Virtumonde issue followup questions

Discussion in 'Malware Help (A Specialist Will Reply)' started by Uriah, Aug 22, 2008.

  1. Uriah

    Uriah Private E-2

    Hello, firstly I would just like to thank to creators and admins of this site because it literally saved my life. I got infect with Virtumonde yesterday and my PC was absolute toast. Classes start on Monday, and I was in panic mode. My Norton AV didn't even sniff it, so I bought and downloaded Exterminate It ($30) and that fixed most of it - my pc worked for the most part, but I was still being redirected whenever I clicked any links in Google, Yahoo, MSLive, or Ask, and I was being blocked from connecting to Symanted live update as well as Exterminate It's server for reporting further problems. Anyway, after coiming here (on my other machine because I was also blocked from viewing Majorgeeks.com) I followed the step by step malware removal process listed here and it seems to have worked great, but I did have one followup question.

    But first, here's how my fix went:

    Step 1:
    - Removing Malware via Add/Remove Programs
    Done – none of the programs on your list were installed on my pc

    - Uninstall all old Sun Java
    During the uninstall of Java some pop-up made me restart my pc, but upon restart uninstalled fine.

    - Changed Msconfig to ‘normal’ mode

    - Removed all files from my Norton Quarantine

    - Emptied Recycle bin

    - I do not have a Norton Protected Recycle Bin, I have Norton Antivirus w/AV center installed, it does not give me a year number, or version. I installed it July 07.

    - I downloaded, installed, and ran Ccleaner (no small feat considering my pc was blocked [in both firefox and IE] from viewing majorgeeks.com )


    Step 2:
    - I enabled the viewing of hidden files, system files, and file extensions


    Step 3: Windows XP Cleaning Procedure- Downloaded all Scan Aps in the manner dictated
    - SuperAntiSpyware found no threats in the scan of memory or registry items, but the scan froze on the Custsat.dll in my dllcache folder in System32. Second time through it completed finding no threats.
    - When I tried to install Spybot S&D it would not let me connect to the server for installation. I assume this was blocked by the virus and proceeded to the next step.
    - Malware Bytes found 13 infected objects but was not able to remove 6 of them. I called for restart which I did per instructions
    - Ran Combofix, no issues to report.


    I have all the logs, and will post them if someone wants to see them.


    Everything appears to be running smoothly now, I’ll definitely keep an eye on it but was wondering if there is anything I should worry about with those files Malware wasn’t able to remove?

    Thanks,
    Uriah
     
    Uriah, Aug 22, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to attach the rquested logs from doing the Read and Run First instructions, otherwise we do not know what remains. :)
     
    TimW, Aug 23, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds