Virtumonde Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by flaritz, Dec 21, 2008.

  1. flaritz

    flaritz Private E-2

    Hello Major Geeks,

    I know there are two virtumonde posts on the first page of this forum, and I have read them. However, it seems that each computer is unique with respect to removing virtumonde. It was difficult to follow because I am starting from the very beginning of the removal process. I currently have installed on my computer McAfee, Webroot Spy Sweeper, Trend Micro HijackThis, VundoFix, and Malwarebytes.

    Webroot Spy Sweeper was able to detect but not remove virtumonde, so I tried VundoFix. However, VundoFix did not detect the virtumonde files. Next I tried Malwarebytes, and it detected and removed 28 virtumonde files. However, after running additional scans, virtumonde keeps showing up in 2 files trojan.vundo and _. Also, Webroot Spy Sweeper still detects and attempts to remove virtumonde. Therefore, I know it has not been fully removed from my computer. I have attached a HJT log and would appreciate and advice you have to offer.

    Kindest Regards,
    flaritz
     

    Attached Files:

    flaritz, Dec 21, 2008
    #1
  2. flaritz

    flaritz Private E-2

    Sorry for not reading the sticky about vundo up above before posting. I honestly didn't see it at first. However, after going through those steps, I have completely removed virtumonde and MS Juan. Combofix nailed virtumonde and they other 3 scanners/removers got MS Juan. Thank you so much for your assistance!!! I hope you all have a nice holiday break!

    Kindest regards,
    flaritz
     
    flaritz, Dec 21, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Are you saying that all is good now? How much of the READ & RUN ME did you run? It would be a good idea to attach the logs and also it would be a good idea to rerun SUPERAntiSpyware after you have rebooted your PC since some new forms of Vundo are coming right back after a reboot.
     
    chaslang, Dec 24, 2008
    #3
  4. flaritz

    flaritz Private E-2

    I did everything the sticky said...except posting the logs because my comp was clean. I reran all of the steps from the sticky after I thought I was in the clear. Nothing new has shown up for several days now. Also, I have had zero pop-ups and regular system performance. I would attach the logs but they are long gone now. However, I commend your team for being so helpful! Happy holidays!!!!
     
    flaritz, Dec 27, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Dec 29, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds