Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumond - Awvvw


  • This topic is locked This topic is locked
2 replies to this topic

#1 gosavi

gosavi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 24 January 2008 - 08:12 AM

I'm working on a computer of a coworker that was infected with a bunch of malware. I've managed to cleanup some of it using the basic things such as adaware, spybot, and sysinternal utilities (processexp, autoruns)...but I cannot get rid of these files

awvvw.dll
awvvw.exe

Also, I think it's hooking into msconfig, because I've been seeing some strange behavior with that as well. Multiple copies with names like "msconfig .exe"

Computer is running XP Home Sp2

**UPDATE**

I was able to remove once I used COMBOFIX per the Malware guide linked at the top of every page. I scanned and rescanned using spybot and adaware and the PC has a clean bill of health now. However, some programs were rendered useless once COMBOFIX had it's way. I guess the owner will have to reinstall those.

:kudos:

Edited by gosavi, 24 January 2008 - 02:27 PM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 January 2008 - 05:47 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 February 2008 - 12:07 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users