Malware identification help

insectoid · Aug 4, 2008

I'll get straight to the point.

This morning, I turned on the computer and connected to the internet, and was instantly (almost) attacked by a malware that caused a taskbar bubble to pop up with a message saying windows had detected a spyware and wanted me to download 'the latest anti-spyware software', as well as a popup window that said the same thing. Both were links to a website promoting the download of antispyware 2009, advertised as a Microsoft product.

Now, I knew this wasn't right. Windows wouldn't install something after it found a malware, and from my experience, windows itself doesn't look for the malware, it relies on separate programs.

So, can anyone identify this malware? Specifically, I want a name, because spybot, SUPERantivirus AND sympatico security have failed to find it.

chaslang · Aug 4, 2008

If all you want is a name, it is part of the Virtumonde (aka Vundo) and/or SmitFraud (aka Zlob) family.

insectoid · Aug 5, 2008

Thank you, I knew I had one Smitfraud (From over a year ago) that never got removed, though it deactivated and went unnoticed. It was the one that changed the desktop image to a blue screen with a link.

There is 1 virtumonde I was unable to delete, and I suspect that was because it was being used in the memory (causing all those error messages). If this is important, it linked me to Antivirus 2009 (a virus itself, I assume)

chaslang · Aug 5, 2008

insectoid said: ↑

If this is important, it linked me to Antivirus 2009 (a virus itself, I assume)
Click to expand...

This is just part of the infection. The names of these rogue tools change all the time. It is nothing new other than the name and some of the tricks and file names they use.

Log in or Sign up

Malware identification help

insectoid Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

insectoid Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member