Can't remove Trojan.dropper and Virtumonde

[dlloyd37]

Hi Guys,
Your my last hope with this:
I have a computer that has been infected with the above trojan's and i've used many different tools so far to try and remove it. My latest attempt was with the AV software Vipre and it looked pretty good until this morning when it found a bunch of new infections.....normally i would have wiped the machine and re-installed all of the software, however the user has stuff in there which he needs and is difficult to get hold of again

I will now try and user your 8 step guide on it but was wondering if i need to use the programs your suggesting, as i have Vipre as my AV and Antispyware.

Please help!

Thanks David

 

[touch]

Hello dlloyd37

Vipre are apparently not good enough to clean a computer.

I´ll therefore suggest, you ->

Run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply

 

[dlloyd37]

Hello there....your right about Vipre not being able to clean the
computer, or anything else i have tried. I have just finished the 8 step
process and have attached the logs.

If you could have a look at these and adivise me on what action to take
i would really appreciate that.

Thanks again for your time and patience its really appreciated

David

View attachment 48013

View attachment 48014

View attachment 48015

I forgot to add that Vipre after 2 scans came up with the following in step 1

TrojanDropper-win32/opachki.A - Trojan downloader 10 risk traces

Thanks again

David

 

[touch]

Update malwarebyte, run a complete scan, and have it to fix what it find.

Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:
http://www.bleepingcomputer.com/files/lspfix.php
Once the file is downloaded navigate to where you saved the file and double-click on it to start the application
Click on -> I know what I'm doing – then – Finish – button

Reboot.


Please download Combofix from:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Attach the contents of that log in your next reply

 

[dlloyd37]

View attachment 48023

 

[touch]

Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\windows\pss\ChkDisk.lnk
c:\windows\pss\ChkDisk.dll
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ChkDisk.dll]
[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ChkDisk.lnk]

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post, along with fresh hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[dlloyd37]

Here we go....latest logs as requested.

View attachment 48060

View attachment 48061

Thanks again for all this

David

 

[touch]

Clean log´s

How are things running now ?

 

[dlloyd37]

Touch....your a legend

I ran a Vipre scan after combo fix had done its stuff (with the script you provided) and it found a few cookies (no problem there) but also a backdoor.bfrost trojan. I got vipre to clean that and re-booted. I ran another quick scan and it came up clean (can't believe Vipre manged to actually clean something!) I then ran a deep scan and same...clean!!! I then logged in as the user and ran another deep scan and its clean. I learnt a lot this weekend about trojans.....no market scanners could clean the machine and beleive me i tried em all...eset, vipre, norton, pctools. It was at this point i found these boards and what a find!!!! It seems to me that the market scanners maybe good at prevention, but as for clean ups, forget it.

You sir are fantastic and you have not only educated me, but guided me through the removal process with patience and opened my eyes to the real ways of trojan removals....i thank you!

David

 

[touch]

Thank you for the kind words

Please attach new hijackthis log