Virtuemonde Driving me crazy

Welcome to Majorgeeks!


As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located, so please follow the below and once run the guide if malware is still present the malware experts will issue you some manual instructions to remove the stubborn ones.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Do you know what the below file are in your root folder? If not then delete them. If you do, then consider moving them to a more appropriate a safe location. The root folder should not be used for long term storage like this.

Code:

"C:\"
2moons.exe    Dec 15 2007   938587048  "2moons.exe"
body.dxf      Dec 29 2007       47545  "body.dxf"
body2d.dxf    Dec 29 2007       53010  "body2d.dxf"
instal~1.exe  Nov 24 2007    24106488  "InstallSallysSalon.exe"
neckbl~1.dxf  Dec 29 2007       35287  "neckblank.dxf"
stratdxf.zip  Dec 29 2007       60926  "stratdxf.zip"

Okay let's start by removing some services that Symantec did not properly uninstall.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Lic NetConnect service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below Service (if you do not find them or get any errors, just continue):
  • LiveUpdate
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste CLTNetCnService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below Service (if you do not find them or get any errors, just continue):
  • LiveUpdate
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {686BE137-0DF9-4EF8-AC5E-4A13986143AD} - (no file)
O2 - BHO: (no name) - {75071C52-4551-471B-AECA-BE8FABA0DF0E} - (no file)
O2 - BHO: {5530ecc2-347b-7afb-b344-b87c60d6f9ec} - {ce9f6d06-c78b-443b-bfa7-b7432cce0355} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

Lot's of experience.

One line came back in your HijackThis log:


O2 - BHO: {5530ecc2-347b-7afb-b344-b87c60d6f9ec} - {ce9f6d06-c78b-443b-bfa7-b7432cce0355} - (no file)

Did you miss this in the last fix? Are you 100% sure you had all browsers closed before clicking Fix Checked

Try again and then attach a new MGlogs.zip file. If it does not go away we may have to try using a special tool to edit the registry and change permissions.