How do I remove win32\virtumone.0

Please re-run Counterspy and have it delete/quarantine everything it finds ...it does no good to just let it detect problems...you need to have it fix those items!


Download this file - Combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

Attach new logs for:
ShowNew
GetRUn
HJT
Avenger
ComboFix

 

Start -> Run -> cmd (press 'Enter')

At the prompt...

sc stop VundoFixSvc
sc delete VundoFixSvc
exit

Now you can reboot and Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

Attach new logs for:
ShowNew
GetRUn
HJT
Avenger

 

No you do not need to change directories before entering the commands and each line is a separate command which means a carriage return is entered after each command.

 

Run avenger.exe one more time by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

Please attach a new log for:
Avenger
ShowNew

Tell me how things are running before we do our final cleanup!

 

OK...the avenger fix didn't run correctly ...are you sure you did it exactly as instructed?

You can uninstall Counterspy .....if you do the avenger fix again and the log shows the same error ...use windows explorer to find and delete those two files ....let me know if you are able to do that.

 

Avenger didn't remove either of them ....check to see if they still exist in the system32 folder ....
Otherwise...(after removing those two items)..Your logs look clean. You may uninstall any programs we had you download (including CounterSpy, etc).

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
* Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
* go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
* How to Protect yourself from malware!

 

Good to know ...safe surfing!!

 

First off...Norton is a resource hog ...(I never pay for any anti-virus or anti-spyware)
Second...no anti-virus is 100%
One's surfing habits is more than likely the cause of most viruses (that and P2P software).
It would be best to follow the suggestions in the How to Protect yourself from malware!