Posted 27 November 2010 - 09:48 AM
Hey, guys. I really hope you can help me here. A day or so ago I visited the site dailymotion.com, which I have visited many times before. This time, though, my Avast! Antivirus alerted me of an attempted trojan infiltration that it had blocked. I attempted to click on another link on the site, and it Avast! alerted me again, so I left the site. Later I ran scans using Avast!, Malwarebyes' Anti-Malware, and Spybot S&D. The first two did not detect anything, but the latter detected an entry for "virtumonde.dll," which I've learned is a very resilient adware virus. I told Spybot to fix the issue, but when I ran a scan while booting, not only did it detect it again, it now detected two entries. Subsequent scans have detected either 1 or 2 entries.
In an attempt to get rid of the virus, I downloaded VundoFix, Symantec's FixVundo, VirtumondeBeGone, and ComboFix and ran them all in SafeMode. None of the first three detected anything. When I rebooted my computer normally and ran Spybot, though, it was still detecting 2 entries of "virtumonde.dll." For some reason, Spybot seems to be the only program that can detect it. According to Spybot, the infected files are "mfc40.dll" and "mfc40.dll_tobe_deleted," both located in the C:\Windows\System32 folder. It classifies them as "TrojanC-05" and are labeled "SBI $DB0322C4" and "SBI $4792FFB9."
Please tell me how I can remove this virus. Is there a free program out there that can do the trick? If I must do it manually, how do I go about it? Any help anyone can give me would be greatly appreciated. Thank you!