Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtuemonde Virus Plus Possibly Others?


  • This topic is locked This topic is locked
5 replies to this topic

#1 virusfilled

virusfilled

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2007 - 01:04 PM

Hi,I'm really worried. A few nights ago, my little sister was using MSN Messenger and she was sent a seemingly innocent web link from one of her contacts. She clicked on it but from then,all heck has broken loose. Firdtly,her MSN went out of control and started sending messages to all her hundreds of contacts(literally) and opened lots of conversation windows,to the point of freezing the computer. I tried everything to stop it but nothing worked so I ended up turning the PC off manually.

Since then,my PC has been running incredibly slow and whenever I attempted to restart MSN Messenger, the same thing would happen. So I uninstalled it.That has been working well since. However,since then,I've carried out numerous virus tests using anything I cn get my hand on including Ad-Adware,Spybot search and Destroy,AVG,and numerous other virus checkers. All have detected a virus called Virtumonde(spelling?) and numerous other viruses such as Trojan.

I do not know much about PCs at all and have never had a problem like this before but I'm worried. I use my EBay and purchase lots of things through Paypal. Now I'm worried someone else can access my details. Not only does my PC run slow,but sometimes(frequently and for no apparent reason),my internet stops working. When I start it up,it takes forever.Also,random advertisements appear and considering I have 3 pop up blockers,I cannot believe they are getting through?!


I used my common sense so when Ad Adware carried out a scan and could not remove the item,I looked at the location of the item and deleted it myself. I even had a dodgy process running(which Iterminated with help from my friend).
Ive seen other threads similar to this one but I don't understand the log posting etc so I thought I'd make a seperate thread about it. However,some viruses I have found under the system folder(they were found by a virus checker I used) could not be deleted. It said something about it being used by another process so I'm afraid that it has spread through my PC.

Any help is much appreciated. Sorry about the long post but I tried to include as much detail as possible.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:00 AM

Posted 03 October 2007 - 02:11 PM

Welcome to BC virusfilled

Follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

Then download and scan with SUPERAntiSpyware Free in "Safe Mode".

"Safe Mode" is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process.

Edited by quietman7, 03 October 2007 - 02:13 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 virusfilled

virusfilled
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2007 - 02:53 PM

Thankyou for responding. I have already used the virus scanners mentioned in the link which you posted. Neither worked. And I think I am already in safe mode

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:00 AM

Posted 03 October 2007 - 04:57 PM

Some variants of vundo may not be detected by vundofix so the "add more files" option is another way of ridding this malware. These files need to be identified and posting a hijackthis log will enable an expert to advise you which files to add if you continue to have problems. If the infection remains after following the steps in the self-help guide, then you should post a hijackthis log.

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

Important: Some variants of vundo malware will hide certain entries in a hijackthis log to prevent detection so you need to rename HijackThis before using it.
  • Open My Computer or Windows Explorer and navigate to the HijackThis Folder.
  • Inside the folder, right-click on the HijackThis.exe file and rename it Scanner.exe.
  • Double-click on Scanner.exe (which is still HijackThis) run a scan, save the logfile and copy/paste it into a new topic in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.
Give your topic, a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 virusfilled

virusfilled
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 05 October 2007 - 09:42 AM

Thankyou for the quick response. I've done as you have asked...

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:00 AM

Posted 05 October 2007 - 11:07 AM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users