Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Removal Help


  • Please log in to reply
8 replies to this topic

#1 kshephe4

kshephe4

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 15 March 2007 - 08:14 AM

Hey,

I've recently discovered that my pc has a virtumonde installed. I currently run avg anti spy ware and registry mechanic, both of which are the pro editions, and neither can successfully remove the virtumonde. I am conformable editing my register and such and I was wondering if you could help out. I have already looked up a few sets of directions for removal but they do not seem to work. I know that I need to remove the key from the registry and then remove the actual file from windows directory, it sounds easy enough. I just don't know which key to remove. I pretty sure I have located the windowsupd file in the directory but it will not allow me to delete it. I know i could remove it if I booted in safe mode but I want to be 100% sure, reformatting is the last thing i want to do.(due to my 6000 songs, and 20 or so games)

Thank you,
Kody

BC AdBot (Login to Remove)

 


#2 kshephe4

kshephe4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 15 March 2007 - 08:23 AM

one more thing...

I am aware that there are many different versions of the vitrumonde so if there is anything that would let me know which version is installed that could also be helpful.

#3 buddy215

buddy215

  • Moderator
  • 13,513 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:29 PM

Posted 15 March 2007 - 09:18 AM

Have you tried these instructions?
http://www.bleepingcomputer.com/forums/t/18610/how-to-remove-winfixer-virtumonde-msevents-trojanvundob/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 kshephe4

kshephe4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 16 March 2007 - 08:36 AM

thanks for the info, that exe file was succefull but im afraid to say that i think my infection is worse. My pc is very unstable and has rebooted randomly on me a few times now. I'm giving avg one last chance but I'm afriad I'm gonna have to reformat. Do you think it would be safe to backup all my music(5000) without risk of infection?

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:29 PM

Posted 16 March 2007 - 08:42 AM

Before doing that you might want to see what is causing that : Please do the following :

Try disabling the automatically restart on system failure feature. Then you are able to read what messages appear on the blue screen and post that back here for some one to lol at.


Click Start Button

On the Start Menu click Control Panel

When the Control Panel window opens click on the System icon

The system properties window opens

Click the Advanced tab

In the Advanced tab window locate the Start and Recovery section and press the Settings button

When the settings window opens look for the System failure section

Remove the check mark from the Automatically Restart option

Click OK to Exit

You might want to consider to do an online scan on all your music files

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox

to rule out that your files are infected, especially if they were obtained via P2P applications

#6 buddy215

buddy215

  • Moderator
  • 13,513 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:29 PM

Posted 16 March 2007 - 08:43 AM

Post a Hijack This log and let the experts have a look. Post it in the Hijack This forum by following the directions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 16 March 2007 - 10:43 AM

Some variants of this malware will hide certain entries in a hijackthis log to prevent detection so you need to rename HijackThis before doing your scan and posting a log.

After following the instructions in the link buddy215 posted, open the HijackThis Folder, find the HijackThis.exe file, right click on it and select rename. Type Analyze.exe and hit "Enter". Double-click on Analyze.exe (which is still HijackThis) and post back with a new log in your next reply. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Analyze.bat or Analyze.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 kshephe4

kshephe4
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 19 March 2007 - 11:55 AM

Thanks for all the suggestions but I have actually decided to upgrade to windows vista. Any Feedback about Vista would be much appreciated though.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 PM

Posted 19 March 2007 - 12:05 PM

There are some pinned topics in the Windows Vista Forum.

Programs compatible with Vista
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users