Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Remove Virtumonde Permanently


  • This topic is locked This topic is locked
3 replies to this topic

#1 watingroom

watingroom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 10 February 2008 - 01:50 PM

Help! I'm a newbie unable to get rid of Virtumonde. I'm running XP....have run Spybot SD, ADAware, Spyware Docotr, FxVMonde, VundoFix, Spyware Blaster, SpyHunter, and VirtumundoBegone in Safemode and normal mode. All detected and removed Virtumonde (and a list of others) but it reappears on the next scan every time. I can barely access the internet now without locking up although I don't get many popups. I'm a step away from striping the drive if this doesn't work... any ideas, I'll post my HijackThis log.

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:53 AM

Posted 13 February 2008 - 11:59 PM

Hello watingroom,

We will run ComboFix.

You need to disable your Symantec/Norton Antivirus, Spyware Doctor and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Norton Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard.


To disable Spybot's Teatimer:

Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts


To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT

Post the ComboFix log. Do not attach any log you post, as that makes it hard to read.

Edited by SifuMike, 14 February 2008 - 12:00 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 watingroom

watingroom
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 14 February 2008 - 12:05 PM

Thanks for the help but I think I got it. I downloaded an updated list of all virtumonde apps, files, and registry keys, printed it out, and manually searched and removed everything on the list. Took about four hours...since then nothing shows up when I run a scan and no redirects or popups on the net. Now I just have to fix the problem I probably created doing that-no links work on IE. When I click a link IE freezes indefinitely. OOps, looks like I traded one problem for another!

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:53 AM

Posted 14 February 2008 - 12:33 PM

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users