The Fotomoto Virus has become prevalent lately - especially on Windows Vista PC’s. Don’t think it not just as bad (or worse) infecting Windows XP as well. I’m going to show you how to remove the Fotomoto virus, also known as Win32/Fotomoto, Trojan.Fotomoto.h, TR.Fotomoto.F.1, and Trojan.Fotomoto.f.
In the last year I’ve been pretty lucky on my Windows Vista laptop. I removed McAfee Internet Security because the trial expired and I refused to pay money for a product that both slowed down my PC and was inadequate. I opted instead to go with Windows Firewall, AVG Free AntiVirus, and nothing else. My family and I use this living room laptop for most everything, and the four of us know what “NOT” to click on. I can’t remember really getting any virus on a PC in the household over the last 3-4 years. But there are drawbacks to having a “living room laptop” - and that is when people come over they also use it.
So I’m not sure when or how it happenned, but sometime in the last 2 weeks one of the people that came over used the laptop and clicked on something bad. I didn’t know about it for a few days after they left - and there were multiple people in the house that weekend. Two things occured, and one was that I know (the teens) were watching some of the most horrid little videos online from some NSFW (not safe for work) type video sites. I also know that someone downloaded some type of video on a torrent behind my back. Either one of these events could have caused some BS to infect my nice little Vista laptop.
I normally don’t use IE at all, but I noticed I had a problem when every time I opened an explorer window or a folder a got an IE popup with an ad. This is of course no problem in Firefox, but since IE is tied so closely to the OS - especially in Vista, you can’t even open the control panel without getting a popup ad. I open Windows Defender and it’s telling me that I have the “Win32/Fotomoto” virus, or trojan, malware, adware, whatever - it’s officially a problem. When you tell Windows Defender to remove or quarantine Win32/Fotomoto it says it does. And than later in the day you get popups again (it can’t remove it). Since I don’t use IE much at all I just lived with this problem for about a week. It was no bother in Firefox or my Thunderbird email. But anytime I upzipped a file, opened a folder, control panel, advert popups displayed again.
I downloaded the old trusty Spyware Search & Destroy - and it also said it removed Fotomoto, but it did not. I downloaded Hijack This from Trend Micro and removed the startup lines (for advanced users only) that I believed to be the problem, and it only made matters worse. On reboot, when the virus tried to load (when you opened IE, or a folder) all the desktop icons disappeared and the windows taskbar, startbar, and tray all completely disappeared. You could still use the programs open, but when you closed them you just had the desktop background with nothing else. You could only ctl-alt-del to “log off” (which brought everything back) or reboot.
So now I have an official problem. I do some more research and find that Win32/Fotomoto, Trojan.Fotomoto.h, and TR.Fotomoto.F.1, and Trojan.Fotomoto.f, Vundo, and Virtumonde, are all related variants. Fotomoto is listed as variant of “B2Search” or eZula. Basically something convinved a user on my computer to install malicious software to popup ads from various sources. Yep - that described it alright. Read this definition of Trojan.Fotomoto.H - isn’t that nasty?? Nasty as hell! This Fotomoto thing turns out to just be the latest in the never ending versions of the Virtumonde virus or trojan.
If you get Fotomoto or any of it’s variants you would have symptoms like this:
So, now that you’ve been following my plight you want to know how to remove Fotomoto virus or trojan? I can tell you what won’t work (according to the best forums and what I tried), and Spyware Search and Destroy, Windows Defender, Avast, Panda, McAfee, Norton, SuperAntiSpyware, Hijack This, ALL DON’T WORK!
I was at my wit’s end. I’ve been building and repairing PC’s for over 10 years now, and I’ve removed some of the worse viruses, trojans, and malicious software from PC’s at least a dozen times (for other people) in the last 6 months. All the “Known” methods online were coming up empty (the usual list of progs I tried - listed earlier), and most of the forum postings about Fotomoto didn’t look too good. Then I read one from Yahoo! Answers where the guy said he was like me (long time PC builder and geek) and he tried all (the same) software with no luck. He offered advice that I hadn’t heard before - he said to try a product by Webroot called “Spyware Sweeper”. He said it had a database four to five times the size of all the competitors combined, and it had a fix for Fotomoto, Vundo, virtumonde, Win32/Fotomoto, Trojan.fotomoto, and on and on. The only drawback - it costs money.

I have never paid for anti-spyware software before now. Never. But I’ve never had something like this that I just absolutely could not remove before. I purchased a license for SpywareSweeper (that was Vista compatible - the latest one, previous versions are not) - and rebooted. It scanned for 20 minutes or so, I logged on and the problem is completely gone now! Yay Webroot SpySweeper! I don’t often endorse purchasing software - especially when there are alternatives that are just as good that are free. But with all these assanine virii, trojans, and malicious adverts - you just can’t keep up with all this sh*! anymore. I’m sorry - I’m glad I bought this, and I’m glad I have it in my arsenal now. I’ve tried it on the other PC’s in my house, and it works great with Windows XP and Windows Vista. That’s how I removed Fotomoto. If you have a better way, or a question, please comment now!