TechSpot

My computer is Virtumonde infected, please help

By randyhawk
Jan 1, 2009
Topic Status:
Not open for further replies.
  1. i have pop up problems and my anti virus is currupted, here is my log, can somebody help
     
  2. seanc

    seanc TS Rookie Posts: 284

    First use hijackthis to remove these items:
    Download and run the Avenger from here: http://swandog46.geekstogo.com/
    Let it scan for rootkits and check the box asking it to automatically remove the ones it finds.

    Download and run super antispyware http://www.superantispyware.com/download.html
    Do a complete scan and remove all items it finds.

    Download and run malwarebytes http://www.malwarebytes.org/
    Do a complete scan and remove all items it finds.

    Keep scanning with super anti spyware and malwarebytes this until it can find and remove nothing.

    Update your antivirus and make sure it's working properly. A recommended one is AVG. http://free.avg.com/

    Switch to using Mozilla Firefox http://www.mozilla.com/en-US/firefox/ and DO NOT use Internet Explorer - it's a great big security hole.

    Good luck
     
  3. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    i have done all step by step as directed by SEANC and uninstall my old avg and i am trying to istall new ANG antivius but its giving problems
    first it says some installation files are currupted...please download fresh copy
    and some times its starts installing but says instaltion folder is missing

    here is my fresh log
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  5. seanc

    seanc TS Rookie Posts: 284

    I'll have to give Avira a shot and see what it's like.

    I quite like AVG but if there's a better free alternative then it's worth a try.

    I got free licenses of Kasperskey Internet Security 2009 via my bank but was let down by a process that likes to stick at 100% and can only be cured by a reboot.
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Put it this way I check and repair about 20+ Virus\Malware posts a day (although some days -- none)
    And I always say get rid of what they have (really a huge assortment of things)
    And install Avira.
    Every single one has been then resolved (obviously doing other things too)
    But in my view free Avira (with the annoying splash screen, only when it updates) is the best
    Oh, and I use it too ;)
     
  7. seanc

    seanc TS Rookie Posts: 284

    randyhawk

    Things are looking brighter but there's still a couple of files I've identified in your hijackthis log:

    Please remove those, they're most likely the cause of your AVG problems.

    Also run a couple more complete cycles of Malware Bytes and Super Anti Spyware (make sure they're updated!)
    Did the log for avenger say it had found and removed a rootkit?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  9. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    thanks for all your help guys, i am up and running again. i am using firefox and comodo firewall with avira anti virus
    is it safe to use widows xp fireball with comodo at same time and am not able to delete 2 hugozepuhu entries in ht they are coming back again and again
     
  10. seanc

    seanc TS Rookie Posts: 284

    Did the log for avenger say it had found and removed a rootkit?
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I'm still waiting for the first Malware Bytes and Super Anti Spyware logs
    Many users forget to remove found entries
    And in most cases Malwarebytes (updated) needs to be run multiple times
    Did you want to post these logs for the first time (as per the guide) ?
     
     
  12. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    i forgot to save log, can i scan and save log now
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes please Attach all the logs
    ie
    MalwareBytes <= Ideally a recent updated scan, and manually removal of found issues, completed
    SuperAntiSpyware <== It's amazing how many spywares this scan can find and remove, by itself
    HijackThis<== After restarting; running this one, is the world's best way, of knowing what's running (Malware wise)

    But your choice ;)
     
  14. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    here are my scan logs
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Is now old

    As stated above, you must update it first
    There is an update tab in the Malwarebytes program to do this
    Please update it, and then run a full scan with the new updates installed

    Oh, update it first ;)
     
  16. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    here is updated scans
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I don't mean to be rude, but your above post is usually what most users post on Post#1, but it has taken 15 posts for you to get there

    In all cases of Virus\Malware issues, it is best to post these 3 logs, as per the guide, otherwise, well, it's just a waste of posts getting there.
    I believe member seanc has helped extremely well under the circumstances (ie limited info supplied) But just to let you know, I personally don't check anything until the logs are supplied

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.
    9. Attach the report, and a new HJT log ;)
     
  18. randyhawk

    randyhawk TS Rookie Topic Starter Posts: 59

    sorry about posting results late, usually i work long hours and feel lazy anyway here are logs
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    That's ok

    Please Scan with HJT and tick and fix all the following:
    (best to have any Internet browser closed first)
    Then run CCleaner again
    Then restart

    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Then you're done :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.