Hello,
I have obtained the virtumundo malware ect. In attempting to follow your instructions, I run into a problem. First a bit of background. After obtaining this, I ran a scan with NOD32 antivirus and was deleting various .exe files it was red flagging and prompting me about. A log:
Scan performed at: 5/24/2007 13:22:17 PM
Scanning Log
NOD32 version 2277 (20070518) NT
Command line: c:\windows\system32\drvlal.dll c:\program files\ipwindows\ipwins.exe C:\WINDOWS\system32\drvlal.dll
Date: 24.5.2007 Time: 13:22:18
Anti-Stealth technology is enabled.
Scanned disks, folders and files: c:\windows\system32\drvlal.dll; c:\program files\ipwindows\ipwins.exe
c:\windows\system32\drvlal.dll - a variant of Win32/Agent.QT trojan
c:\program files\ipwindows\ipwins.exe - Win32/Adware.Toolbar.888Bar application - deleted
Number of scanned files: 2
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 13:22:44 Total scanning time: 26 sec (00:00:26)
Notes:
[2] File is being used (open or running). System restart is required for the cleaning to complete.
So I reboot, and then this occurs every time I try to complete the scan/cleaning:
Time Module Object Name Threat Action User Information
5/24/2007 17:26:13 PM AMON file C:\WINDOWS\system32\ntio256.sys Win32/Rootkit.Agent.CF trojan NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
Exasperated by several reboots when I attempted to get rid of this, I google searched drvlal.dll thinking it was a system file that I needed to get a clean copy of and put back into the system32 folder, which if you were to do this is the only website that comes up. After looking around, I was attempting to follow your instructions and run the online scan when I ran into the same NT AUTHORITY\SYSTEM forced reboot. It seems any time I get near this thing it forces a reboot. Any advice on how to proceed is greatly appreciated.
I have obtained the virtumundo malware ect. In attempting to follow your instructions, I run into a problem. First a bit of background. After obtaining this, I ran a scan with NOD32 antivirus and was deleting various .exe files it was red flagging and prompting me about. A log:
Scan performed at: 5/24/2007 13:22:17 PM
Scanning Log
NOD32 version 2277 (20070518) NT
Command line: c:\windows\system32\drvlal.dll c:\program files\ipwindows\ipwins.exe C:\WINDOWS\system32\drvlal.dll
Date: 24.5.2007 Time: 13:22:18
Anti-Stealth technology is enabled.
Scanned disks, folders and files: c:\windows\system32\drvlal.dll; c:\program files\ipwindows\ipwins.exe
c:\windows\system32\drvlal.dll - a variant of Win32/Agent.QT trojan
c:\program files\ipwindows\ipwins.exe - Win32/Adware.Toolbar.888Bar application - deleted
Number of scanned files: 2
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 13:22:44 Total scanning time: 26 sec (00:00:26)
Notes:
[2] File is being used (open or running). System restart is required for the cleaning to complete.
So I reboot, and then this occurs every time I try to complete the scan/cleaning:
Time Module Object Name Threat Action User Information
5/24/2007 17:26:13 PM AMON file C:\WINDOWS\system32\ntio256.sys Win32/Rootkit.Agent.CF trojan NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
Exasperated by several reboots when I attempted to get rid of this, I google searched drvlal.dll thinking it was a system file that I needed to get a clean copy of and put back into the system32 folder, which if you were to do this is the only website that comes up. After looking around, I was attempting to follow your instructions and run the online scan when I ran into the same NT AUTHORITY\SYSTEM forced reboot. It seems any time I get near this thing it forces a reboot. Any advice on how to proceed is greatly appreciated.