Virtumonde is evil.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Ginx, Jan 29, 2009.

  1. Ginx

    Ginx Private E-2

    Hi,

    Thanks in advance for taking your time to read and help fix this. I'm glad I could turn to this community to help fix my malware problems. :) It seems like a very friendly place and I wish I knew more about getting rid of them... But right now, my laptop is hopelessly infected with Virtumonde.

    I started noticing the problem yesterday. I think it may have been when I was trying to look for some programs to upload my pdf files onto my PSP and read it and I came across a couple programs that didn't work. I normally never have any spyware scanning programs on my computer in fears that it will lag since it's a fairly old and slow laptop. I started noticing the speed slow down tremendously yesterday and I kept getting weird pop-up ads from casinos. I googled up how to remove Virtumonde but everyone seems to have their own way to removing it.

    I did the Vista Cleaning Procedures and followed it as closely as I could. The only problem I ran across was how MGtools worked because the window seemed to have stopped scanning but I didn't know what the messages on it mean. I hope I've done it right. I've run the scans in MGtools a few times to make sure.

    Here are the logs. Thanks again!

    Ginx
     

    Attached Files:

    Ginx, Jan 29, 2009
    #1
  2. Ginx

    Ginx Private E-2

    Here's the Malwarebytes Anti-Malware log. I wasn't sure which one to save so I saved all three.
     

    Attached Files:

    Ginx, Jan 29, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Code:
    Processor    Genuine Intel(R) CPU           T2080  @ 1.73GHz, 1733 Mhz, 2 Core(s), 2
Installed Physical Memory (RAM)    1.00 GB    
Total Physical Memory    0.99 GB    
Available Physical Memory    108 MB
    What is using all of your memory?

    At least now you know what happens when you run a system without AV or AS programs.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    c:\windows\system32\lasozodi.dll
    c:\windows\system32\duzurosa.dll

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and install an AV program.
     
    TimW, Jan 30, 2009
    #3
  4. Ginx

    Ginx Private E-2

    Hi TimW!

    Thanks so much for your help. I wasn't able to find the following files. I tried the search function as well but it still doesn't come up.

    c:\windows\system32\lasozodi.dll
    c:\windows\system32\duzurosa.dll

    Here's the updated logs! Also, what would you recommend as a good AV and AS? Is it possible to run both without eating up too much memory? I'm going to try to get rid of some programs, hopefully it will run faster.

    Thanks again!
     

    Attached Files:

    Ginx, Jan 30, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Nothing I gave you was fixed. Was there a problem running it? Did you do exactly as I asked?

    Please try it again and when done. reboot and run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Jan 30, 2009
    #5
  6. Ginx

    Ginx Private E-2

    I did follow each and every step but I still can't find lasozodi.dll and duzurosa.dll
     
    Ginx, Jan 31, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I was referring to the HJT fix and the registry fix. I am not worried about the other two files.

    Did you get a success message when you ran the registry fix?

    Did you check the boxes in HJT to remove the items I posted?
     
    TimW, Jan 31, 2009
    #7
  8. Ginx

    Ginx Private E-2

    Yes, I did. It removed it just fine. But now I get this message when I tried to run the GetLogs.bat... But after a while, it runs normally and gives the MGLogs so...
     

    Attached Files:

    Ginx, Jan 31, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Look at the log....it does not run fine. It is virtually empty.

    Delete the C:\MGTools.exe, the C:\MGTools folder and the C:\MGLogs.zip.

    Reboot and run CCleaner then go back to the Read and Run First and redownload MGTools.exe.

    I need to make sure that the items were removed.
     
    TimW, Feb 1, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds