What is more, Trojan.Plongo modifies Windows hosts file and DNS settings. It deletes default values and adds the following lines:
- 184.108.40.206 www.google.com
- 220.127.116.11 www.bing.com
A quick trace root 18.104.22.168 reveals that the server is physically located in Romania. Google may ask you if you would like to change your default search page to google.ro. However, cyber crooks can easily change servers and rebuild malware, so you may be redirected to other servers as well, not necessarily 22.214.171.124. Unfortunately, only ten security vendors out of forty three are able to detect this malware. Even less can effectively remove it from the infected computer. Thankfully, Norton Power Eraser does a great job of deleting Trojan.Plongo malware. The following removal guide has been created to help you to remove volmgr.exe, volmgr.dll and associated malware from your computer. If you have any questions, please leave a comment below. Good luck and be safe online!
1. Download Norton Power Eraser. Download link: http://security.symantec.com/nbrt/npe.aspx?
2. Double-click on the NPE.exe to run the utility. Please read the end user license agreement carefully and if you agree, click on the Accept button.
3. Click on the Scan button.
4. Rootkit scan is important this time, so click on the Restart button. Windows will now restart. You don't have to do anything. After a reboot it will continue to scan your computer for malicious software.
5. When Norton Power Eraser has finished, it will list all malicious files found on your computer. Important: select olmgr.dll to be fix too. Then click on the Fix button and then choose Restart. It will automatically reboot your computer again.
6. After a reboot, Norton Power Eraser will show you removal results. That's about it for the Trojan.Plongo malware. You can now close Norton Power Eraser.
Associated files and registry values:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run volmgr = "%AppData%\volmgr.exe"