TechSpot

Can't remove Trojan.dropper and Virtumonde

By dlloyd37
May 8, 2009
  1. Hi Guys,
    Your my last hope with this:
    I have a computer that has been infected with the above trojan's and i've used many different tools so far to try and remove it. My latest attempt was with the AV software Vipre and it looked pretty good until this morning when it found a bunch of new infections.....normally i would have wiped the machine and re-installed all of the software, however the user has stuff in there which he needs and is difficult to get hold of again :(

    I will now try and user your 8 step guide on it but was wondering if i need to use the programs your suggesting, as i have Vipre as my AV and Antispyware.

    Please help!

    Thanks David
     
  2. touch

    touch TS Rookie Posts: 978

  3. dlloyd37

    dlloyd37 TS Rookie Topic Starter

    Hello there....your right about Vipre not being able to clean the
    computer, or anything else i have tried. I have just finished the 8 step
    process and have attached the logs.

    If you could have a look at these and adivise me on what action to take
    i would really appreciate that.

    Thanks again for your time and patience its really appreciated

    David

    View attachment 48013

    View attachment 48014

    View attachment 48015

    I forgot to add that Vipre after 2 scans came up with the following in step 1

    TrojanDropper-win32/opachki.A - Trojan downloader 10 risk traces

    Thanks again

    David
     
  4. touch

    touch TS Rookie Posts: 978

    Update malwarebyte, run a complete scan, and have it to fix what it find.

    Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
    http://www.bleepingcomputer.com/files/lspfix.php
    Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
    Click on -> I know what I'm doing – then – Finish – button

    Reboot.


    Please download Combofix from:
    http://subs.geekstogo.com/ComboFix.exe
    And save to the desktop.

    Close all other browser windows.

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.

    Attach the contents of that log in your next reply
     
  5. dlloyd37

    dlloyd37 TS Rookie Topic Starter

  6. touch

    touch TS Rookie Posts: 978

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with fresh hijackthis log.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  7. dlloyd37

    dlloyd37 TS Rookie Topic Starter

  8. touch

    touch TS Rookie Posts: 978

    Clean log´s :)

    How are things running now ?
     
  9. dlloyd37

    dlloyd37 TS Rookie Topic Starter

    Touch....your a legend :)

    I ran a Vipre scan after combo fix had done its stuff (with the script you provided) and it found a few cookies (no problem there) but also a backdoor.bfrost trojan. I got vipre to clean that and re-booted. I ran another quick scan and it came up clean (can't believe Vipre manged to actually clean something!) I then ran a deep scan and same...clean!!! I then logged in as the user and ran another deep scan and its clean. I learnt a lot this weekend about trojans.....no market scanners could clean the machine and beleive me i tried em all...eset, vipre, norton, pctools. It was at this point i found these boards and what a find!!!! It seems to me that the market scanners maybe good at prevention, but as for clean ups, forget it.

    You sir are fantastic and you have not only educated me, but guided me through the removal process with patience and opened my eyes to the real ways of trojan removals....i thank you!

    David
     
  10. touch

    touch TS Rookie Posts: 978

    Thank you for the kind words :)

    Please attach new hijackthis log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...