help with virtumonde

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by edeee, Oct 22, 2008.

  1. edeee

    edeee Private E-2

    when i run spybot it comes up with virtumonde. i fix it. next time i run spybot it comes up with virtumonde again. i have gone through the steps in the 'READ & RUN ME FIRST malware removal' through using combofix and MGtools.

    dell inspiron 9300
    windows xp
    service pack 2

    here are my SAS, malwarebytes & combofix logs. mgtool log to follow
     

    Attached Files:

  2. edeee

    edeee Private E-2

    mGlogs.zip

    pls help
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What exactly does Spybot report...(the file and the whole path).

    Please use windows explorer to find and delete:
    C:\Documents and Settings\All Users\Application Data\krybcjmv
     
  4. edeee

    edeee Private E-2

    spybot reports
    1 problem found

    virtumonde
    bookmark (firefox:default)
    firefox (default): a-6 html (http://www.dailykeys.com/database/a-6.html

    as recommended i just deleted
    C:\Documents and Settings\All Users\Application Data\krybcjmv

    (may i ask what that was that i deleted?)

    (thx for help, i love you for caring)
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you remove that bookmark?

    Have no idea what that file / folder was....other than a nasty.

    Are you having any other issues after you remove that bookmark.

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.
     
  6. edeee

    edeee Private E-2

    ok, i deleted the bookmark, i ran ATF, now i'm running spybot again to see if virtumonde is gone. thanks for your help. i didn't realize that there was actually a bookmark in firefox that was creating the problem, which had to be manually deleted, i assumed spybot was deleting it when it was 'fixing' the problem and something else on my comp was continuously reinstalling the bookmark.

    i will let you know if spybot finds anything else or if the bookmark returns

    thanks for your help
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome...let me know if you still have a problem.

    In the meantime, we can clean up from the scans:

     
  8. edeee

    edeee Private E-2

    all clear far as i can tell, spybot runs clean. thanks again

    question about uninstallation:
    when i installed combofix i also installed
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    as per the combofix instructions (starting combofix by dropping the windowsxp.exe onto the combofix icon)
    if i delete combofix will it also remove the windows recovery console created? should i worry about deleting the windows recovery console (that i'm prompted for during boot up)? -- or is it something worth keeping around just in case of some future incident?
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You will not be deleting the recovery console, and yes, it is something you should keep in case of future disasters. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds