Adware.Virtumonde Variation

Hows it going people, this is my first post on this forum so bare with me if I happen to be neglecting some of the rules I have not had a full chance to take a look at them and its 2am and i've been working on this system for 2 days straight and cannot get this one spyware bot off this system.

When I was givien this system 2-3 days ago it was completely infected with a ton of spyware and other crap that was un-needed... through-out the past couple of days I have been able to remove all the the spyware from the system except for Adware.Virtumonde (Norton Anti-Virus detects it as that) which manifests itself in dvdfax.exe which is a running process that I cannot kill. When I boot in safe-mode and run scans with Ad-Aware I get results s saying 4 reg keys and entries as Virtumonde as the vendor, and when I run SpyBot I get 4 Reg entries and they are called ATLEvents in that report, and when I boot into Safe Mode it is one of the 14 running processes. When I go into the registry there is a value in runonce that is the dvdfax.exe rerun line that I cannot delete, everytime I do the next time I go back into the regedit it is back, along with the two ATLEvents folders and values..

I am set to give this system back to this girl who I have been working on it for tomorrow afternoon sometime and I would love to get this last nasty infection off the system, please get back to me.

 

Hi Project K,

This is popular today! Please take a look at the threads in this link for more info: StopGuard or WinFirewall Problems?

If you are sure that your machine is otherwise clean, please go ahead and send us a HijackThis Log. NOTE that you MUST NOT REBOOT after submitting the log as this malware generates randomly named .exes on reboot.

Also, note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Send us a log and we'll go from there I'll try to check back when I get a chance. I'm usually here in the wee hours.

Best,
PP

 

You people are god-sends.. I have literally spent hours and hours and hours of my life trying to dis-able this one stupid process and get this last spyware program off her system and its finally done! I read up on some of the other threads involving this adware or variation of it and I got everything to go the hell away! The "delete file on reboot" option is what saved me and actually got the process to stop running so I could clean up the registry.

Thank you once again, I couldn't have done this with-out you guys!

Regards,
Project K.

 

You're welcome! Happy that we could point you in the right direction to get rid of this baddie

Best,
PP