I am using Windows Vista and have a virtumonde infection. I was just searching and opened a seemingly innocent website and it downloaded lots of trojans and viruses and whatnots on my laptop. AVG and Windows Defender caught some. Norton did nothing. So I downloaded AVAST and later ad-aware2007 and spybot s&D. Avast caught everything Kaspersky online scan showed with one more infected file. The two antispywares caught two completely different files of virtumonde. Avast had caught six. But eveyrtime the computer restarts, it keeps coming back and I keep getting popups that I can't block. I think these popups may download other threats. Spybot S&D said that virtumonde puts itself on winlogon and is resistent to removal. It also caught a registry which I deleted. Please help me remove it. I don't have a restore poing or a recovery disk yet because the laptop is brand new.
Also, is there a way to ensure this doesn't happen again? Is there a web guard or a firewall I can use? Preferably freeware? I have Internet explorer 7 and just downloaded oracle but haven't used it yet because it said it was more secure.
Please please help me! Preferably in an easy risk free way? Thanks in advance. I am also not logging on to that computer or using it to go online currently becuase it recreates some virtumonde files on startup and those popups appear and the cycle starts again. Other stuff caught was downloader.obfuskated, Win32:Agent.qlx and some other things I can't remember. But the antiviruses and antispywares said they removed them. Also norton caught Downloader.mislead. something.
Help would be much appreciated. Edit: There was also a something.zlob, probably downloader.zlob? But I think AVG removed it. By the way I move these threats to the quarantines and delete them.
I haven't posted hijackthis or used DSS becuase it says it uses the same code as combofix which we are not supposed to use without supervision. In addition I am using Vista and not XP. Also I believe that Vundofix and Virtumondebegone are outdated as the virtumonde was probably altered during the march14th massive attacks. Plus they have poor ratings. Since no one is replying I am going to go ahead and try to install and run an antirootkit. Again, please don't forget about me! I don't know how long I can wait.
Edit: Ok I didn't find any antirootkit except icesword (can't make heads or tails of it). But I did find a new present: Trat bho trojan. and one other that I can't remember. One instance of virtumonde did appear. something like Wer..... there have been some sounding like that before. I think avast has antirootkit. If it does, it might not be working? I'm completely at a loss. The computer is starting to crash and freeze up at times (but that may be because of too many security programs? or threats?) well anyway, still waiting on you to help me or tell me to use do something vista-friendly. Can't even post a log without that.
Edited by KJLue, 17 April 2008 - 06:20 AM.