Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde And Privacy Remover Infections


  • This topic is locked This topic is locked
6 replies to this topic

#1 cougar1rose

cougar1rose

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts, USA
  • Local time:12:28 AM

Posted 21 August 2008 - 07:06 AM

Hello,

My son's computer desktop has a large window warning that computer is infected with Win32/adware.virtumonde and win32/privacyremover.m64. I can't close the window at all and then it tries to connect to the internet (I disabled that but got the url's it was trying to go to) the urls' are: www.free-viruscan.com, 89.188.16.39 and ie-antivirus scan.

I ran antispyware (A-Squared) and it found - trojan.downloader.win32.small.yxa and I went to Windows/System32 to look at the activity and I deleted a file thinking it would get rid of the warning that I can't close. After that things went bad to worse. The computer won't let us login anymore, so I can't do a hijackthislog or anything else.

We have a recovery console from earlier infection where we used Combofix per your help here and my son used that to get in and see if he can do anything.

Not sure what to do next, thinking of doing a complete reinstall. Any help is greatly appreciated.

Thank you,
Julie L.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:28 AM

Posted 21 August 2008 - 07:19 AM

Hi,

and I went to Windows/System32 to look at the activity and I deleted a file thinking it would get rid of the warning that I can't close - After that things went bad to worse. The computer won't let us login anymore, so I can't do a hijackthislog or anything else.

Can you still remember what files you deleted? Because you would need to replace it again. Ofcourse it's difficult to give proper help here if we don't know what files to replace or what exactly you deleted - If system related registry settings were also deleted, then it would be a needle in a haystack to properly restore this. That's why the best/fastest solution would be a Windows Repair install.
This won't delete your files though and programs will still be there.
Look here how to do this: http://www.michaelstevenstech.com/XPrepairinstall.htm
Afterwards, the malware will still be present on your system, but then you'll be able to boot again, so we can deal with it.

Edited by miekiemoes, 21 August 2008 - 07:19 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 cougar1rose

cougar1rose
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts, USA
  • Local time:12:28 AM

Posted 22 August 2008 - 09:27 AM

Hello miekiemoes,

Thank you for that link. I spoke with my teenage son and he does not having any documents that he really needs (school hasn't started yet) so would it be wiser to do a clean install?

Would it also be better if I invest in a new retail Windows XP CD that has SP2? This Dell computer is over 6 yrs old and I'm not sure I even updated his drivers, etc. when we did the initial clean install months ago.

I appreciate your suggestions. I'm willing to try the repair if you think that is best solution to rid us of infections.

Best regards,
Julie

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:28 AM

Posted 22 August 2008 - 06:43 PM

Hi,

Yes, a clean install would indeed be better, then everything will be clean again. You can invest in a Windows XP CD SP2 integrated, but as a matter of fact, that's not really needed. You can still update once you installed Windows, which you should, because as I remember, it was your son that didn't want to update previously? I hope he now understands why keeping your Windows up to date is so important, because he got infected right after we cleaned it previously.
Also, he should stay away from illegal sites and software, because that's where malware is lurking. Even though your windows is up to date and you have the best Antivirus installed, as long as people don't stay away from illegal sites, they will get infected anyway.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 cougar1rose

cougar1rose
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Massachusetts, USA
  • Local time:12:28 AM

Posted 24 August 2008 - 06:11 PM

Hi,

I will go ahead and do a clean install using our current disk, and this time I'll make sure I get everything updated before I allow my son to use the computer. I too hope he better understands, but even if he does not I've insisted he not tamper with updates again or I take the computer away.. Parental authority does come in handy sometimes.. :thumbsup:

You can close this topic and hopefully you won't be hearing from me anytime soon in this forum...

Thanks again for all your help. I tried to donate via your link but not sure how to proceed as I live in America. Will it accept my credit card since the money is in Euro dollars?

Best regards,
Julie

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:28 AM

Posted 24 August 2008 - 06:26 PM

but even if he does not I've insisted he not tamper with updates again or I take the computer away.. Parental authority does come in handy sometimes..

You are right. Your son is a danger on the internet if he doesn't want to listen. 2 times infected in 2 weeks time is a lot even when you explained him how to prevent this. I guess your son is not really aware of the dangers on the internet. After all, if he manages to get infected, he is responsible for infecting a lot of other computers as well.
Also see here: Malware Removal - Where to draw the line and The Neverending Story <== make sure your son reads this ;-)
So, as you said, if he proceeds with doing the same as he did before > result, getting infected again... Then I would consider to disable internet on his computer, or take his computer away.

For the donation, yes, it will accept it :-) Thank you very much!

Edited by miekiemoes, 24 August 2008 - 06:28 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:28 AM

Posted 29 August 2008 - 04:54 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users