Need help with Virtumonde virus.. I'm lost

Status
Not open for further replies.

CalicoNC

Posts: 9   +0
I think im infected with the virtumonde virus. A recent Spybot:Search and Destroy revealved i had a couple of entries Virtumonde.prx, Virtumonde.dll, Virtumonde, and Microsoft Windows Security Firewall bypass.Deleted them, but they come back with each scan i do. Eset NOD32 just quarantines the same files over and over again, and i doubt its helping. I included a HiJackthis log in the post. Im kind of a newbie with this. Please help me out. Thanks
 
ok here's the logs of the scans requested...

oh i forgot to mention , i did a rescan with spybot after the 8 steps, no virtumonde found!! Only the "Microsoft.Windows SecurityCenter.FirewallBypass", but im guessing my anti virus(NOD32) was resposible for this entry..is there any thing else that i would need to do? It seems like the pc is not as sluggish anymore.
 
It´s normal that antivirus are responsible for "SecurityCenter.FirewallBypass" in your case NOD32.

Unfortunality have you more infections, I´ll therefore suggest you run combofix ->

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.


Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\system32\dukazewe.dll

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::

Snapshot::

File::
c:\windows\system32\tohabapi.exe
c:\windows\system32\jidesoti.exe
c:\windows\system32\holahoro.exe
c:\windows\system32\zazovonu.exe
c:\windows\system32\wanezodo.exe
c:\windows\system32\duwapibi.dll.tmp
c:\windows\system32\juburedu.dll.tmp
c:\windows\system32\manurege.dll.tmp
c:\windows\system32\nenilahi.dll.tmp
c:\windows\system32\rozohupa.exe
c:\windows\system32\yamoleso.dll.tmp
c:\windows\system32\yekilize.dll.tmp

Folder::
c:\program files\DNA
Driver::
bDMusicb

Registry::
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKLM\~\startupfolder\C:^Documents and Settings^Benita Webb^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, as attached file

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
new log...thanks in advance didnt work in regular mode, just hung up with blinking cursor..ran it in safe mode and got it to work
 
it also looks clean :D

It was My pleasure to help.

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.




Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place

If you have any comments or questions, feel free to post back.

Otherwise - Keep safe :wave:
 
Ok i did that....cleaned the programs off, and saved a new system restore point, and deleted the old ones. It feels good to know that I have a clean system..Thanks again for helping me out.

CASE CLOSED!
 
Status
Not open for further replies.
Back