Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.dll detected, please help!


  • Please log in to reply
4 replies to this topic

#1 ChuckAmuck

ChuckAmuck

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 27 November 2010 - 09:48 AM

Hey, guys. I really hope you can help me here. A day or so ago I visited the site dailymotion.com, which I have visited many times before. This time, though, my Avast! Antivirus alerted me of an attempted trojan infiltration that it had blocked. I attempted to click on another link on the site, and it Avast! alerted me again, so I left the site. Later I ran scans using Avast!, Malwarebyes' Anti-Malware, and Spybot S&D. The first two did not detect anything, but the latter detected an entry for "virtumonde.dll," which I've learned is a very resilient adware virus. I told Spybot to fix the issue, but when I ran a scan while booting, not only did it detect it again, it now detected two entries. Subsequent scans have detected either 1 or 2 entries.

In an attempt to get rid of the virus, I downloaded VundoFix, Symantec's FixVundo, VirtumondeBeGone, and ComboFix and ran them all in SafeMode. None of the first three detected anything. When I rebooted my computer normally and ran Spybot, though, it was still detecting 2 entries of "virtumonde.dll." For some reason, Spybot seems to be the only program that can detect it. According to Spybot, the infected files are "mfc40.dll" and "mfc40.dll_tobe_deleted," both located in the C:\Windows\System32 folder. It classifies them as "TrojanC-05" and are labeled "SBI $DB0322C4" and "SBI $4792FFB9."

Please tell me how I can remove this virus. Is there a free program out there that can do the trick? If I must do it manually, how do I go about it? Any help anyone can give me would be greatly appreciated. Thank you!

~~~Chuck

BC AdBot (Login to Remove)

 


#2 wchurchill1945

wchurchill1945

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 27 November 2010 - 02:26 PM

Hi...I'm having the identical problem that you are. I just posted a topic, and after...found your topic. My posting is at http://www.bleepingcomputer.com/forums/topic363382.html.

#3 ChuckAmuck

ChuckAmuck
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 27 November 2010 - 06:53 PM

My computer also seems to be running at its normal speed, with no pop-ups. I did have to reset my default browser and toggle my recent documents back on, but I'm assuming that was due to my running ComboFix. Those settings haven't changed again, even after rebooting, so I'm assuming that wasn't related to virtumonde.dll. I also downloaded and ran Spyware Doctor, which is supposedly proven to detect and remove the virus, but even though it detected several items the other programs hadn't detected, the virtumonde.dll trojan doesn't seem to be among them. Spybot S&D is the only program so far that's been able to detect it. I would think it's a false positive if it weren't for the trojan attack which Avast! detected before the trojan was discovered.

#4 ChuckAmuck

ChuckAmuck
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 27 November 2010 - 06:56 PM

Update: this does seem to be a false positive. http://188.165.126.154/showthread.php?t=60590

#5 wchurchill1945

wchurchill1945

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 27 November 2010 - 08:32 PM

Thanks....I just checked that link and Spybot has verified that this is a false detection that they claim will be fixed in a new update this coming Wednesday. While I'm glad to hear this news...well, it sort of sucks that I've been running and rerunning scans, etc., since 3PM yesterday afternoon...so I already have 18 hours invested in looking for a non-existent problem. I'm sure that others have been performing similar tasks.......Happy Thanksgiving!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users