Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


BIG Problem - Virus(es) is doing the following:

  • Please log in to reply
1 reply to this topic

#1 deadweight092


  • Members
  • 1 posts
  • Local time:11:39 AM

Posted 05 April 2009 - 03:58 PM

(Sorry i just could not fit it all in the topic title... BEWARE this is a long one)
So, I downloaded a file, that had 4 virus' in it. Like 2 or so Trojans, a backdoor, and one other. I didn't know it at the time.
The viruses seem to make my CPU overloaded with the normal very small amount i used everyday, (E.G. i open task manager any other day it says 2% CPU being used now with same programs open it says 38% CPU used, note that is not a constant variable)
On top of this, it would all at once start to have my applications fail. The screen on an application would go black and never respond.

Anyway, I had run Ad-Aware to get rid of the viruses and nothing was working, it found them but when i hit quarantine and scanned again they were their again.
Then i stumbled unto this website through google. I followed the steps on the how to delete maleware, etc. Anyway, i followed the steps and before-hand i had copied all the data from the virus' down onto a paper and was looking for it in autorun. I could only find one of them. I cannot recall the name of the file but i hit delete so it wouldnt start on startup. I knew it was it though because when i copied it from ad aware the HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks was where its HKLM location was,
NOTE: excluding the Wow6432Node. Everything was there EXCEPT for Wow6432Node.
it was also the same HKCR value: \clsid\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
NOTE: This is the same value for all the viruses.
well, i figured that was all i had to do in safe mode, like the tutorial said.

So then i went to normal mode to delete the virus manually from My Computer. I opened it and it would not show the virus'. So i went to the show hidden files tutorial and looked at my control panel. The only thing was, was that in my views, either of them, the "Folder options" was not available nor was the "radio icon" button i was supposed to press. (at this point i threw a ceramic cup at the wall). Anyways, i continued to look for the folder in a search engine when the windows started to close on me again. I restarted the computer and went back to safe mode, finding another startup program just like the previous, but with the name 'wvukbqia.dll' (Other name of virus was similar in the jibberish-like type with no name). This has the same previously stated value. Unverified by Microsoft, and if you need a video or picture of something tell me and i will get it up here as soon as i can. Please respond quickly, and if i by-some-miracle figure this out, i will edit the post saying you dont have to do anything. But for right now, DO SOMETHING PLEASE :'(. Or if you need more info please tell me.

Main problems:
Reoccuring virus/evil mutation that is taking over my computer.
No "folder options" or whatever was mentioned in the control panel home view with the radio icon.

ANOTHER EDIT: This is pissing me off, the one of the viruses must be programmed to disable the folder options thing as well as regedit, because i will reset the regedit permissions in an elevated command prompt, and then add the folder options again, and then all of a sudden when i 'x' out the computer loads, loads and loads, then it will all have been undone/removed.
EdIT: Belongs to the Virtumonde family
edit!!: YAY I think i have it...im such a noob at this stuff...

Edited by deadweight092, 05 April 2009 - 05:00 PM.
Moved from Windows Vista forum

BC AdBot (Login to Remove)


#2 extremeboy


  • Malware Response Team
  • 12,975 posts
  • Gender:Male
  • Local time:11:39 AM

Posted 05 April 2009 - 08:40 PM


Glad you removed it. If you want to make sure if there's anything else. Try MBAM and see if there's anything else..

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

With Regards,
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users