Help removing

By winxpuser ยท 6 replies
Jan 2, 2009
  1. I recently became infected with Like most other people I get random pop-ups, but I also get blocked from a lot of sites ( for instance) to download updates to spybot, and adaware. I have run these and removed Virtumonde and a couple other things.

    I am using Firefox if that affects the fix.

    I ran hijackthis and have attached a log. I also found several questionable .dll/.exe in Windows/System32 all created when the popups started, that don't appear in hijackthis log.

    I appreciate your help.
  2. rev_olie

    rev_olie TS Guru Posts: 560

    Hi winxpuser

    Welcome to Techspot.

    Unfortunatley i cannot help you at the moment because your Hijack this is both installed in the wrong location and is out of date

    Remove your last install and then go here and download the new version


    Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory


    Once you have changed this, due to the nature of your problem please locate the HijackThis.exe file yourself with Windows Explorer and right click on it and select Rename. Rename to analyse.exe by just typing in analyse.exe to overwrite the old name. This is very important since a few forms of malware will hide unless HijackThis is renamed

    Thanks and when you post the new log i will re read

  3. winxpuser

    winxpuser TS Rookie Topic Starter Posts: 45

    Logs Posted

    Just completed the 8 step process after updating HiJack This.

    Ran Full System Scan with Avira Free - 2 Warnings

    [WARNING] The file could not be opened!
    [WARNING] The file could not be opened!

    Ran CCleaner

    Turned off ZoneAlarm

    Turned off SuperAntiSpyware

    Turned off AntiVirGuard

    Ran Malwarebyte's Anti-Malware - no items found

    Ran SuperAntiSpyware - no items found

    Updated JAVA - Java 6 Update 11

    Ran HiJackThis

    All problems have disappeared! Logs attached.

    Am I clean?

    I have started using the free version of Zone Alarm and Free AntiVirus Guard.
  4. rev_olie

    rev_olie TS Guru Posts: 560

    Your log appears clean :)

    It is posible it was an infected system file etc that has been removed as junk by CCleaner.

    Keep using CCleaner and Avira every 2-3 weeks but you look good now
  5. buddyholly27

    buddyholly27 TS Rookie

    Sagispul Why Didn't McAfee Spot It?!

    Hi, thank god for your website!

    I've followed your very clear 8 steps, and have attached the logs.
    Since completing it a few minutes ago I've not seen one of the damn pop-ups but if you could check the logs I'd really appreciate it?

    The timing of this attack is terrible, I'm an architecture student in my final year and this virus has put a real kink in my progress toward final submission on wednesday.. Hopefully I'll be clear!

    I'm not sure if it was the same virus but my machine was hanging at indeterminate times in a variety of applications, and I'd also started to see a pop-up claiming to be from Microsoft which would attempt to download software without me authenticating it. I recall some news about such a program a couple of months ago. Would this have been brought on by sagispul compromising my security or do I have something else I need to sort out?

    Thank you again. Do you have a Paypal or something that I can contribute something to? I have a feeling you may have saved my degree!!

  6. rev_olie

    rev_olie TS Guru Posts: 560

    Hi buddyholly27
    Welcome to Techspot.

    With this type of infection the 8 step removal process usually removes it. However on one of your log you have

    Delete on start up

    Please start your own thread in the security section as its best to double check to make sure this infection was removed on start up also it saves confusion on the existing thread.

    Create a new post here and some one will get back to you.

  7. buddyholly27

    buddyholly27 TS Rookie

    cheers for the very quick response rev_olie!

    sorry for confusing the thread, I was in a 'bit' of a blind panic and failed to follow the correct procedure. I'll re-post it now, in the right place!

    I'm just running a couple of checks, and so far they're coming back as clear.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...