need help getting rid of virtumonde and possibly other stuff

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by buckford, Sep 9, 2007.

  1. buckford

    buckford Private E-2

    I ran the steps in the read me and run me first thread and have the logs. Can anyone take a look?

    This infected computer was given to the daughter of a friend and I'm trying to clean it up. Previously, before I found this forum, I ran a bunch of scans(spybot, ad-aware, avg antivirus, panda activescan, fixvundo, vundofix, computer associates online scan, and others) and was able to get the computer clean to a certain point. Panda active scan was still showing virtumonde somewhere in the registry. It won't say where, though. I then went to the "read me and run me first" post and followed the steps. I was able to run Panda activescan in safe mode. However, I was unable to resize the results window to access the report, so I re-ran Panda activescan in regular mode and saved the log. In both cases, activescan reported only one infected file. All other programs went off without a hitch. Thanks for any insight you can provide.

    Thanks

    Rob
     
    buckford, Sep 9, 2007
    #1
  2. buckford

    buckford Private E-2

    Hijack this, runkeys, and newfiles logs attached
     

    Attached Files:

    buckford, Sep 9, 2007
    #2
  3. buckford

    buckford Private E-2

    counterspy, activescan, and bdscan logs attached
     

    Attached Files:

    buckford, Sep 9, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    That report from Panda is nothing to worry about. When it shows something like that without any supporting info, it is just a benign leftover registry key from the infection.

    You do have a few files left over from Vundo that need to be deleted. Delete the below files (the last one is not Vundo, it is just adware):
    C:\WINDOWS\SYSTEM32\bdefe.tmp
    C:\WINDOWS\SYSTEM32\bdefe.ini
    C:\WINDOWS\SYSTEM32\bdefe.ini2
    C:\Documents and Settings\Meghan Van Noort\My Documents\My Pictures\Dell Image Expert Images\buddyiconsfree.exe


    Also uninstall the below old Sun Java version which is susceptible to Vundo infections:
    Java 2 Runtime Environment, SE v1.4.2


    You logs are clean otherwise.
     
    chaslang, Sep 9, 2007
    #4
  5. buckford

    buckford Private E-2

    Thank you for suach a quick response on a Sunday afternoon. I have another question. Right next to these files in the system32 folder:

    C:\WINDOWS\SYSTEM32\bdefe.tmp
    C:\WINDOWS\SYSTEM32\bdefe.ini
    C:\WINDOWS\SYSTEM32\bdefe.ini2

    is this file:

    C:\WINDOWS\SYSTEM32\bdefe.bak2

    bdefe.bak2 is a hidden file. Should I delete this one, too?

    Thanks

    Rob
     
    buckford, Sep 9, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! It was not in your previous logs. It probably showed up after posting them.
     
    chaslang, Sep 9, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds