Virtumonde.dll

Welcome to Major Geeks, ForceAccount

A little clarity is needed... were you able to run the other scanners requested?


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Links are given in the Step 2: Installing Tools and Running Scans section for downloading the definitions for the MBAM & SAS scanners. Then copy them to the problem PC. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.

Thanks!
dr.m

 

Hello, ForceAccount

You MUST run our procedures to get us the requested logs!

You need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the requested scans

• SASlog.txt log from SuperAntiSpyware.
• Malwarebytes Anti-Malware log
• ComboFix.txt (normally C:\ComboFix.txt)
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
• You will need to post 2 messages to attach all four logs since only 3 attachments are allowed in any single message. Post all of them in one thread.
• Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

 

Hello, ForceAccount

Your Desktop is a mess! I strongly recommend that you cleanup all of the junk on it and leave only shortcuts. A cluttered Desktop is malware's playground.

The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the "all clean and final instructions" you will be free to install what you want.

Step 1:
If you have not already done so, please disable the Guest account in User accounts.

Step 2:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 3:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 4:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.


Step 5:
Navigate to and delete:
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP <--- this folder

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 6:
Run Ccleaner



Step 7:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).


Then attach the below logs to your next reply:

• C:\MGlogs.zip
  

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

Thanks!
dr.m

 

ForceAccount

Let's do this:

Step 1:
Dis-able Spybot's TeaTimer!

How to disable Spybot's TeaTimer

Step 2:
Look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 3:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Step 4:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).



Then attach the below logs to your next reply:

• C:\MGlogs.zip
• C:\combofix.txt

Make sure you tell me if you had any problems running this procedure,* if you can now re-set IE defaults, and give a description of how things are working now!

Thanks!
dr.m

 

Not unless you purchased SUPERAntiSpyware Pro - the Free version is an "On Demand scanner" only, and uses very little resources.

*See this thread How to Protect yourself from Malware! for our recommendations. I still request that you make no changes until directed --- we'll tweak after the malware has been removed.

I need alittle time to review your most recent logs... but you forgot to tell me how your machine is now running and if you had success in re-setting your IE defaults.

 

ForceAccount


Once again - I find that you are not following my instructions. These are still installed according to your logs.

• Windows Messenger
• SpyBot TeaTimer

For your problem with uninstalling Spybot 1.5.2.20, just reinstall from the file I see you still have. Then reboot and then try to uninstall it.



For your pc's security - you should also remove these:

• Java 2 Runtime Environment, SE v1.4.2_03
• Java(TM) 6 Update 10

And - update!
Install the latest Sun Java Runtime Environment


*TeaTimer has the function of blocking changes to your registry, which includes good changes.

From the very start I have not removed any real malware issues - your first post had nothing to do with malware either. Spybot doing its scanning for virtumonde.dll and many many other items for Virtumonde, always slows down (quite alot) at this point and yes - for some people it can even hang. The hang is typically a problem with the Windows itself - sometimes registry corruption or hard disk problems.

Whatever links you are clicking on must be related to something calling email programs since that is what SMTP is related to. Your problems are therefore software issues and should be posted in a new thread topic in the Software Forum.

Clean-up after using the tools.

Good Luck!
dr.m