Help! Possible virtumonde infection and system registry broken!

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide


Download to either a thumb drive or a cd and then copy to the infected computer and then see if you can attach the requested logs.

 

Did you make some changes to your registry?

What is the below file for?
C:\Documents and Settings\Syllus\My Documents\rwe?

We need to use a new tool.

* Download and save to RenV.exe from following link to Desktop (
must be on the Desktop)
* Now Copy the bold text in the below code box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe

* Now using your mouse, drag Log.txt onto RenV.exe
* When finished, RenV.exe will produce a new log names Log.txt on your Desktop I will ask for this log later.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment.

Now download The Avenger by Swandog46, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.
Then attach the new logs:

* Log.tx from running RenV
* c:\avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Continue with what you can do with the instructions in my last post ...we may need to do some other things to get the registry back in proper order.

 

The only malware I am seeing is:

Code:

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe

You will notice it is not the real file due to the extra spaces.

Not knowing what registry keys you removed ( I am assuming that you did not do a backup of the registry before doing it) ..then you may be stuck with saving your data and doing a reformat and re-install.

 

You can contact DEll and request/demand a disc ...it is totally inappropriate of them not to supply a recovery disc at least.
Otherwise ...post in the software section and hopefully either Adrynalyne or someone could possibly help.

If it is just certain programs not working ..uninstall/delete and reinstall.

You could also borrow the cd ( as long as it is the save version - home / pro) if you have your cd key (should be on the back of the computer.

 

Did you remove the entire key or just the subkey?

I have no idea which key it attached itself to ....and re-infecting will just attach to keys that do exist ..not keys that are gone.