Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer: Enter Trojan City


  • Please log in to reply
1 reply to this topic

#1 The Enigma

The Enigma

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 24 January 2008 - 03:05 PM

I'm currently at my aunt's house for vacation, and as we speak, I'm having major trouble in attempting to eliminate certain trojans/adwares that are continuously affecting programs that have been installed afterwards. This isn't my computer, it's my twelve-year-old cousin which comes off as no surprise in regards to the infections. I didn't think it was that serious, and as for myself, I would consider myself somewhat of an intermediate computer user, as from my own experience, when we're talking about my own computer, the last time I had frustrating troubles let alone any piece of adware was back in 2004. Now recently, I installed Kaspersky which is the one I'm using for my computer, and then, suddenly, a box came up that showed that a part of Kaspersky has been infected itself. Not only that, two other programs/components have also came to be infected, and those were AIM and "TeaTimer", from Spybot S&D (which I installed in hopes of partially fixing the problem).

The trojans/adwares that are running in the back of my cousin's computer as we speak are:

not.a.virus:AdWare.Win32.Virtumonde.eby
not.a.virus:AdWare.Win32.Virtumonde.cli
Backdoor.Win32.Agent.dbm

From looking at a log located within Kaspersky Internet Security, I found myself looking at these programs for which have been infected:

c:\windows\system32\lunbvrfb.dll (Infected by "not.a.virus:AdWare.Win32.Virtumonde.eby")
c:\windows\system32\mljgf.exe (Infected by "not.a.virus:AdWare.Win32.Virtumonde.cli")
c:\program files\aim6\aim6.exe (Infected by "not.a.virus:AdWare.Win32.Virtumonde.cli")
c:\documents and settings\pcuser\local settings\temp\ntmdswac.exe (Infected by "Backdoor.Win32.Agent.dbm")
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe (Infected by "not.a.virus:AdWare.Win32.Virtumonde.cli")

Assistance with this issue would be greatly appreciated.

BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:01:43 PM

Posted 24 January 2008 - 05:59 PM

Hi Enigma, :flowers: to BC!
You Have Virtumonde (Although thats really obvious :thumbsup: )
How To Remove Winfixer / Virtumonde / Msevents / Trojan.vundo.b
That should get rid of it all. You may also want to install the MVPS hosts file to block access to sites that may cause infections. Blocking Unwanted Parasites with a Hosts File

Hope that helps!

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users