Trojan/Virtumonde and ADSPY/Virtum.gng.15 Help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by walrus_of_love, Aug 28, 2009.

  1. walrus_of_love

    walrus_of_love Private E-2

    I'm not exactly sure when these viruses appeared on my computer, but I discovered them yesterday using the recommended SUPERAntiSpyware and Malwarebytes' Anti-Malware scans. I have attached logs from those two programs, as well as from Combofix and MGLogs, taken in that order. Any help in removing these viruses would be greatly appreciated.

    In addition, something unusual happened after I ran the Malwarebytes scan. My computer (Running 32-bit Vista Home Premium), after restarting, would no longer allow me to boot in Normal Mode. Instead, it will only allow me Safe Mode and Safe Mode with Networking. I believe it happened after it tried to repair the infected files that the Trojan/Virtumonde had affected. I'll admit that I'm not terribly savvy with computers, but I'm better than the average person. Is this something that is easy to fix that I have just overlooked or am not aware of, or did I do something irreversible, and if so, is there a possible way to fix it? Thank you for any help in advance.
     

    Attached Files:

    walrus_of_love, Aug 28, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi and welcome :)

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

    Kes13!
     
    Kestrel13!, Aug 31, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi :)

    I don't see any real issues that were removed by MBAM that could have cause the problem you are mentioning. Let's have you run MBAM and Restore things from the Quarantine. Then reboot and see if normal boot mode works. If not, we will system restore to 8/27/2009 since MBAM was run on 8/28/2009.

    Thanks
    Kes13!
     
    Kestrel13!, Sep 3, 2009
    #3
  4. walrus_of_love

    walrus_of_love Private E-2

    Thank you so much for responding to my thread!

    I did exactly as you said, and restored to a point on 8/27/2009 before the scan, but my computer still insists on booting in either Safe Mode or Safe Mode with Networking. What should I do now?

    In addition, I think I may have made a mistake in my original post. The Trojan/Virtumonde I mentioned there is instead a Trojan/Vundo. I'm not sure of the distinction, but I'm sorry for that.

    Again, thanks SO much for your help.
    Walrus
     
    walrus_of_love, Sep 4, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try the below.
    • Boot into safe mode.
    • Press CTRL-ALT-DEL to bring up Task Manager
    • Click File then New Task (Run...) and type in msconfig then click OK.
    • Check Normal Startup and clcik OK. R
    • Restart the PC.
     
    chaslang, Sep 5, 2009
    #5
  6. walrus_of_love

    walrus_of_love Private E-2

    chaslang,

    I tried what you said, but the problem still persists. Could it be that I'm missing a specific system file from which Normal Mode boots? Or perhaps that file is infected?

    I really appreciate the help!
    Walrus
     
    walrus_of_love, Sep 5, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you getting any error messages when trying you try to boot in normal mode? What exactly happens when you attempt to boot normally?


    Unlikely since your logs were clean.

    Run MSconfig again and look under the Boot tab. You should see Boot Options on this form. The below figure illustrates this (double click the thumbnail to expand to a larger size).

    Vista-msconfig-boot.jpg

    Look at the Safe boot check box and make sure it is unchecked like in this picture. If it is not unchecked, uncheck it, click Apply and OK. And then reboot.
     
    Last edited: Sep 5, 2009
    chaslang, Sep 5, 2009
    #7
  8. walrus_of_love

    walrus_of_love Private E-2

    chaslang,

    There are no error messages of any sort when I boot my computer. It simply goes straight to Safe Mode.

    I tried doing this, but something strange happens when I either check the Normal Startup box or uncheck the Safe Boot box on the Boot tab. If I check the Normal Startup box, then the Safe Boot box becomes checked. If I uncheck the Safe Boot box, then back under the General tab the Selective Startup box becomes checked. So either way it becomes impossible to correct. Is there anything else I can try?

    Thanks,
    Walrus
     
    walrus_of_love, Sep 5, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just uncheck the Safe Boot item. Apply and then reboot. See if your PC comes up in normal boot mode.
     
    chaslang, Sep 8, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds