guess is that since you were in clean PC mode, the Virtu activated its self after the pc was restarted and that’s why D+ didn’t alert you… because technically it’s not a new application after the restart.
And it’s quite possible that I’m wrong. Hopefully a mod will read this thread soon.

YEAH im 17 today woohoooo getting my eyebrow pierced today :smiley: :BNC

There will also be a Comodo Internet Security Release around the same time as the Antivirus both being available as a separate product and integrated into cpf3.


CFP 3 should be able to “prevent” the threat & you should deny it.

CAVS 2 however, Won’t be as good… CAVS 3… Yes…


(:AGY)my pc has been infected by vundo for more than 3times…i’m using CAV 2 but it failed to block the spread…btw i’m still in dark with this ‘D+’…what’s that? (:AGY)


General info here: Intrusion detection system - Wikipedia (look for title “host based”).

About a year ago I installed CAV but back then the detection rates were poor.

Recently reinstalled it to see if there were improvements.



These were on my system which CAV failed to detect.

Hey Delphino, Welcome to the forums.

Cavs2 is no longer in development… It never made it’s final release because Comodo thinks that they can do alot better, It is expected that CAVs3 will be released as well as CIS later this month.

Oh - That was a quick reply.

Thanks for the welcome (:WAV)

FYI, I had Comodo BOClean 4.26 installed as well which didn’t detect them either. (Not sure if it is supposed to)

But I’ll be looking forward to CAV3 and CIS.
CFP is an Excellent product (:KWL)


Do you have any idea how you ran in to these, which sites or sort of sites etc…
End what do you use to browse the web ? IE/Firefox/Opera ?

Maybe you could install Winpatrol this will at least notice you if something new is being installed in all startup locations on your system.

virtumonde is malware in the category trojans that cavs and cfp not detected those nasty malware is right cavs is not able to detect these malware, the cfp when good tuned will detect suspected processes i have test this and i am right.

I use self cfp, avira premium antivirus and a-squared anti malware 3.5 with 1,5 millions definitions and i am fully clean, boclean must detect virtumonde the signature is in the list so it is surprising me that it not will detect maybe it’s an new unknown variant even then it will detect so what is exactly detected which virtumonde. And one tip do not use many antimalware products at the same time it can confuse the firewall and interrupted the detection in defense +