virtumonde.sci detected w/ SpybotSD

XLNTA · Feb 6, 2009

I ran Spybot S&D & it detected virtumonde.sci. I had not noticed any problems; it was just a random exercise.

Rather than having it fix the detection right then, I completed your "Read & Run Me First" process, including the Spybot; and deleted the virtumonde files at that time.

If I had one infection, there could be others that I'm unaware of. I would appreciate your help in looking thru the attached log files of your tests that I ran. I will attach the 4th file in subsequent post. Then I will continue with the toggle system restore if all looks clean.

Thanks in advance for your help.

XLNTA · Feb 6, 2009

Following up with your MGlog.

Thanks

TimW · Feb 8, 2009

Your logs are clean, but I suggest you uninstall this:
WildTangent Web Driver

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

XLNTA · Feb 10, 2009

Tim,

Thanks for your help!

Regarding uninstall of WT -- I am using an HP machine with XP Media Center updated thru SP3. I have noticed from other posts that removal of WT can require more than just uninstall from Control Panel/ Add Remove. So, before I begin, let me ask about it.

In Add/Remove, I see WT Web Driver & My HP Games that are tied to Wild Tangent. Will Uninstall of those remove it from system or do I just start there?

Also, there is this program: "C:\Program Files\DISC\GameGuide\browser\DISCoverSA.exe". Is this tied to WT or another stand alone?

I could go on with other junk installed from HP, but I suppose I may already be out of the scope of this forum.

Please let me know if you can help with this, or should I start another post.

Thanks

TimW · Feb 11, 2009

You should discuss this in the software section...it is junk installed by HP. It can slow your startup time and wildtangent can lead to adaware crap. You can use this utility to remove it PC De-crapifier.

Log in or Sign up

virtumonde.sci detected w/ SpybotSD

XLNTA Private E-2

Attached Files:

SASlog 02-06-2009.txt

mbam-log-2009-02-06 (14-56-33).txt

ComboFix Log 02-06-09.txt

XLNTA Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

XLNTA Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member