Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Trojen


  • This topic is locked This topic is locked
6 replies to this topic

#1 Dr.worry

Dr.worry

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 13 May 2008 - 08:26 PM

Hi, I recently downloaded a program that turned out to be a Virtumonde trojan and i used AVG anti viruse to get rid of it and i also used Virtumondefix and Virtumondebegone but both programs have told me i dont have virtumonde. When ever i start my firefox or internet explorer i get pop ups for fake anti malware programs and now i cant even go to different sites from the homepage, it just freezes. I'm also getting alot of spyware and malware and i cant figure out why. I've run Ad Ware SE and it deletes alot of them but a few minutes later i get a ton more.

The problem I'm having with my Browser is really confusing because I use FireFox and when ever i open it i get to my homepage "google" and when i try to go to a different site it just don't load; its like it froze. When i open up Internet Explorer thats when I get all these warnings saying "your computer may be infected" Then i get a new box saying "do you want to download AntiWorm 2008 to scan your computer."

If you need anymore information please let me know.

I have attached the DSS logs, the one called "main" is the Hijackthis log and the one called "extra" is the second log file(i have no idea what that is). Thanks for the help.

Attached Files


Edited by Dr.worry, 13 May 2008 - 08:39 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:22 AM

Posted 13 May 2008 - 08:45 PM

Hello Dr.worry,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Dr.worry

Dr.worry
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 13 May 2008 - 09:39 PM

Thank you for the reply. I have attached both logs, (the file titled "log" is the combofix log and the one titled "main" is the DSS).
I think those are the ones you wanted. If there is anything else let me know please.

My browser problem seems to be fine now. I can surf the web on FireFox with out it freezing on the homepage.

Attached Files

  • Attached File  log.txt   6.82KB   32 downloads
  • Attached File  main.txt   10.57KB   19 downloads


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:22 AM

Posted 13 May 2008 - 11:05 PM

Hello,

Good. :thumbsup: That looks much better. :)

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we knew in 2006; read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O20 - Winlogon Notify: winvwy32 - C:\WINDOWS\System32\winvwy32.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Are your other scans coming up clean?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Dr.worry

Dr.worry
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 May 2008 - 05:51 PM

My scans seem to come up clean with a few trojens and 10-20 spy ware infections. Over all my computer is fine now. I still get an alert from my anti virus software that a threat has been detected "trojen vondo" and i just move it to the virus vault. It would be nice to know how to fix that, but its fine all the same.

Thank you for the help. I think I'll sign up for that HJT Lesson class, it sounds interesting.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:22 AM

Posted 16 May 2008 - 12:07 AM

Hello,

That doesn't sound too clean to me. :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:22 AM

Posted 29 May 2008 - 12:26 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users