Virtumonde problem, please help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Yaridovich, Oct 23, 2007.

  1. Yaridovich

    Yaridovich Private E-2

    Hello everyone,

    My sister did me the big favor of getting Virusmonde on our computer and now I'm going through heaven and hell to get it off.

    I have already tried removing it with Spybot and Ad-Aware, they both detect and remove Virusmonde, but it's useless, because Virusmonde remains on the computer even if Spybot or Ad-Aware removes it.

    I also tried removing its entries with Hijackthis, but also for no use: if I run a new Hijackthis scan, it's still there. The BHO file I got is pmnli.dll .

    Also, I tried specific removal tools: VundoFix, VirtumundoBeGone and FixVundo.
    VirtumundoBeGone doesn't detect it at all, except for the first time in which it detected and removed one file.
    Same for VundoFix: doesn't detect anything, but on the first time it detected and removed one file.
    FixVundo doesn't run (it crashes with a Windows error message saying that "it performed an illegal operation and has to be closed" and blah blah blah).

    Right now, I'm running a scan on my computer using Active Virus Shield, but its scan is so detailed that it has been running for 15 hours and it's still on 13%.

    I'm sure that the virus is still on my computer because SpywareGuard keeps detecting an attempt to include pmnli.dll as a BHO. Even if I choose to Remove the BHO, a new SpywareGuard message comes right after I remove the BHO.

    Also, I tried removing it manually with Process Explorer and Pocket KillBox as recommended by chaslang on this thread:
    http://forums.majorgeeks.com/showthread.php?t=93773
    And it ALSO didn't work.

    Anyone know a faster solution to get this goddamn Virtumonde off my computer that doesn't make me wait all this time that the scan takes?

    I'm attaching to the message the reports of Hijackthis and VirtumondeBeGone and also a jpg image showing the message shown by SpywareGuard.

    Thanks in advance!
     

    Attached Files:

    Yaridovich, Oct 23, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please run the steps in the below procedure and attach the requested logs afterwards:

    Read & RUN ME FIRST Before Asking for Support

    The above is a newer version of the READ ME so be sure to click the above link and not the sticky seen in the malware forum.
     
    chaslang, Oct 23, 2007
    #2
  3. Yaridovich

    Yaridovich Private E-2

    Yay for ComboFix!

    ComboFix removed all the remaining traces of Virtumonde from my PC.

    I'll still run the mentioned scans and posts the logs here to make sure there's not a single trace of that plague here, but ComboFix solved my problem.
     
    Yaridovich, Oct 28, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Highly unlikely! It may have only removed that active items you were seeing.

    Yes you should complete ALL of the scans and you should attach all of the requested logs including ComboFix. I could just about guarantee you that there are more Vundo files to remove.
     
    chaslang, Oct 28, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds