Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloading VirtumondoBegone


  • Please log in to reply
4 replies to this topic

#1 FordPrefect

FordPrefect

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 06 September 2010 - 09:18 AM

Help! I have been following the BC Guide on How to Remove WinFixer/Virtumonde/Msevents/Trojan. I believe my computer has been infected by Virtumonde (or so SpyBot Search & Destroy informed me). Some of the nasties have been successfully removed, I think, but bits are persistent, and a couple of items keep being inserted into the Windows auto run start up, even after removal and after disabling (as Administrator). I'm not sure that these items are actually doing anything, and if they are doing something, what it is, but it is probably not good! Something somewhere keeps re-entering them into the Windows start up, but nothing has yet found what it is and removed it.

I have progressed through the steps in the guide, but they have survived rKill (and under its other 2 identities) and Malwarebytes scans, Windows Defender full scans, McAfee Security full scans, SpyBot S & D scans, and most recently, a VundoFix scan (which found no suspicious files). I have now progressed to attempt to download and try VirtumondeBegone. When I tried to download that, using the link provided in the Guide, and clicked on the save to desktop, another pop-up appeared behind the dialogue box warning me that the download had been reported as unsafe and when I ignored that I got a full page sized warning with a rather peculiar url: "res://ieframe.dll/PhishSite.htm?Threats=17&Block=0&Host=secured2khome.comcast.net" . I have taken screenshots of these warnings and saved them as .docx documents, but I don't know how to display or attach them) here.

Please, can anyone confirm on these details whether these are these fake, spurious warnings thrown out by the nasties as a pre-emptive self-defence? Is there a genuine risk to my personal info etc from downloading VirtumondoBegone? McAfee Site Advisor seems to think that the secured2khome.comcast.net site is OK. I am holding off proceeding with this download pending further advice.

Apologies if this seems to be a stupid question, but I am not very technically minded or computer savvy!

If you have bothered to read this far, and can help, then I thank you in advance!

BC AdBot (Login to Remove)

 


#2 Driesiooo

Driesiooo

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 06 September 2010 - 09:20 AM

Hello.

I think it's best for your computer, to look for an infection. Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help).

When post your (Hijackthis log +) DDS Log:
  • Be patient, it's very busy at this forum.
  • A professional expert will view your logs and will help you with that problem.
  • Do not use tools (like ComoFix) without professional experience/helper.
Good luck.

#3 FordPrefect

FordPrefect
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 07 September 2010 - 09:04 AM

Many thanks for your speedy response and advice, Driesiooo,

I will do all that (it should keep me quiet for a while!) and revert in due course.

Toodlepip!

FordPrefect

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:09 PM

Posted 07 September 2010 - 10:03 AM

VirtumondeBegone is an oudated (but legitimate) tool. The adware's infector Vundo constantly evolves and is a stubborn infection to remove.

Driesiooo is right to refer you to the Malware forum but please make sure that the logs you produce are from DDS and Gmer. We no longer use HijackThis.
Posted Image
m0le is a proud member of UNITE

#5 FordPrefect

FordPrefect
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 07 September 2010 - 06:27 PM

Thanks mOle! I appreciate the advice and support.

I had just started to read and try to get my head roung the tutorial on HijackThis (and finding it helpful if a bit scary in terms of what it could do). So I was relieved to learn I don't have to grapple with it for the moment.

I will proceed with DDS and Gmer, as advised, and leave HijackThis on the back burner for now.

Thanks again,

FordPrefect




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users