Unsure about trojan VirtuMonde

[Ultrimo]

Hi, I've recently been infected by this virus and have tried many different ways of attempting to remove it. I have used spybot which didn't do much then following that I removed NOD32 and Zonealarm, replacing them with Microsoft Live OneCare which I can't say is anything better but seems to have done the job. It quarantined the virus and my computer has been back to speed, no random popups and able to access websites again.

The reason I'm here is because I'm unsure if I've completely won against this virus and if any traces still remain. I'm afraid of trojans and tools that are created with the sole purpose of removing this trojan cannot find it (even when I still had it). I am afraid of keyloggers and such and am unaware on how I was infected in the first place. Is there a way of truely finding out if the virus is wiped out?

My spybot scan result showed no traces but it never did find all of the virus in the first place.

EDIT: I should note that i'm running Windows XP 32 bit.

 

[Ultrimo]

Help guys?

I've added the log. I just need someone to check if i'm still infected.

Thanks in advance.

 

[xxdanielxx]

I will check your log but for now can you click on the blue text on my sig to download MBA, make sure to install and update it then run a full system scan in safe mode and post the log in your next reply.

Also download combofix from the link below save it to your desktop then run it make sure to disable any antivirus, firewall or spyware apps you have before running it. Then post that log here also.

combofix
https://www.techspot.com/downloads/5587-combofix.html

 

[Ultrimo]

I am able to disable OneCare's firewall and virus/spyware scanning but cannot turn it off completely without uninstalling it. Is this okay?

 

[Ultrimo]

Here you go.

 

[xxdanielxx]

we just want to disable the real time monitor can you post a fresh hijackthis log. How is your computer running now

 

[Ultrimo]

The computer is running better. I need to make sure that I've got rid of it completely because of it's keylogger. As for the popups and denied web browsing, it seems to have gone.

 

[xxdanielxx]

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

[xxdanielxx]

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

[Ultrimo]

Thank you so very much!

To be honest, i'm quite good at computers and such but it wasn't until now that I realised how easy it is to create a system restore point!


If any issues should rise I'll come back here 'cause you rock!