virtumonde and other maleware...

I appear to have several maleware programs running that I can not remove; win32.bancos.aam, virtumonde.sdn, and win32.joleeek.

I've tried the cleaning procedures, but could only successfully run CCleaner and RootRepeal (log attached).

The problem I having, that I can tell, is that my computer automatically selects and loads a profile instead of asking me which profile I want to open (I have 2). This also happens in safemode, in fact I can't even open safemode with my administer profile.

My McAfee security center is indicating that I am not fully protected, but it can't fix itself.

please help!
-C

 

with attachment...

 

Welcome to MajorGeeks and sorry for the delay.

Try this please.

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt


Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file)


Next, try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it and attach it in the next reply.



Now run a scan with MGtools and attach the log. Using MGtools



Next post please attach:

• c:\avplog.txt
• log.txt (from exeHelper)
• SAS log (if you can)
• New MGlogs.zip

 

Hi - Thanks for getting back to me with help. Tried to follow your instructions, but did not have much luck.
1)Downloaded AVPFind.bat, but when I try to run the file I receive an error msg saying "Windows cannot find the file..." and lists out the file path where the file is located
2)Exehelper log file...(Tried to attach, but was getting an error)

exeHelper by Raktor
Build 20091018
Run at 19:53:00 on 10/19/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\drivers\smss.exe
Error deleting C:\WINDOWS\system32\drivers\smss.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

3) Unable to run the superantispyware online scan, in fact I can't even get to the site. Seems like I'm re-directed to random sites, especially when I'm trying to reach a malware help site.

4) MGtools - Downloaded, but when I run the application, I get an error saying Windows cannot find the Getlogs.bat file. And then a 2nd error saying "Failed to run getlogs.bat, working dir=\MGTOols (check to see if this file is in the exe"

Also, I'm getting random pop-ups saying i'm infected and need to do a scan...not specific from any of the tools I have.

Any advice?

-C