I've been trying to clean up (over the phone) a nasty virtumonde infection.
After several hours of scanning and frustration, the computer is being driven up from LA to Sant Barbara so I can get hands on with it.
This thing did some fun stuff, such as deleting msconfig.exe (bypassing windows system file protection).
The damned thing seems to be MORE aggressive in safe mode, and it looks like it's hooking into lsass.exe.
The computer should arrive in about 90 minutes, so I'll start from there.
So far I've tried the typical Spybot, HJT, VundoFix, VirtumundoBeGone, and a few other things. Nothing seems to help, the damned random.dlls keep coming back on reboot.
This is the worst Virtumone infection I've ever seen.
I'll be stripping away every unnecessary program and service when the computer gets here, and following the general guidelines and posting logs.
If anyone is reading - want to check back in around 4 or 5 hours (the machine's slow, so scans take a while...)?
After several hours of scanning and frustration, the computer is being driven up from LA to Sant Barbara so I can get hands on with it.
This thing did some fun stuff, such as deleting msconfig.exe (bypassing windows system file protection).
The damned thing seems to be MORE aggressive in safe mode, and it looks like it's hooking into lsass.exe.
The computer should arrive in about 90 minutes, so I'll start from there.
So far I've tried the typical Spybot, HJT, VundoFix, VirtumundoBeGone, and a few other things. Nothing seems to help, the damned random.dlls keep coming back on reboot.
This is the worst Virtumone infection I've ever seen.
I'll be stripping away every unnecessary program and service when the computer gets here, and following the general guidelines and posting logs.
If anyone is reading - want to check back in around 4 or 5 hours (the machine's slow, so scans take a while...)?