Virtumonde problem..

Welcome to Major Geeks!

Try again after shutting down ALL protection software (like your antivirus, AVG Antispyware and any other that are actively running). If it still does not work, just tell us when you return but continue on.

You are not supposed to be uploading MGtools.exe. That is what you downloaded. You need to upload the MGlogs.zip file that is created in your root folder of the Windows boot drive (normally this would be C:\MGlogs.zip).

 

How large is the C:\MGlogs.zip file

 

Okay! MGlogs.zip showed up in your ComboFix log and I see it is relatively small (about 69.2k) so uploading should not be a problem. It could be that your browser is having problems due to all the infections I can see in just your ComboFix log alone. If you are using IE to upload see if you can attach the file using another browser like FireFox. If you don't have another browser then email the MGlogs.zip file to me at the below address:

chaslang at majorgeeks.com

obviously replace the at with @ and don't put in any spaces. We type inline email address this way to prevent spambots from picking them up.

 

I'm not sure what you mean! Do you mean you cannot attach the ZIP file via email either? If that is the case, then see if you can attach the below files all of which should be in the C:\MGtools folder.

• runkeys.txt
• newfiles.txt
• hijackthis.log
• procdll.txt

 

You ignored the early part of the READ ME where we warned you not to use multiple antivirus programs. You have both Avast and McAfee installed. You must uninstall one of these immediately before going any further. I also see remnants of Symantec that we will remove in the next step below.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 8
Search Assist <-- should have been uninstalled in step 0 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!