MGTools logs attached; Virtumonde

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this first log later.
• Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

Note: You have both Spyware Doctor and Spy Sweeper installed. I recommend that you uninstall one of these immediately. This can be just as problematic as installing multiple antivirus programs.

Now uninstall Java(TM) 6 Update 7


What is drive E? Look for the below folder and file on it and another drives and delete them if found. Also if E is removable drive and has been used on other PCs, those PCs may be infected.

e:\resycled\boot.com

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O24 - Desktop Component 0: (no name) - (no file)

After clicking Fix, exit HJT.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• don't forget the two new SUPERAntiSpyware logs
• C:\MGlogs.zip

Make sure you tell me how things are working now!