virtumonde

  • Thread starter Thread starter Victor
  • Start date Start date
V

Victor

Ok. my daughter loaded a ton of spyware on my pc (just a note avoid myspace
layout sites when you can).

I got rid of everything except this one called virtumonde. I have tried
several posted remedies and none work. Defender finds it and "removes" it
but it comes back every time and usually before the machine even reboots.

Most postings either say to buy THEIR spyware removal tool which I dont
honestly trust, or they say what files and registry entries to delete, but I
dont even have those entries or files on my machine. I CAN find some files
that seem to be involved with the virus but of course they cant be removed or
renamed even in safe mode.

Can anyone offer a solution on how to remove it, what to check for, or how
to submit a request for an udate to defender that would actually fix the
issue?

Thanks a bunch. please dont bother posting and telling me to download
"spyclean", "wincleaner", or my favorite "virtumonde remover 2007"
 
Victor wrote:
> Ok. my daughter loaded a ton of spyware on my pc (just a note avoid myspace
> layout sites when you can).
>
> I got rid of everything except this one called virtumonde. I have tried
> several posted remedies and none work. Defender finds it and "removes" it
> but it comes back every time and usually before the machine even reboots.
>
> Most postings either say to buy THEIR spyware removal tool which I dont
> honestly trust, or they say what files and registry entries to delete, but I
> dont even have those entries or files on my machine. I CAN find some files
> that seem to be involved with the virus but of course they cant be removed or
> renamed even in safe mode.
>
> Can anyone offer a solution on how to remove it, what to check for, or how
> to submit a request for an udate to defender that would actually fix the
> issue?
>
> Thanks a bunch. please dont bother posting and telling me to download
> "spyclean", "wincleaner", or my favorite "virtumonde remover 2007"
>
>

I won't bother telling you to download any of those programs you mention
because those programs are malware! See this removal guide instead:

http://www.bleepingcomputer.com/forums/topic3494.html

If you have further problems, run HijackThis and post in
BleepingComputer's HJT forum (not here, please).


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
Hi everyone,

I would really appreciate some help i've got my self into a pickle!!
This morning my faithful computer informed me that it had a virus
("virus found Vundo") so i popped them in the virus vault. I also ran a
spyware check- appears i also have Virtumonde (which i understand to be
the same thing or similar!) so I also popped that in the vault!

Now i keep getting these message that say it can't run a .dll file
(along with the associated ads!)

So i've tried fixvondu, and a number of other removals - they can't
even see that i have a problem.. which clearly i do!
So i have downloaded hijak this.. and would like to remove it
manually.. I understnad roughly how i would do this, but i'd like some
help in identifying my problem files!! If i post the output file from
Hijackthis.. can someone please help me identify which files are
infected?

Thanks!
:)


--
Bells
Posted via http://www.vistaheads.com
 
Spybot Search & Destroy will remove it, but only in Safe Mode.
Instructions on how to enter Safe Mode and remove probs are included below.

Also included, good all over security programs for Vista.

http://www.avast.com/eng/download-avast-home.html

Avast Anti-Virus is Vista compatible (32bit and 64bit Versions), FREE,
auto-updating, and a low resources user of your computer.
And, only have 1(one) Anti-Virus installed / running on your computer at any
one time..
Conflicts may occur if you have more than 1(one).

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update once a fortnight.

http://www.javacoolsoftware.com/spywareblaster.html

SpywareBlaster 4.0 is a non-intrusive, FREE Anti-Spyware Program that runs
in the background.
Update it once a fortnight, and let it do its work in the background!

If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On/ Startup, and use UP and
DOWN arrow keys to get to Safe Mode, then hit ENTER.
RESCAN your computer with Avast and Spybot S & D while in Safe Mode.

--
Mick Murphy - Qld - Australia


"Bells" wrote:

>
> Hi everyone,
>
> I would really appreciate some help i've got my self into a pickle!!
> This morning my faithful computer informed me that it had a virus
> ("virus found Vundo") so i popped them in the virus vault. I also ran a
> spyware check- appears i also have Virtumonde (which i understand to be
> the same thing or similar!) so I also popped that in the vault!
>
> Now i keep getting these message that say it can't run a .dll file
> (along with the associated ads!)
>
> So i've tried fixvondu, and a number of other removals - they can't
> even see that i have a problem.. which clearly i do!
> So i have downloaded hijak this.. and would like to remove it
> manually.. I understnad roughly how i would do this, but i'd like some
> help in identifying my problem files!! If i post the output file from
> Hijackthis.. can someone please help me identify which files are
> infected?
>
> Thanks!
> :)
>
>
> --
> Bells
> Posted via http://www.vistaheads.com
>
>
 
Bells wrote:

>
> Hi everyone,
>
> I would really appreciate some help i've got my self into a pickle!!
> This morning my faithful computer informed me that it had a virus
> ("virus found Vundo") so i popped them in the virus vault. I also ran a
> spyware check- appears i also have Virtumonde (which i understand to be
> the same thing or similar!) so I also popped that in the vault!
>
> Now i keep getting these message that say it can't run a .dll file
> (along with the associated ads!)
>
> So i've tried fixvondu, and a number of other removals - they can't
> even see that i have a problem.. which clearly i do!
> So i have downloaded hijak this.. and would like to remove it
> manually.. I understnad roughly how i would do this, but i'd like some
> help in identifying my problem files!! If i post the output file from
> Hijackthis.. can someone please help me identify which files are
> infected?

You are definitely on the right track but you're in the wrong place. We
don't analyze HJT logs here in the MS newsgroups because it takes a great
deal of time and expertise to do so.

Here is a list (in no particular order) of specialty forums where you can
post your HJT log and get guided help. Choose one, read its posting FAQ,
and you'll be on your way to a clean machine.

http://aumha.org/downloads/hijackthis.zip
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
Back
Top