Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.com, Smitfraud, Virtumonde :[


  • Please log in to reply
2 replies to this topic

#1 ajlpenguin

ajlpenguin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 10 January 2009 - 12:32 AM

Hello,

After working with a friend on a school project, I learned that my USB drive was harboring resycle/autorun/boot.com files. I followed directions he gave me (deleting the hidden files and scanning the registry on my USB drive and laptop) - but I didn't find any more hidden files.

Later that night, IE popups began appearing on my computer (Vista) when I wasn't using IE. I ran SpyBot, which detected but could not remove Smitfraud, Smitfraud-C, Virtumonde, Virtumonde.prx. Shortly after, SpyBot dialog boxes began appearing asking me to Allow/Deny system changes (things were being added). I ran SpyBot again and apparently removed Smitfraud-Core something, so I allowed the next two system changes (removal of some run32dll files). Sometime after a reboot, my desktop wallpaper was replaced with a blue screen.

I ran Smitfraudfix in Safe Mode to no avail. Google searches lead me to believe this is something I cannot solve on my own. I would appreciate any guidance you could provide.

I'm currently backing up my files and I've prepared the DDS .txt files as per the instructions in the Malware section.

Thanks for your help,
ajlpenguin

EDIT: Is it safe to continue using my computer for e-mail and file uploading or to move files from one computer to another? This project requires collaboration but I don't want to infect other people's computers.

EDIT2: As of this morning, SpyBot found and "removed" Smitfraud C Core Service. It did not find any instances of Virtumonde. However, I'm wary because a non-system version of csrss.exe was running in my processes (I ended it). I would appreciate any guidance on this issue.

Edited by ajlpenguin, 10 January 2009 - 02:57 PM.


BC AdBot (Login to Remove)

 


#2 cborgman1

cborgman1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 10 January 2009 - 12:34 AM

get webroot virus protection

#3 ajlpenguin

ajlpenguin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 10 January 2009 - 03:53 PM

How will Webroot solve this problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users