My wife's computer has caught a virus. It has SmitFraud and Virtumonde/Vundo. It was delivered as a fake video codec which installed VirusHeat onto the computer, along with both viruses (virii?). There was no anti-virus software loaded (my fault as I have the latest Symantec version on my machine... but overlooked hers.)
I installed WebRoot SpySweeper and it located and deleted both viruses, but they both came back after a reboot. Went through several safe-mode, on-startup scans with no better results. I could see the random-named processes in both the Sys32 directory as well as in CurrentVersion/Run in the registry. Ending those proccess does stop the popups for that session, but deleting the reg entries and files had no lasting effect.
I found and ran SmitFraudFix, VundoFix, VirtumundoBeGone.exe, in normal and safe mode, and none were able to succecfully clean this bug out.
I ran Kaspersky and DSS and generated the logs you'll need. NOTE: DSS wouldn't download Hijack on its own so I grabbed the latest version from Trend's website. DSS did not generate the extras.txt file however.
Thanks again for any help you give.
Edited by KoanYorel, 08 May 2008 - 04:43 AM.
to clear away personal links