Virtumonde problem i need help with please!

  gazmix 19:00 09 Sep 2007
Locked

Hi
I noticed my AVG threat detector detected something after i downloaded the 'Shareaza' file share programme.
I started to recieve a file in stages & i got the threat detection!
I clicked on 'heal' & apparently it healed!
I got it again!
I cancelled all file shares & uninstalled Shareaza & ran Spybot!

It found the usual, plus 5 entries of Virtumonde!
I googled virtumonde & this guy said that hehad this & couldn't remove it. He could only move 4 of 6 entries. Also that it is in the memory ?? sorry but i aint got a clue realy!!
Apparently virtumonde hides itself & causes browser hijack & popups, this i'm getting!!

It said that the only way of getting rid, was with windows onecare scan, but i tried this & it said it can't be done on my pc as i have to upgrade!!
Could it be that i'm using Mozilla?

What can i do? Apparently a hijackthis log one't find anything & neither will other anti virus scans it mentioned!

Thanks

Gaz

  VoG II 19:04 09 Sep 2007
  Fingees 19:08 09 Sep 2007

This may also tell you something about it

click here

  gazmix 19:16 09 Sep 2007

I'll have a look, cheers.
I have both firefox & IE, i thought the onecare wouldn't work with ff, so i tryed with IE, it said my security settings were disabling me from doing the online check!, i have AVG & ZA, i was wondering if my ZA firewall may not be set up correct!
How should it be set up?
Gaz

  gazmix 14:20 10 Sep 2007

I read Fingees link befoe, this is why i wrote what i did in my 1st post.

I have run Rogue remover which seemed ok & posted a hijackthis log on malwareremover.com.

Spybot found 5 entries of virtumonde & according to Spybot, it also deleted them. But on the link in Fingees post, it says that Spybot can't always delete them.

Now when i turn on my pc & evertyhing on my desktop loads up & before i go online, i get a ZA programme
alert saying ' tmp24.tmp.exe ' is trying to access the internet!!
What could this be, i've googled it & i don't understand.
Any help appreciated
Gaz

  wee eddie 14:25 10 Sep 2007

I had this problem a while back.

I contacted Spybot and I think that it was Karen there that solved it for me.

  mfletch 14:33 10 Sep 2007

Hi did you use Vundofix and then Virtumundobegone if the Vundofix did not work,

As VoG said earlier?

click here


mfletch

  gazmix 14:57 10 Sep 2007

I ran VundoFix, it found 4 files, i followed the instructions, pc rebooted.

It said that if Vundofix couldn't remove any files, it would run on reboot.
It hasn't automaticaly started on reboot, so does this mean that it's got rid of Virtumonde from my system?
Would it have automaticaly run again after reboot if it couldn't remove files the 1st time??

  mfletch 15:25 10 Sep 2007

This is how to use it,

1/Double-click VundoFix.exe to run it.

2/ Click the Scan for Vundo button.

3/ Once it's done scanning, click the Remove Vundo button.

4/ You will receive a prompt asking if you want to remove the files, click YES.

5/ Once you click yes, your desktop will go blank as it starts removing Vundo.

6/ When completed, it will prompt that it will reboot your computer, click OK.

7/ Vundo should now be gone.

ou should be clean know!

mfletch

  gazmix 15:33 10 Sep 2007

Hi
I have run Vundofix & it showed 4 entries, it rebooted & didn't reappear after reboot, so i guess it removed all files!

I ran Virtumondebegone in Safe Mode as instructed & this is the logfile:-


[09/10/2007, 15:16:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\user\Desktop\VirtumundoBeGone.exe" )
[09/10/2007, 15:16:44] - Detected System Information:
[09/10/2007, 15:16:44] - Windows Version: 5.1.2600, Service Pack 2
[09/10/2007, 15:16:44] - Current Username: user (Admin)
[09/10/2007, 15:16:44] - Windows is in SAFE mode with Networking.
[09/10/2007, 15:16:44] - Searching for Browser Helper Objects:
[09/10/2007, 15:16:44] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/10/2007, 15:16:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/10/2007, 15:16:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/10/2007, 15:16:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/10/2007, 15:16:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/10/2007, 15:16:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/10/2007, 15:16:44] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[09/10/2007, 15:16:44] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[09/10/2007, 15:16:44] - Finished Searching Browser Helper Objects
[09/10/2007, 15:16:44] - Finishing up...
[09/10/2007, 15:16:44] - Nothing found! Exiting...


As you can see, it's says all is ok!!
But how can i tell for definate!

When i boot my pc & before i logon to internet, i get the ZA programme alert saying:-
tmp24.tmp.exe is trying to access the internet!
This has just started since i had issues with the Virtumonde!
Could this be part of Virtumonde or something else?
Thanks

  mfletch 15:45 10 Sep 2007

Hi I don't think it is anything to do with the vundo {BUT I AM NO EXPERT}

Try using this if it does not work you will have to seek pro/help click here?

First Delete All Temp Internet Files and All Cookies,

Then.

Download this Free Antispyware {Superantispyware} Before using the Antispyware for the first time check for any updates.

click here

Good luck.

mfletch

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

See the work of famous artists playing with toys

iPad Pro 10.5in (2017) review

Comment faire une capture d’écran sur un Mac ?