Virtumonde Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by g-money61, Oct 31, 2008.

  1. g-money61

    g-money61 Private E-2

    Tried to remove with several programs but Virtumonde still is there. I used your process to remove and here are the logs. I don't know if your suggested steps removed Virtumonde so I'm posting these logs to see if anyone can tell. Thanks
     

    Attached Files:

    g-money61, Oct 31, 2008
    #1
  2. g-money61

    g-money61 Private E-2

    Tried to remove with several programs but Virtumonde still is there. I used your process to remove and here are the logs.
     

    Attached Files:

    g-money61, Oct 31, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please keep all of your responses in this thread.

    We need the C:\MGLogs.zip
     
    TimW, Oct 31, 2008
    #3
  4. g-money61

    g-money61 Private E-2

    Tim, could you please tell me how to upload the MGLogs.zip file that you need, thanks
     
    g-money61, Nov 1, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you go through the Read and RUn First instructions?

    Did you download and properly install the MGTools,exe to the C drive? If you did and ran it, the MGLogs.zip will be exactly where I said it would be --> C:\MGLogs.zip.

    You will attach it the same way as you attached your other logs.
     
    TimW, Nov 1, 2008
    #5
  6. g-money61

    g-money61 Private E-2

    ok i found the mg log here it is and thanks again!
     

    Attached Files:

    g-money61, Nov 1, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your MGLogs are mostly empty...did you let it run till it said it was finished...you also did not accept the HJT agreement.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip
     
    TimW, Nov 2, 2008
    #7
  8. g-money61

    g-money61 Private E-2

    when i run the getlogs.bat it runs for a bit then gives me C:\windows\system32\autoexec.nt. the system file is not suitable for running ms-dos and microsoft windows applications. choose 'close to terminate the application. it also says on the black screen, 'tasklist' is not recognized as an internal or external command, operable program or task file. the process cannot access the file because it is being used by another process
     
    g-money61, Nov 2, 2008
    #8
  9. g-money61

    g-money61 Private E-2

    try again, sorry
     

    Attached Files:

    g-money61, Nov 2, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please read this thread MGErrors for your error message and download and install the fix. Then try MGTools again. :)
     
    TimW, Nov 2, 2008
    #10
  11. g-money61

    g-money61 Private E-2

    sorry, my bad. I think I have it now.
     

    Attached Files:

    g-money61, Nov 2, 2008
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Very good..that worked..:)

    Use windows explorer to find and delete:
    C:\WINDOWS\system32\fyzyzmjk.exe

    I will look at your logs in detail tomorrow....:)
     
    TimW, Nov 2, 2008
    #12
  13. g-money61

    g-money61 Private E-2

    I removed it, so what do you think?
     
    g-money61, Nov 5, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I think your logs are clean. :)

    Now we just need to clean up from the process:

     
    TimW, Nov 5, 2008
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds