VirtuMonde problems

J_E · Dec 28, 2008

Been having problems with VirtuMonde since yesterday.

Ran Spybot Search and Destroy and it came up with 2 files and a register entry, which it said it dealt with, but I continued getting pop-ups and a sluggish computer.

Came here and ran the checklist for what to do when you have Virtumonde, which is to say, the normal Windows XP cleaning.

So I've run all the scans listed there, logs attached.

J_E · Dec 28, 2008

And here's the remaining scan logs. Thanks in advance for help.

J_E · Dec 28, 2008

I re-ran Spybot Search and Destroy to see if there were any traces of Virtumonde left, and nothing came up, but I'm still a little wary since windows is reporting that AVG Free is turned off despite it being on. It also says I'm running a scan when I'm not, and my AVG Resident Shield keeps saying it's inactive despite the active box being checked. When I de-activate it and re-activate it the error goes away, but it eventually says it is de-activated again.

chaslang · Dec 31, 2008

Welcome to Major Geeks!

There is a possibility that some of your Windows system files are infected since winlogon.exe did show up as infected. So let's run System File Checker.

Please click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

Also your AVG program may have been corrupted so we are going to start by downloading the installer for the current version, uninstalling what you have, and then later on in my steps below, we will reinstall.

So start by downloading this: AVG AntiVirus Free Edition to have it ready for later.

Now use Add/Remove programs to uninstall AVG8

Also while in Add/Remove programs, uninstall the below outdated Java versions

Java 2 Runtime Environment, SE v1.4.2_03

Java(TM) 6 Update 4

Java(TM) 6 Update 7

Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Open Notepad and copy/paste the text in the below quote box into it:

KILLALL::

File::
c:\windows\system32\drivers\SET166.tmp
c:\windows\system32\drivers\SET164.tmp

Folder::
c:\documents and settings\Kerryyy\.exe
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"MSKDetectorExe"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Click to expand...

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now reinstall AVG8 from the file you downloaded earlier.

Now run Ccleaner!

Now goto this link Using MGtools and download the new version of MGtools.exe using the black bold print link in the first sentence.

Run MGtools.exe then attach the below logs:

C:\ComboFix.txt

C:\MGlogs.zip

Make sure you tell me how things are working now!

Log in or Sign up

VirtuMonde problems

J_E Private E-2

Attached Files:

SASlog.txt

Malwarebytes Anti-Malware log.txt

ComboFix.txt

J_E Private E-2

Attached Files:

MGlogs.zip

J_E Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member