Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kojiro

Kojiro

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 29 July 2007 - 01:11 AM

I'm infected with a Virtumonde virus. I have used Vundofix and VirtumondeBeGone, neither seem to have permanently deleted this infection! It seems to be recreating itself automatically and I'm not exactly sure when, but I thinks its at system bootup. The anti-spyware program called "Spybot - Search and destroy" is what informs me of my dangerous infection that it has recommended I look for technical support in a help forum. What should I do to get rid of this painfully irritating virus! Can anyone help me out?

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:53 AM

Posted 29 July 2007 - 01:52 AM

Start with superantispyware:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:05:53 AM

Posted 29 July 2007 - 01:53 AM

Welcome to Bleeping Computer Kojiro.

It may be that you have a new variant that the tools cannot yet remove, or a stubborn infection.

Please Post a HijackThis Log in the in the Hijack and Analysis Forum by following the directions in the link below; Preparation Guide for use before posting a HijackThis Log .
Please do not post the log in this forum.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#4 Kojiro

Kojiro
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 29 July 2007 - 06:00 PM

Well, I performed a HijackThis log while my SUPERAnti-spyware scan was running. I posted it HERE

I tried to get a log with SUPERAnti-spyware, but it didn't give me that option and the scan took 6 hours, not to mention causes absolute lag for everything else on my computer. At least I got the HijackThis log.

Also something seems to be very wrong with my Hard Drive capacity. I keep getting a warning for low disk space, and I check it out and I end up with not even 1% free, I know that can't be true. A week ago I had at least half the disk free, I have no clue what is going on. I believe something is duplicating itself somewhere constantly to eat my space up. I checked my WINDOWS folder only to find that it was using 14GB of space. I could believe that is a normal size ratio if I were to be running Vista, but I am using Windows XP. This may be why I have an intense hard disk space usage problem! I even tried to perform a disk clean up and I recovered ALOT, but it's still depleting as we speak! I just cleaned a Trojan.Malware that program identified, but its still going away about 4MB per second. So, I need to fix this problem before I have 0 bytes left O.o

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:05:53 AM

Posted 29 July 2007 - 06:24 PM

Kojiro,

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:53 AM

Posted 29 July 2007 - 06:25 PM

Kojiro,

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.

If you have any questions, don't hesitate to send me a PM.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users