Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • Please log in to reply
2 replies to this topic

#1 rigs

rigs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 29 June 2008 - 03:13 PM

I have an infection on my Pc. I have tried various actions to resolve it unsuccessfully, but based on what has been found by AdAware and AVG, it is a Vundo or Virtumonde infection.

The problem is on my other laptop, and the original symptoms were that I was getting numerous unwanted popups about virus's and directing me to a variety of websites I had never seen before (e.g. dating, filmon.com, cellldorado.com and antispywaremaster.com).
I was also getting a warning from the Microsoft Security Centre that Automatic Updates is switched off. However, when I go to System/Automatic Updates, the automatic updates option is switched ON. I am unable to change the setting in a way which makes any difference to the Windows Security Centre, so I am not sure which one is telling me the truth.

I recognised that I had an infection, so did a Virus scan with AVG V8.0.101 and an Ad-Aware V7.1.0.10 which between them found about 10-15 instances of Vundo which I removed using the automated tools.

Even after the clean-up, the problems persist, so I have repeatedly run the scans again and Ad-Aware repeatedly finds Virtumonde infection in my registy. I delete using Ad-Aware, or manually, but within minutes, it has reappeared in the exact same place as before:
Family Id: 763 Name: Virtumonde Category: Malware TAI:10
Item Id: 300049900 Value: Root: HKU Path: S-1-5-21-1801674531-1547161642-839522115-1004\software\microsoft\contim).

Please could you provide me assistance with removing this annoying infection, itis driving me crazy.
As mentioned, the problem is on my other Pc, but it is still connected to this one. Please advise me if I am also putting this machine at risk.

Here is my system Info
===========================
Number of processors: 1
Processor type: AMD Athlon™ 64 Processor 3200+
Memory Available: 52%
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 AM

Posted 29 June 2008 - 05:22 PM

Run the following fix:

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

After that run a full system scan with Malwarebytes' Anti-Malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 rigs

rigs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 01 July 2008 - 03:16 PM

I've run VundoFix and it looks like it has worked. I am now running the Anti-Malware Scanner.
Let me know if you want me to post the results.

A huge thank you for your help with this. It is a big relief to have this resolved at last.

Edited by rigs, 01 July 2008 - 03:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users