Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


virtumonde? Infection keeps coming back!

  • This topic is locked This topic is locked
1 reply to this topic

#1 stormfrog


  • Members
  • 1 posts
  • Local time:02:12 AM

Posted 09 October 2008 - 07:11 PM


I have not be so lucky with my computers lately. All my computers have been infected by some virus/trojan and they have all had the same problems/symptoms. Almost randomly Internet access is slow or almost completely blocked. Opening google can take 10 minutes.

DNS works fine since I can ping all www domain names I am trying to access.

Ive probably tried all Spyware/Malware products available. On my first computer (Laptop) I ran Malwarebytes' Anti-Malware and together with some other software/scripts was able to root it out (I think). After that my XP installation on my stationary computer was infected, then my GF's Laptop and now my Vista installation of my stationary computer.

The problem now is that Malwarebytes' Anti-Malware doesnt found a trace of Vundo or anything else for that matter. Ive run AV full scan with updated NOD32 and not found anything either.

If I reboot computer in safemode with network it works perfectly and my internet connection is every bit as superfast as its supposed to be.

Sometimes my computer will just start working again and the "attack" on my computer doesnt seem to active. Ive checked this out using "netstat -no". At bad times when browsing internet is extremely slow netstat -no shows up some process repeatedly making connections - however the process PID shown in Netstat does not appear in taskmanager so there is no process to terminate. At good times when Internet is performing as its supposed to then Netstat -no only shows a few connections - instead of two pages with the same process (which it does when internet is slow).

At bad times I get a warning reported in Event Viewer saying "TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts."

Ive also tried all the usual, disable firewall, checked connection (works perfectly from my recently "cured" laptop).

Ive no idea what to do next. Ive run Hijackthis, Combofix but I dont know what I should be looking for.

One thing, when Combofix rebooted a process started called catchme.tmp - is that something Combofix is responisble for or is it a trojan disguising itself?

Please! Im desperate and also I am a poor student that dearly need his computer to finish his thesis and get a friggin' job! :huh: I promise you guys, if you help me with this I will invent a light sabre and train myself as a Jedi and go after the demon spawn crackpot that came up with this virus!

Ive got Hijack/combo logs ready for viewing. Just tell me and Ill attach them.


BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:12 PM

Posted 09 October 2008 - 07:36 PM

Read this and follow the directions. Don't post a combo log until asked
Note: They are busy and it will take some time
Prep guide:
HJT forum:
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users