Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virtumonde Infection - Letting Other Adware Into My Computer


  • This topic is locked This topic is locked
1 reply to this topic

#1 Dantesgirl

Dantesgirl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 12 October 2008 - 12:17 PM

I have posted this same problem on numerous forums and nobody will help me, I just hope that you fine people can help me.

--
A few days ago, I ran some routine scans and found that Spybot S&D has detected Virtumonde.sci. Ever since, I've been trying to get rid of it, but to no avail.

Since then, everytime I scan with Spyware Doctor, there is always more spyware/adware such as Advertising and Generic. These have posted no threat so far, but I'm seriously concerned in case Virtumonde lets in something more deadly, especially since I've only had this laptop for around three weeks.

For the sake of convenience, here is a list of things I have done to try and remove this nasty bug:
+ Deleted suspicious looking files myself with HijackThis - didn't work, Virtumonde has a DLL file which relaunches these files upon reboot.
+ Scanned with Ad-Aware - nothing found.
+ Scanned with MalwareBytes (usually very reliable) - nothing found.
+ Scanned with Spyware Doctor (also usually very reliable) - nothing found.
+ Scanned with Spybot S&D - the only scanner that identified Virtumonde.sci, but cannot permanently remove due to that pesky DLL file.
+ Scanned with VundoFix - nothing found.
+ Scanned with Symantec's Virtumonde Removal Tool - received C++ error upon scanning, Task Manager couldn't end it so I had to log off. (A sign maybe?)
+ Scanned with Spybot S&D during Safe Mode - found Virtumonde.sci again, but still couldn't permanently remove it.
+ Scanned with Ad-Aware during Safe Mode - nothing found.
+ Scanned with MalwareBytes during Safe Mode - nothing found.
+ Scanned with Spyware Doctor during Safe Mode - nothing found.

As you can tell from my list, I'm pretty frustrated and feel that I've run out of options. Below is my recent HijackThis log, uninstall log and start-up log - I hope this helps. I also have a ComboFix log, but I have been informed not to post it unless requested. Until I am, I will keep it to myself.

Again, for the sake of convenience, here are the two files that I tried to remove using HijackThis as they looked suspicious:
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)

Please note:
'O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - (no file)' Didn't appear until after I tried to remove Virtumonde.sci with Spybot S&D during Safe Mode, is there a particular reason for this?

Help is very much appreciated and this website will be HIGHLY recommended to my friends, thank you.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Cookiegal

Cookiegal

  • Security Colleague
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:28 AM

Posted 14 October 2008 - 03:47 PM

Sincere we're working on this at Tech Support Guy, I'm going to close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users