It started with Virtumonde...and it just got worse!

So after entering in my title I see this Virtumonde attacks many so I won't take it personal anymore.

It happened 12-Feb around 9:30 or at least that's what I gathered from one of the many spyware programs I have run since that time. I did the whole "read me first" and feel a little better and think there might be a chance for my poor laptop:

Microsoft Windows XP
Home edition version 2002
service pack 2

Dell Inspiron 1600 Intel (R) Pentium (R)M
Processor 1.6 GHZ

When I start up in normal mode I get two Rundll error loading

C:\Windows\system 32\ netieuei.dll
and
C:\Windows\system 32 \yaftlnkm.dll

I think this was caused after I ran Vundofix a couple of times.

I would really appreciate help and would like the ok to post(attach) any and all logs you need.

thanks!!!
~K

 

I also forgot to mention a couple things.

first, I have Avast
Second, Virtumonde...and whatever else is on my computer also stole all my bookmarks from my mozilla (which irked me the most!!)
It used to also give me a new tab which closed the browser and turned into a pop up of sorts, when I x'd out the pop up the browser came back up with the page i was using before.
very odd.

I have attached my log reports. Hope that's.
thanks in advance.

~K

 

Tim Hey!
so glad you are helping me...I've seen your work. Its good! (and since you are so smart I'm sure you're already on to my tactic of buttering you up so you can continue to help me)

Regardless, I went through all the steps and and I'm feeling like together we're kickin' butt and taking names.

My way Search assistant: I saw it in the add/remove but when I clicked to remove it I received a pop up : Rundll error loading C:\progra~1\mywaySA\SrchAsde\1.bin\desrcas.dll

(give or take some of the above capitalization...I tried to copy it down and I have a horrible habit of writing w/caps.)

So like you said I used the CCleaner to try and remove it.
It seemed to work so I moved on and did all the rest of the steps and I just checked and the dang thing is still in my list of Add or Remove Programs list. I clicked on Remove and received the same error message. Yuk! Why is he still hanging around??? :crybaby

The rest of the steps went well except I might have fudged the avenger step a bit because I clicked on the zip instead of Extracting....once I realized the error of my ways I closed the windows and went back in and "extracted" and did everything correctly from then on.

I feel like my computer is on the road to recovery. I've attached the files you asked for. also one other note, My computer's clock is on the 24 instead of 12 hour mode. I think this happened during the "read me first" steps. How can I get it back to 12 hours?? I've tried messing with the settings but all it lets me do is set the time zone and the synch choices but that's it!
This of course is minor compared to the other headaches.

Ok that's all for now. Thanks TIM ! You Rock!
~K

 

Well the My Way Search Assistant will not leave. I tried to search for it but found nothing after many combos of the above. I searched for the whole name, then just Search Assistant and then My Way Search etc...
So then I looked in the Add or Remove Programs area and tried to remove again. I received the following :
The title of the pop up is "RUNDLL"
then in the actual window there is a Red Circle with White X on the upper left side of this rectangular pop up.
the first line says: Error loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll

the second line: The specified module could not be found.

then a little button where I have to click: OK

For your next questions,
Ravenel is the name of my old apt building so I made a file with some jpg files of some checks and summons etc...long story but anyway, this also has a file which I don't recognize labeled " Thumbs.db" I have no idea what this is. not only is it in this file it is also located on my desktop.

On the desktop Icon I right clicked to find out the properties and it says:

Type of file: Data Base File
Opens with: unknown application
Location: C:\Documents and Settings\Krystal C. Atha\Desktop
Size: 14.0 KB (14,336 bytes)
Size on disk: 16.0 KB (16,384 bytes)
Created: 2008-01-24, 20:32
Modified:2008-01-24, 20:32
Accessed: 2008-02-23, 16:37
Attributes: a box labeled Read-only another Box labeled Hidden (this one is checked and grayed out so I can't Uncheck it.

When I click on the properties of the one located in the Ravenel folder
the only difference is the
location:C:\Documents and Settings\Krystal C. Atha\Desktop\ravenel
Size on disk:11.5 KB (11,776 bytes)
Size on Disk: 12.0 KB (12,288 bytes)
Created: 2008-02-25, 21:48
Modified:2008-02-25, 21:48
Accessed: 2008-02-25, 21:48
Attributes: same as above

I used windows explorer to find and delete:
C:\Windows\pskt.ini
and did the fixME.reg deal.

My clock is still on the 24hour mode but I still need to restart my computer. Things seem ok though.
~K