BleepingComputer.com: Virtumonde And Privacy Remover Infections

Hello,

My son's computer desktop has a large window warning that computer is infected with Win32/adware.virtumonde and win32/privacyremover.m64. I can't close the window at all and then it tries to connect to the internet (I disabled that but got the url's it was trying to go to) the urls' are: www.free-viruscan.com, 89.188.16.39 and ie-antivirus scan.

I ran antispyware (A-Squared) and it found - trojan.downloader.win32.small.yxa and I went to Windows/System32 to look at the activity and I deleted a file thinking it would get rid of the warning that I can't close. After that things went bad to worse. The computer won't let us login anymore, so I can't do a hijackthislog or anything else.

We have a recovery console from earlier infection where we used Combofix per your help here and my son used that to get in and see if he can do anything.

Not sure what to do next, thinking of doing a complete reinstall. Any help is greatly appreciated.

Thank you,
Julie L.

Hi,

Quote

Can you still remember what files you deleted? Because you would need to replace it again. Ofcourse it's difficult to give proper help here if we don't know what files to replace or what exactly you deleted - If system related registry settings were also deleted, then it would be a needle in a haystack to properly restore this. That's why the best/fastest solution would be a Windows Repair install.
This won't delete your files though and programs will still be there.
Look here how to do this: http://www.michaelstevenstech.com/XPrepairinstall.htm
Afterwards, the malware will still be present on your system, but then you'll be able to boot again, so we can deal with it.

This post has been edited by miekiemoes: 21 August 2008 - 07:19 AM

Hello miekiemoes,

Thank you for that link. I spoke with my teenage son and he does not having any documents that he really needs (school hasn't started yet) so would it be wiser to do a clean install?

Would it also be better if I invest in a new retail Windows XP CD that has SP2? This Dell computer is over 6 yrs old and I'm not sure I even updated his drivers, etc. when we did the initial clean install months ago.

I appreciate your suggestions. I'm willing to try the repair if you think that is best solution to rid us of infections.

Best regards,
Julie

Hi,

Yes, a clean install would indeed be better, then everything will be clean again. You can invest in a Windows XP CD SP2 integrated, but as a matter of fact, that's not really needed. You can still update once you installed Windows, which you should, because as I remember, it was your son that didn't want to update previously? I hope he now understands why keeping your Windows up to date is so important, because he got infected right after we cleaned it previously.
Also, he should stay away from illegal sites and software, because that's where malware is lurking. Even though your windows is up to date and you have the best Antivirus installed, as long as people don't stay away from illegal sites, they will get infected anyway.

Hi,

I will go ahead and do a clean install using our current disk, and this time I'll make sure I get everything updated before I allow my son to use the computer. I too hope he better understands, but even if he does not I've insisted he not tamper with updates again or I take the computer away.. Parental authority does come in handy sometimes..

You can close this topic and hopefully you won't be hearing from me anytime soon in this forum...

Thanks again for all your help. I tried to donate via your link but not sure how to proceed as I live in America. Will it accept my credit card since the money is in Euro dollars?

Best regards,
Julie

Quote

You are right. Your son is a danger on the internet if he doesn't want to listen. 2 times infected in 2 weeks time is a lot even when you explained him how to prevent this. I guess your son is not really aware of the dangers on the internet. After all, if he manages to get infected, he is responsible for infecting a lot of other computers as well.
Also see here: Malware Removal - Where to draw the line and The Neverending Story <== make sure your son reads this ;-)
So, as you said, if he proceeds with doing the same as he did before > result, getting infected again... Then I would consider to disable internet on his computer, or take his computer away.

For the donation, yes, it will accept it :-) Thank you very much!

This post has been edited by miekiemoes: 24 August 2008 - 06:28 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.