Another VirtuMonde recipient

I have been trying to remove Virtumonde off and on for two days with no avail. I have run the five or so programs and attached the required logs.

It also seems that my onboard wifi is out now as well and I am forced to use a wired connection. Before my wifi would only load up a few websites, while others were "loading". The wired connection seems ok. I also get the BSOD when I try to flip on my wifi card on the outside of my laptop. This may or may not be a related issue.

 

And the mglogs zip

 

Sorry for the multi-post, I also ran vundofix.

 

Hi trimethoxy,

Please do the following:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Next run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: {b4e8dac2-755a-a3f8-c064-c7f46dedde81} - {18edded6-4f7c-460c-8f3a-a5572cad8e4b} - C:\WINDOWS\system32\xlfgxgfm.dll
O2 - BHO: (no name) - {6CD58093-3028-496E-AF4E-4163F6B2E856} - C:\WINDOWS\system32\ddcCRIby.dll (file missing)
O2 - BHO: (no name) - {EFA145E9-A632-48E4-981A-B8EF8B22C126} - C:\WINDOWS\system32\awtqnmml.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"


Do you need for the following to run at startup? If not, please fix them as well.

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

After you click fix, just close hijackthis.



3) Download and install Erunt. Use it to create a backup of your registry.


4) In the below registry patch in (REGEDIT4) in Step 5, I've included a change to the following security center key, which is currently set with a dword of 00000001. When it's set to 1, it will disable the notification from the Security Center that your antivirus is not working. If you want it set to not notifiy you, then simply remove this key when you copy and paste the contents of the below REGEDIT4 fix in the box. If you want it to be fixed, then simply leave the contents of the REGEDIT4 box the way they are. This is the key and value I'm talking about.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000



5) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

6) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

7) Now run CCleaner at the default setting with the Windows tab as the top one.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log. Also, let me know if you got a success message when you ran the registry patch (REGEDIT4).


Let me know how things are running now?

abri

 

Alright, the registry edits took and everything went through. Spybot S&S hasn't found anything, so it seems like the repairs fixed everything. Thank you very much. I've attached the logs you asked for.

I have two questions.
1) Of all the programs that I had to download to fix this problem, which should I keep and which can I delete. I don't want extraneous programs on my desktop/computer that I don't need.

2) Ever heard of virtumonde causing problems with hardware. I am still unable to use my onboard wifi and whenever I try to switch it on manually, I get BSOD.

Thanks again for your help!

 

Hi trimethoxy,

Please go to C:\Documents and Settings\Me\Local Settings\temp\ and delete all the files you're allowed to delete. Windows won't allow you to delete files from the current date. Then run CCleaner again.

Your logs look good. I recommend reducing your browser settings to not keep history or cookies beyond sessions. Use bookmarks and favorites to replace history and the cookies can be loaded easily or set into an exceptions rule with CCleaner. Then use CCleaner regularly.

In our final cleanup instructions, we have you remove most of what we had you install and the resulting logs as well. I'll also have you set a clean restore point. At the end of these instructions is a link to "How to protect yourself from malware" where you can find the recommendations of this site for which set of programs to keep on your computer to give you the best protection for the least resources and many of them are free.

You would be best advised to start a thread about the networking problems in the Networking Forum. There you will be able to get a lot more input. Tell them it occurred in parallel with your malware problems and you don't know if it's related or not, but that your computer is clean now.

Here are the final removal instructions:

abri

 

Alright, I've followed all of the advice and directions and things seem to be running smoothly. I will go over to the network forum and see if they can help me with my wifi problem. Thanks again for your help!

 

You're welcome trimethoxy!

Since you removed a lot of malware, please go ahead and do Step 8 and attach the requested logs.


Thanks.

abri