Virtumonde, Google Redirect, False Windows Security Alerts, Blue Screens, Help

Status
Not open for further replies.
L

leftwngr

Posts: 16   +0
Got infected last week with Virtumonde, Vundo, and that Antivirus 2009 thing. My google is redirecting as is my yahoo. I tried pretty much everything I could get my hands on including:
MBAM, PC Tools Spydoctor, Dr. Web, Norman, et. al.

I came across your site and followed your 8 steps diligently. No other efforts have been made on this machine.

Computer seems to work okay, but I've still got a redirect issue and I'm still getting the false windows security alert.

During the 8 steps, I came across the names Virtumonde, Vundo, and all sorts of crazy named files. I also had to run Super Anti Spyware in Safe Mode because the computer kept crashing and giving me the blue screen.

This is a Windows XP Pro machine with SP3

I can't seem to shake this and your help would be greatly appreciated.

Thank you in advance.
 

Attachments

  • hijackthis.log
    12.3 KB · Views: 5
Hello leftwngr

It looks like you have two antivirus programs running - McAfee and Avira

You should uninstall one of them from add/remove programs in conrolpanel.

Also remove Viewpoint

Reboot.

Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.


Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
File::
C:\WINDOWS\TEMP\3219612540.exe
Click to expand...

http://www.fromsej.saknet.dk/billeder/cfscript.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Thank you for your help.

I'll get to it 1st thing in the a.m. when I get into the office.

Look forward to getting this resolved.
 
Followed your instructions and the log is attached.

I think that may have done the trick. Computer is running much better and no more re-directs. Little false warning is gone too. On the surface, it looks good. Hope it the logs reports a clean computer.

By the way, I removed McAfee, but it still seems to appear on the log.

*EDIT* Ran the McAfee Removal tool afterwards. Seems to have taken it all off. Do I need to run combofix again?

Thank you again.
 
That´s good news :)

No need to run combofix again, I´ll prefer you attach fresh hijackthis log, as there are (probably) remnants from McAfee in the log
 
Crossing Fingers

Here's the requested log.

I'm hoping it's clean.

Hey, thanks again for your help with this.
 

Attachments

  • hijackthis.log
    11.5 KB · Views: 5
Sounds good :grinthumb

Now your computer problems are solved, it is time for the clean-up procedure.

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place
 
uh oh...

touch:

got one more lingering issue here.

Yahoo search is redirecting still. For some reason I get a new window that opens up and it's linking to some ad server.

Attached is a new HT Log.

Sorry.
 
No problem :)

Let´s see a new combolog.

But, first uninstall ComboFix.exe And all Backups of files that it deleted
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


Then please download newest Combofix:
http://subs.geekstogo.com/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
 
CF Log

Touch:

Sorry for the delay. Was out of town for a bit.

I can see v1.adwarefeed.com come up everytime I use yahoo and it does a search. It is in the status bar in the lower left of firefox. Is that the problem?

Here is the requested log and thanks again.
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Samsung looking to impact the PC market with sleek third-gen Galaxy Book laptops
Replies
3
Views
711
Kam7r
K
Cal Jeffrey
Security researchers fake cancerous nodes in CT scans with machine learning
Replies
9
Views
2K
jtveg
jtveg
R
Solved Help with my computer. viruses?
Replies
24
Views
4K
Broni
Broni

Latest posts

Back