BSOD After Removing Virtumonde

I was recently infected with the Virtumonde malware. I ran several spyware removers as well as virus scanners and eliminated the majority of the problem. Now the only symptoms I can find are:

Browser in SafeMode with Networking gets hijacked. Any links i click will be redirected.

Computer BSODs and restarts ~5m after loading in normal mode.

The BSODs started after I enabled Windows Defender, which also seemed to be the thing that helped the most in removing the symptoms of the infection.

Here is the message I get after the computer reboots after a BSOD.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 8305E9DD
BCP3: 8944BBDC
BCP4: 8944B8D8
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini091408-01.dmp
C:\Users\User\AppData\Local\Temp\WER-62431-0.sysdata.xml
C:\Users\User\AppData\Local\Temp\WER2E8E.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409


Also, here is a HijackThis log:



Any help with this would be greatly appreciated. I don't know what else to do.

 

I've tried several times to fix that, both in normal and safe mode. It wont go away... trying the other stuff now.

 

Ok, I followed everything that it said to do in the order it said. I got as far as ComboFix which told me it needed to restart my computer.

When it restarted I got an error boot message that said

Windows Boot Manager

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windowss installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\system32\drivers\Combo-Fix.sys

status: 0xc0000221

Info: Windows failed to load because a critical system driver is missing, or corrupt.


I also cannot use my keyboard to select "Safe Mode" when I press F8 during start-up. I know my keyboard is working because I can get into the BIOS and the keyboard works fine. I don't know what to do. I don't have a system disc or an administrator. Can anyone provide direction? I'm starting to freak out.

 

Update: I made a Vista boot disk, however since I cannot use my keyboard, I have no way of booting from CD (I have to press any key to boot from CD) so it always takes me back to the screen that tells me to insert my windows installation disk.

If I cannot even boot is my computer dead?

 

I went and got a PS/2 keyboard and was able to use the menus. I got into the computer and everything was working fine.

Thanks again for your help. I'm following the directions on keeping my system clean.

 

I'm sorry I haven't been around to update on this. I've been dealing with some family issues (my mother was diagnosed with cancer) and fixing this computer had to be put on a backburner.

Here is the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2008 at 08:49 AM

Application Version : 4.21.1004

Core Rules Database Version : 3566
Trace Rules Database Version: 1554

Scan type : Complete Scan
Total Scan Time : 00:02:59

Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 6379
Registry threats detected : 2
File items scanned : 1
File threats detected : 0

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKU\S-1-5-21-2294021428-1571833952-2475533299-1000\Software\Microsoft\rdfa​

I no longer seem to have the ComboFix or Malwarebytes logs. Let me know if I should run the scans again to obtain a log for you.

The only noticable effects still on my computer are 1) Desktop Wallpaper doesnt work 2) Large "preview" icons in windows show up as invisible (all I see is the file name.)

 

Ok, I ran everything once again in the Read & Run to the letter. I had no problems at all until ComboFix. The program appeared to be running fine, the computer went to the "Windows is shutting down" screen, then I got a blue screen (this hasn't happened since I was first having problems.)

Now when the computer boots up it prompts me to choose
Start windows in safe mode
Start windows in safe mode with networking
Last known working configuration
Start windows normally

No matter which of these I choose, I get the error "Info: Windows failed to load because the system registry file is missing, or corrupt."

I have the logs though, and will post them as soon as I figure out how to get back into my computer. It says to insert my windows disc and restart, but I do not have a disc (system came with vista installed) so I'm wondering what I should do next.

 

Ok, I got back into my computer using the vista bootup disc from NeoSmart.

Before running ComboFix the other programs seemed to have fixed my issues. My wallpaper and icons were showing up and everything was working great. Now it's back to where it was ( I did not use a system recovery, just the bootup repair.) The ComboFix log looks to be incomplete, but I have absolutely no desire to run that program again.

Logs are attached.

 

Here it is

 

Oops, here

 

Trend Micro AV

I liked Eset better, but after ComboFix, it doesn't seem to work, and registry errors are keeping me from re-installing or repairing the program. So I set trend micro as main now.

Also, I'm still not getting a desktop or icons since the ComboFix run. Is that just due to registry errors, and not necessarily malware.

 

Ok, I ran that batch file and got the DOS window that flashed up. I didn't see any success message, but if it was in the DOS window, it went away too fast to see.

ComboFix uninstalled successfully (or so it said -_- lol )

No, I have neither a system disc nor a restore disk. I was able to create a system restore disk from the previously stated site.

Everything seems to be running great, except that I still have no desktop wallpaper, and those icons are still missing. They were working when I restarted after running SAS, SBS&S and MWB. Then I ran ComboFix and... well, now they're gone again. Would you suggest going back through the READ & RUN up till MWB? Other suggestions?

Also, a big heartfelt thank you for all the time you spent helping me with this! These write-ups are incredibly effective and clear! I intend to reference them for troubleshooting malware henceforth. Thanks!

 

Ahh, yeah, that fixed it. Thanks