Posted 28 January 2010 - 08:16 PM
My name is Patrick. I've been using computers for many years now and finally fate has caught up with me.
I'd been using AVG for virus protection and I still managed to pick up what I believe to be Virtumonde.
Once my computer started acting up I shut it down, removed the hard drives, and used another computer (my laptop) with an external drive kit to scan each partition. Lots of nasties were found including peluloge.dll, several other similarly named dlls, and a file called winlogon32.exe.
I had to manually remove those files, which I did, and so that I could log into the system I copied winlogon.exe to winlogon32.exe.
When I started the system back up, it seems to be clean. I installed Avast and Spybot S&D on it and everything looks clean.
The problem is, there's some residual damage that VM has done.
None of my user accounts will start explorer when I log in. Also, the user account that I was logged into when I got the bug has task manager DISABLED in the security (Ctrl-Alt-Del) window. I can start explorer from the other users by opening task manager and running it as a new task.
Does anyone have experience at repairing this kind of damage ?
Is it known what Virtumonde does to the registry ? I have a backup of the registry but it's quite old.