TechSpot

Win32/vmalum.egwr and darksma

By kouseki
Oct 24, 2008
  1. Hi, I've gotten alerts that I have win32/vmalum.egwr and darksma on my computer. I've followed the steps in the 8-step virus/spyware/malware removal instructions, and I would like someone to take a look at my logs to see if things are fine right now.
    Thanks in advance.

    Edit: Oops.. I forgot to include the symptoms... I'm running Windows XP. The spyware/virus screwed my automatic updates for windows up (when I clicked on the button to turn it on, it refused to turn on). It screwed my CA Security firewall up... It acts as if it was not installed when it is(I get the little icon that indicates it is not installed). I get a lot of pop-ups, as expected.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As you noted in the mbam log, it cleared a significant Vundo infection- we may need to run the Viodo Fix also, but the following need to be handled.

    Update the Java to v6u10 here: http://java.com/en/download/manual.jsp

    Please reopen HijackThis and CHECK the following processes:
    Questionable:
    Duplicate language converters: Check the functions of each of these. If you are not specifically utilizing BOTH, have HijackThis remove the one you don't need:
    The following will expose you to constant source of infection. I recommend you stop the processes and uninstall BitComet:
    I cannot verify the CLSID. Recommend stop both of the following:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK all but the AV and Firewall, touchpad if on laptop, network process if on network> Apply> OK

    Control Panel> Add/Remove programs> UNINSTALL the following:
    Start> Run> services.msc. right click on CLTNetCnService> Properties> change Startup type to Disabled.
    It appears you may have had the Symantec Security Suite, but uninstall did not remove this process. I will have you download the removal tool to run later.

    Reboot into Normal mode. you will get a nag message that you can close after checking 'don't show this message again'.

    Rescan with HijackThis and attach log. Please give current status of system at that time.

    Download Norton Removal Tool and Save to Desktop. Open and run from there:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...