Virtumondo

Had to start a new thread. I had to redo everything I did before and I can't find the thread anymore.

Did the Read and Run.

Steps I took:
1. Disabled System Restore
2. Enabled File Viewing
3. Ran Trend Micro- no viruses found
4. Ran Trojan Scan- 5 Malware found
5. msconfig in normal mode, restarted
6. Updated AdAware
7. Updated SpyBot
8. Unplugged internet
9. Rebooted in Safe Mode
10. Ran CCleaner
11. Ran AdAware- 11 Objects (6 Reg keys, 1 Reg Value, 4 Files, 3 Negligible Objects. 14 Removed.)
12. Ran Spybot- no threats found
13. Ran Microsoft AntiSpyware- Virtumondo found and removed
14. Rebooted
15. Ran Hijack This! Log attached
16. Selective Start up
17. Rebooted
18. Hid Files
19. System Restore on

 

Also, I thought I got rid of it before. But it came back. Have been unable to run all steps til now. What causes this to get on my computer? What type of sites will get this on here? Should I use Firefox instead of IE?

 

FYI... the stupid thing popped up again. How the heck am I going to get rid of this????????

 

Ok, I'm definately learning alot of things in the process of trying to remove this thing! I've been reading... Maybe I've gone about this wrong in safe mode... I read that if you have mutiple users, scan all users screens for the adware. When I boot into safe mode, it gives me the option of logging on as myself or as administrator... In normal mode, it just shows myself and my husband. Should I perhaps log on as admin when in safe mode? Will that take care of it? Or does that not matter?

 

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Ok, downloaded Spy Sweeper and ran it.

I got a message that said "A threat was detected running in memory. To ensure proper removal of this threat, close any applications that are currently open and click ok." I didn't have anything open, so I clicked ok.

I then got a message saying "Spy Sweeper has indentified some threat traces that cannot be removed until you restart your computer." I was going to click no on the restart, get the session log and THEN restart. Hovered my arrow over no and it disappeared. Then my computer kinda froze up. So I hit the power button to manually shut the computer off and turn it back on. Went back to Spy Sweeper and copied the sessions log (attached).

Changed to normal boot (to run Hijack This!), Spy Sweeper window popped up. I removed MyWebSearch Email Plugin.

Restarted the computer.
Ran Hijack This!
Changed back to selective start up.
Rebooted.

Attached are both logs you requested.

 

Forgot to add... I DID update the Spy Sweeper BEFORE running it as requested.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Spy Sweeper

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, REBOOT and let me know how things are running.

 

Things were going really good after I did the Spy Sweeper and all that. I did what you just said to do and so far so good. I DID have to put a check by Temporary Internet Files and Recycle Bin as they weren't checked. But I will keep you posted as to how things are running.

Are there any specific types of sites that will get that crap on my system? Anything that I should avoid going to? (Other than the obvious porn sites. lol) I did view the thread on how to protect yourself from malware. So I think I'm good to go. Thank you sooooo much for helping me! I appreciate it! And again, I'll keep ya posted.

 

Keep your OS up-to-date along with your antivirus and firewall and you will be fine.

Surf Safely!

 

Grrr.. It's back again! As of either yesterday or today. I update my antivirus and I think my ZoneAlarm does automatic updates (I could be wrong on that)... I haven't done anything any different than before!! I can't figure out why it's doing this!!!! I ran AdAware to see if I did have something and it also came up with Win32.TrojanDownloader.ConHook... I have to run everything again with System Restore disabled and everything. But I wanted to see if I DID in fact have something. So I guess I have to go thru this whole process again, huh?? What is causing this?? I keep my daughter off of my computer so she doesn't get anything on it.

 

Attach the log from Ad-Aware, do you know exactly what was found?

 

Ya know, I thought about copy and pasting the log AFTER I deleted everything. But I'm sure it's still on my computer. Cuz it's just not being right. I'll run it again and attach it.

 

Also attach a fresh HJT log.

 

ok, I tried to do the AdAware again so I could get you a log, but since I removed it, it wasn't there again.

Did the read and run me again! This time, when I booted into safe mode, I logged on as Admin as opposed to my name. I didn't really find anything. But from what I can tell on the Hijack This! log, there's things that are supposed to be. I think. I'm attaching the log.

 

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.