Posted 06 September 2010 - 09:18 AM
Help! I have been following the BC Guide on How to Remove WinFixer/Virtumonde/Msevents/Trojan. I believe my computer has been infected by Virtumonde (or so SpyBot Search & Destroy informed me). Some of the nasties have been successfully removed, I think, but bits are persistent, and a couple of items keep being inserted into the Windows auto run start up, even after removal and after disabling (as Administrator). I'm not sure that these items are actually doing anything, and if they are doing something, what it is, but it is probably not good! Something somewhere keeps re-entering them into the Windows start up, but nothing has yet found what it is and removed it.
I have progressed through the steps in the guide, but they have survived rKill (and under its other 2 identities) and Malwarebytes scans, Windows Defender full scans, McAfee Security full scans, SpyBot S & D scans, and most recently, a VundoFix scan (which found no suspicious files). I have now progressed to attempt to download and try VirtumondeBegone. When I tried to download that, using the link provided in the Guide, and clicked on the save to desktop, another pop-up appeared behind the dialogue box warning me that the download had been reported as unsafe and when I ignored that I got a full page sized warning with a rather peculiar url: "res://ieframe.dll/PhishSite.htm?Threats=17&Block=0&Host=secured2khome.comcast.net" . I have taken screenshots of these warnings and saved them as .docx documents, but I don't know how to display or attach them) here.
Please, can anyone confirm on these details whether these are these fake, spurious warnings thrown out by the nasties as a pre-emptive self-defence? Is there a genuine risk to my personal info etc from downloading VirtumondoBegone? McAfee Site Advisor seems to think that the secured2khome.comcast.net site is OK. I am holding off proceeding with this download pending further advice.
Apologies if this seems to be a stupid question, but I am not very technically minded or computer savvy!
If you have bothered to read this far, and can help, then I thank you in advance!