I *spade* virtumonde

Hi. thanks for this site, guys, I've used it for resources in the past and your time and expertise is highly appreciated!

I am trying to get winfixer/virtumonde off of my boss' computer and I have a HJT log for you..

I followed all steps and performed all scans in this thread up to step 7, and I ran Ewido from step 8 and it keeps catching Virtumonde when I open a new window...
all programs in the above thread were DLed and run in Safe Mode, from Program files\Anti-Spyware, not desktop or My Docs. HJT was run in both safe mode and full/normal mode, I'm attaching the log from running it in full mode. I also DLed and ran two programs from Symantec, from this page.

Thanks again.

 

I'd like to add that when I ran the Symantec Vundo fix, I killed a couple bugs that way (attached log below) but Symantec's Virtumonde fix found nothing. Both were run in safe mode.

 

WinXPPro/SP2/2002
P4 3.2ghz/448mbRAM

 

Ok, did that. HJT still shows those entries, but with (file missing) afterwards. The good news is that Ewido didn't flag anything when I opened a browser to post this.
The computer, when starting up, has been taking forever to show the Start button and desktop items after displaying the desktop background. I thought I read something about that in connection with virtumonde? and after running the procedure in your above post, although the browser acted normal, the desktop still took forever, so I am worried that something remains... but here's the log. And thanks a lot for your time so far.

 

Ok, did that. Can I ask you how you knew which items in HJT to delete? (or would a google search of the .awwv stuff have revealed a connection to virtumonde?)

The desktop is still taking forever to load the start button and desktop icons... I'd be interested to know how I can improve that (would it be a matter of having fewer programs run at startup? this is by boss' laptop, and I own a virtual identical model (Toshiba Satellite A75 series), and mine starts up much faster, as hers formerly did..)

here's the HJT log, both entries are completely gone now...
thanks!

 

I checked the WinXP SP2 firewall and it was disabled; I recall disabling it after I installed Zonealarm.
I can look around the net and see what I can find about the desktop problem, or start over with that question in a different forum here. I looked at the task manager and nothing there was out of the ordinary, either. I think that since I installed Zonealarm and AVG AntiVirus, I might uninstall Microsoft Anti-Spyware and Ewido, as they were running in the task manager, maybe that will help it load faster.
Thanks a lot for your help.

 

OK. which would you recommend between Ewido and MSAS?

The startup lag was present before any of the virtumonde problems began, and the time of the lag is about the same. I am going to look into how I monitor what goes on during startup so I can see about what might be unnecessary.
thanks!

 

Good point. And the boss' computer is still doing great. Thanks again!
I told her that it would be really nice of her & the company to donate $10 to the site & gave her The Look until she agreed; is there a way we can do that?

 

If you want to support this site you can buy a Majorgeeks t-shirt or sweatshirt. Also, an email of appreciation to the owners (see there names and email addresses here: http://www.majorgeeks.com/page.php?id=2 ) is always appreciated. Also send your friends here.