Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New, stronger Virtumonde (Vundo) strain?


  • Please log in to reply
3 replies to this topic

#1 nexirae

nexirae

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 05 December 2008 - 06:55 PM

So, on my other computer I have some new trojan that's making my life a living hell.

My computer is running on Windows Vista.

I'm fairly certain it's some sort of strain of Virtumonde. Trend Micro finds a few instances of it, as does Ad-Aware, but neither completely removes it. I tried using system restore twice, to no effect.

The problems:

-When not in safe mode, it slows the computer to the point of being worthless (it's new - from the summer - and runs slower than my 5-year old laptop)
-It blocks internet access when not in safe mode
-Even when in safe mode, it blocks downloading and uses Denial of Service with Google (although Google cache pages still work)
-It does not let me run most anti-malware/spyware programs (specifically, Spybot, Spyhunter, MalwareBytes)
-The program VundoFix found some instances of bad dll files, which it fixed and no longer finds (but not all of them, as the problems are still here)

Most of the solutions online recommend using one of the programs which this trojan is blocking to remove it. But I can neither install nor run them, so what good does that do me?

Furthermore, the computer is not allowing me to run regedit to attempt to manually remove the thing.

So, suggestions? I think I may just wipe the system clean. I can't think of anything else.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:10 PM

Posted 05 December 2008 - 07:09 PM

Vundo is always changing, it's a cat and mouse game, malware writters cooperate just like antimalware writters, maybe more so

http://www.bleepingcomputer.com/forums/ind...mp;#entry944365

You didn't mention malwarebytes
Chewy

No. Try not. Do... or do not. There is no try.

#3 nexirae

nexirae
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 05 December 2008 - 08:02 PM

I did mention MalwareBytes - it's one of the anti-malware programs that are being blocked from running. When you try to run it, the computer just doesn't acknowledge that you did anything.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:10 PM

Posted 05 December 2008 - 10:22 PM

Try renaming the installer, and if that doesn't work try renaming the executable in it's program folder

Have you tried drwebcureit from safe mode

http://www.bleepingcomputer.com/forums/ind...t&p=1011559

Sorry I missed the MBAM reference
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users