Famous Virtumonde

Hi There,

I lost about 3 days ago all my icons on my desktop. I understand that this may be related to Virtumonde as I also have received a few notification from Spybot that I had such a malware and also from Norton Antivirus.

I followed the instructions on a previous post from TimW but it seems that after running MGtools the lines which were provided on the post and which should be fixed were not in the results of my scan of MGTools. I understand that it helps if I attach my combofix report. Can someone let me know after reviewing my combofix report what needs to be done to remove any problems.

I would also like to know how to restore all the icons on the desktop including "My computer", "My documents", Windows live messenger and a few folders which I previously had on the desktop.

Many thanks

 

Hi there,

Thanks for the quick answer. I attach 3 of the logs. The 4th one will follow in the next post. Please let me know if any further action needs to be undertaken.

Further, please let me know if there is a way to restore the original icons and the originals settings before the malware came into action.

Many thanks

 

see attached last log.

thanks

 

Thank you for confirming that all is in order.

In terms of "icons" and "settings", I used to have two profiles (2 fully authorised administrators) under XP. One for me and one for my girlfriend. The profile of my gf is fine. However, I can access my profile but all icons including the various shortcuts to "My Computer", "internet explorer", "My documents" disapppeared. Additionally, when I click "Start", all the shortcut to varioous programs are gone or when I try to open "Word" for instance, I receive the following message: "Windows cannot acess the specified device, path or file. You may not have the appropriate permission to access the item."

Can all previous settings be restored or should I just delete my profile and recreate a new one and reinstall all programs. I used to have outlook with several contacts and it is gone too.

Thanks

 

Hi,

I tried to run SAS and MWM from my profile but I cannot. I receive the following message anytime I am trying to run any programs: "Windows cannot acess the specified device, path or file. You may not have the appropriate permission to access the item."

thanks

 

Hi,

I disabled teatimer in Spybot.

I could not run Combofix even after copying and pasting the program from my gf's profile.

 

Even in safe mode, I obtained the same message for Combo Fix, SAS and MB.
Altough we used to be both admnistrators, it appears that my gf profile states administrator whereas my profile has just my name now.

Should I revert my profile back to Adm? If so, can you please confirm how? Is it wise to run two adm profiles on one computer?

 

Hi,

I just realised that there are actually 3 accounts when insafe mode: Adm, myself and my girlfriend. I cannot access the user account from my account and I received again the same message that I do not have proper authorisation to run this program. I checked under my gf profile for the rights assigned to my profile and both her and I have full administrator powers.

thanks

 

I run in safemode under the admnistrator and both my gf profile and my profile is full administrator