Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Please Assist Me, (virtumonde)

  • Please log in to reply
No replies to this topic

#1 TrueMusou


  • Members
  • 1 posts
  • Local time:12:41 AM

Posted 12 July 2008 - 04:14 AM

Hi, I have recently been experiencing some problems with both my Firefox and IE after I got some freeware...so I'm pretty sure I contracted something unruly. The symptoms I have is neither my Firefox nor IE can access the homepage (yahoo.com) it just chokes up when trying to access the site. Sites like google, facebook and some other ones would not load. However, youtube and some email sites load okay.

I have taken some steps to solve the problem but I've found my self in another tech-ditch.

Initially I ran a spyware sweep and I found some bad items. What i found was that I contracted something called winlogonhook and vitumonde (I found out via Spyware Sweeper). I think I was able to remove the winlogonhook with killbox and hijackthis because the O20 entry now says "file missing" and my spyware sweeper is no longer detecting it. However, virtumonde is still being detected. I need to remove this somehow and assistance would be appreciated.

However, my main concern is that it isn't these detected wares that are affecting my browsers. So if anyone can provide me with some information, that'll be great. Are my browser issues affected by either virtumonde or winlogonhook? If not, how can I detect and identify the culprit and ultimately eradicate it perminately. I can provide my HJT logs if someone needs it.

Also, it might be relevant that after I removed winlogonhook, and reran my spyware sweeper, I couldn't detect any spywares. After i did this I tried to access the sites that I couldn't previously and most of them worked. So I assumed I had fixed it. However, an hour or two later I go back on my computer and the same problem persisted. So I ran another sweep and virtumonde showed up again. The strange thing is, the sweep with VundoFix couldn't detect it. Could something be reinstalling or rerunning virtumonde whenever it get's shut off or removed?

I have read the thread regarding removing virtumonde (http://www.bleepingcomputer.com/forums/topic18610.html), apparently the first step didn't work for me, I haven't tried the second yet. When I do I'll post my results (hopefully successful ones).

I apologize for this unorganized post, but it's 2:10am and I can't quite focus. In any case, I mainly want someone to reassure me that virtumonde is capable of causing my browsers to act the way they do, because if there is a broader issue, I'll have to prepare myself for more headaches as my computer has not detected anything else.

But I hope some good people in this forum can walk me through this. Thanks in advance guys.

Edit: I went and tried the second method listed on the thread, but it says it couldn't find anything. I tried to access the pages which I couldn't previously and I could...it's strange. This is exactly the same thing that happened previously, where the pages worked then an hour later, the problem reared its ugly head again.

Edit2: Okay, lo-and behold, the problem persists. I think virtumonde is reinfecting my computer. It seems like its evading my attempts at removing it and just reinfects my computer...this is really discouraging. I really don't want to have to reformat...please if someone can give me some answers, I'll be forever grateful

Edited by Orange Blossom, 12 July 2008 - 09:14 PM.
Move to more appropriate forum. ~ OB

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users