Virtumunde Help

I have used hijack this. Thanks in advance!!!
here is the log

 

Hi jacqui,
Welcome to Major Geeks!

I removed your inline log and attached it. Please use the Manage Attachments button which is down a little ways below the replay screen for your logs. The infection in your computer is a known one so I would like to ask you to run through the instructions in the READ & RUN ME FIRST and attach the logs we request. When we have this information, we'll be able to see which files are still causing problems and give you instructions specific for your computer to remove them.

Thanks.
abri

 

Thanks!

I followed all the instructions and things look great now. So far anyway. Nothing is going wrong, no popups or pages and cpu usage is no longer at 100%. Looks like I have my baby back!!!

Thanks so much for this site and all the effort you put into those instructions!
:cool

 

You're welcome.

I would feel better if we could check your logs for you to see if there are any files remaining that need to be deleted manually. It's possible for some forms of malware to come back with just a single file remaining on your computer, so if you would like us to look through them, please attach the ones which were requested. It takes a bit more time, but it's often worth it in the long run.

Thanks.
abri

 

I am having trouble finding the malwarebytes log!

 

OK I hope this s all of them.
Thanks SO much!! :major

 

Hi jacqui,

There is still malware in your computer and we will try these steps first to get that out. Additionally, I'm having you do some things to make your computer less vulnerable, like replacing your old java with the newest one.

Also, I'm having you remove two things which are in the undecided area as to whether they are good programs or not. One is the Ask Toolbar and the other is Wild Tangent. If you feel a special attachment to these, you can leave them in, but my recommendation is to remove them. Instructions for removing the Ask Toolbar are in step one. For the Wild Tangent entries, I've added them into the Avenger Fix, so if you want to keep Wild Tangent, you will have to remove it when you copy/paste the contents for Avenger.

1) Go to add/remove programs and uninstall the below:

Java(TM) SE Runtime Environment 6 Update 1
Ask Toolbar


2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O20 - AppInit_DLLs: C:\Users\jac\AppData\Roaming\__c00CAC98.dat

After you click fix, just close hijackthis.



3) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

4) Install the current version of Sun Java from: Sun Java Runtime Environment



5) Now run CCleaner at the default setting with the Windows tab as the top one.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip along with the Avenger or Combofix log.


Let me know how things are running now?

abri

 

Hi Abri
Thanks again you are a gem!!
I have done all that, everythings seems ok to me (what do i know?) :major

 

Hi jacqui,
Thank you!

Your MGlogs are not complete and the procdll is not important at this point. Please go to the MGTools folder under C:\ and find the file called GetLogs.bat. Double-click on it and allow it to run to completion. Then check directly under C:\ for the file (not folder) called MGlogs.zip. Open it and see if there are 4 or 5 logs inside. If there are not, then it means the tools are not running correctly and they need to be reinstalled. Be sure not to interrupt the scan while it's running. When it's finished it will give you a message like Hit any key ...

If you allow it to run correctly and it still doesn't produce all the logs, you need to re-install the tools. This just takes a moment and the scan itself is quite short. Please go to USING MG TOOLS and download and install the MGTools again over the old ones. Then follow the instructions to produce a new set of logs and attach them here.

This will allow me to make sure that the files we tried to delete are no longer there.

Thanks.
abri

 

Hi Abri
I reinstalled MGTools again hust to be sure and ran it as the instructions say.
Hope it worked this time. There are several logs in the file.
Can't thank you enough!

 

Hi jacqui,

Everything looks good. I will give you a few cleanup items to finish and then post the final cleanup instructions to you.

1) Please go to the following two folders and open them. Delete all the files Windows will allow you to delete.

C:\Windows\Temp\
C:\Users\jac\AppData\Local\Temp\

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

After you click fix, just close hijackthis.

3) Download and install Erunt. Use it to create a backup of your registry.

4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files". Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

5) And here are the final cleanup instructions:

abri

 

THANK YOU Abri!!!
Everything has been great! :cool

 

You're welcome!
Nice to hear!
Enjoy your computer!