Virtumonde has locked up my PC

Hoping you can help. Problem started yesterday with random popups regarding spyware and malware. After detecting the Virtumonde Trojan and several other malware on my kid's PC using Spybot and trying unsuccessfully to remove, I read through your forums and started following the READ & RUN ME FIRST instructions. I haven't even made it past step 1 and my computer is completely hosed. I was able to uninstall Viewpoint Mediaplayer as well as get rid of some old games from the PC. I then was able to download the new Java file as you instruct and then delete the older versions of Java from the PC. I tried to load Java in Safe Mode and was unsuccessful. When I tried to reboot in normal mode, the desktop comes up (slowly) and I get a MacAFee popup window that says my computer is not protected and that's it. I can't open any folders, can't even get into the Start menu. I can CTRL ALT DEL to get the Task Manager, but can't do anything in Normal mode. Tried several times and even had to hard boot a couple of times because I couldn't even shut down from Task Manager.

I'm limited to Safe Mode only and when I open McAfee it says my spyware and malware monitoring is disabled but doesn't allow me to enable them. Any ideas on how I can get out of this mess.

 

The specs - its a Dell Dimension 3000, running XP Version 5.1 through SP3, 76477-OEM-0011903-00102, 2.66 GHZ Celeron processor, 512 MB

 

Thanks, Tim. Sorry for the slow reply, I've been away from home at a hockey tourney. I'm ready to tackle this beast again. First off - I did not find TDSSserv.sys following your instructions. Second, I am limited completely to Safe Mode at this point as I can't even get the computer to come up in Normal mode anymore. I am unable to load JAVA in safe mode uninstalled my McAfee program because of all the error messages I was getting. The latter may not have been the smartest mode, but when I opened McAfee it told me that the key items, firewall protection and scanning were disabled anyways and I was unable to "re-enable" them, so I'm not sure if it was doing me any good anyways.

I am in the process of following all the READ ME FIRST guidelines that are possible and once complete, I will post my logs and results indicating what steps I was unable to do.

 

Okay, I have completed as much of the READ ME FIRST tasks as possible and attached logs for MBAM, combo-fix and MGtools. There is no SUPERAntiSpyware log because I was unable to install the program in SAFE Mode and I can't start my computer in Normal mode at all.

I was unable to complete the following tasks from the READ ME FIRST instructions:

Uninstall MALWARE programs - I was able to get rid of the few programs from the list that were installed with some effort, but there are some programs I'm not sure what they're for that I might want to uninstall (Creative MediaSource) and also was hoping to uninstall Ad-aware before running Spybot to avoid conflict, but I can't uninstall Spybot in Safe Mode.

JAVA - I was able to download the newest version and the delete all my old versions, but I am not able to install the new JAVA program in Safe Mode.

SUPERAntiSpyware - couldn't install in Safe Mode. I followed the link for the workaround on the instruction page, but the file they suggest running (gpedit.msc) could not be found on my computer.

Finally, as I mentioned, I uninstalled my MCAFEE software because all the critical anti-virus and firewall capabilities were disabled and I was unable to re-enable them in Safe Mode. Not sure if this was a good idea or not, but the software wasn't doing anything for me anyways and was constantly popping up error messages while I've been trying to troubleshoot this problem.

I haven't tried to restart the PC in normal mode yet - I figure I'll wait for you to review the logs I was able to attach. Of note, although no logs are copied, the following items were found and "fixed" with Spybot:

26 problems:
Fraud.AntivirusTrigger 1 copy TrojanC
Fraud.VirusTrigger 3 copies MalwareC
Hitbox 5 copies Browser
MediaPlex 3 copies Browser
RightMedia 1 copy Browser
Virtumonde 4 copies TrojanC
Virtumonde.generic 1 copy Trojan
Virtumonde.prx 2 copies TrojanC
WebTrendsLive 2 copies Browser
Win32.Agent.sd 3 copies TrojanC
Worldsecurityonline.FraudAlert 1 copy Malware

 

Well, we appear to making progress. I was able to come up in normal mode, download both the latest Java and SAS and run the SAS program. As you'll see from the logs, it did find a number of issues in SAS. I was still getting a few popup ads when I was on FireFox downloading SAS, although the ads haven't popped up since. I still need to reload a firewall and anti-virus software program. McaFee was a free install with my ISP and I need to contact them tomorrow to get a code to reload it. For now, and pending any input from your review of my logs, I don't plan on spending any more time online on this PC (will check this thread through one of my other PCs. Much thanks for getting me this far, though I suspect there may still be more work to do.