Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Generic 12/Virtumonde - not sure if completely removed?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Virtual Canada

Virtual Canada

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 17 November 2008 - 12:05 PM

Late last night my son's XP SP3 laptop started crashing with blue screens
Examination of the AVG 7.5 Virus Vault in Safe Mode revealed an absolute mess
with variants of Trojan Horse.Generic.12 being the most common. At the time
I can't say I noticed Virtumonde or not at that time.

While is Safe Mode with Networking browsing to any "security" site was hijacked,
so I transferred necessary programs from a working pc on a usb key.


These are the programs I have programs run to (1) stop the crashing and (2) stop the browser hijacking.

CCcleaner
Malwarebytes Anti-Malware
SDfix
ESET online scan
Vundofix
VirtumundoBegone



Subsequent AVG and ESET scan "appear" to show things are back to normal.

I ran both Spybot 1.52 then 1.6 and Virtumonde continues to show up making me nervous that
though there is no crashing or browser hijacking.


In my haste to fix this machine I have already run Combofix "before" asking for help.

After doing so I reran SpyBot 1.6 and it didn't find anything.

I'm at the point now where I need your advice on how to proceed.

BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 17 November 2008 - 12:27 PM

Hi Virtual Canada,

Since you've already run Combofix, it would help if you'd post your Combofix log without running it again. If you rerun it, the new log will overwrite the old one. Then get a copy of HijackThis according to the instructions in This Topic

Post both of these in the HijackThis and Malware Forum. It may also be necessary to run a scan that will pick up recently installed files in your win32 folder, but someone in malware removal will tell you if they need further scans.

Zllio

#3 Virtual Canada

Virtual Canada
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 17 November 2008 - 12:47 PM

Thanks Zllio - I'll post them over there now.

vc

#4 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:07:40 PM

Posted 17 November 2008 - 05:10 PM

Since you have a posting in the HijackThis Logs and Malware Removal forum, I'm going to close this Topic.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If you have any questions, don't hesitate to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users