Simda variant was used to steal personal details such as banking info.
Interpol and a group of security vendors have knocked out a malicious network that had infected more than 770,000 computers across the world.
Police forces around the world co-ordinated to seize command and control (C&C) servers responsible for directing a variant of the Simda malware, with ten taken in the Netherlands and others grabbed in the US, Russia, Luxembourg and Poland.
Sanjay Virmani, director of the Interpol Digital Crime Centre, said: "This successful operation shows the value and need for partnerships between national and international law enforcement with private industry in the fight against the global threat of cybercrime.
"This operation has dealt a significant blow to the Simda botnet and Interpol will continue in its work to assist member countries protect their citizens from cybercriminals and to identify other emerging threats."
The Simda variant was used to steal personal details such as banking passwords, and could also be used to infect victims’ machines with further malware.
The virus, which first appeared in this form in 2012, had spread to almost every country in the world, with the worst hit including the UK, US, and much of Western and Central Europe.
"Our collective efforts, and cooperation in this investigation have made a positive impact in combating this constant, evolving threat," said Joseph Demarest, assistant director at the FBI Cyber Division.
"We will continue working alongside our international partners and international law enforcement to aggressively pursue cyber criminals around the world."
Microsoft, which worked alongside Trend Micro and Kaspersky Lab to take down the malicious network, reported that it had detected 128,000 new cases of the Simda variant each month for the past six months.
"Compromised sites were used to redirect users’ traffic to another website, named the ‘gate’."
The hackers behind Simda were also found to have programmed a number of evasive techniques into the malware, which could lie dormant if it detected it was being run in a security research environment for the purpose of analysis.