Virtumundo.A - anyone else have this??

Discussion in 'Malware Help (A Specialist Will Reply)' started by Vickster3659, Feb 19, 2006.

  1. Vickster3659

    Vickster3659 Private E-2

    Hi,

    I have been receiving help at another forum for several malware infections. Almost every issue is resolved save one very nasty ‘nasty’. Today, the free scan at Trend Micro confirmed that it is Virtumundo.A, which gives me three lines in the HJT log: O2 BHO CATLEvents, O4 HKLM RunOnce [*keyacc]….rerun and O20 Winlogon. The offending file name shows up as ccayek.dat (twice, O2 and O20 lines) and keyacc.exe in the O4 line. The popups are for WinAntiVirus 2006.

    The tools I have tried are Killbox, Vundo, FixVundo, and several others, also running msconfig changing BOOT.INI trying to stop this file from loading so I can delete it, and Adware or AVG doesn’t even recognize there is a problem. My contact at the other forum was even trying to write a .bat file, but has had no success, yet. :rolleyes:

    I can’t possibly be the only one experiencing this! Has anyone come across a procedure to eliminate this nasty?

    Thanks in advance!!

    ~Vickster3659
     
    Vickster3659, Feb 19, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Welcome to MajorGeeks.com, please follow the steps below:

    http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    • Make sure you check version numbers and get all updates.
    http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

    http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis
     
    bjgarrick, Feb 19, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just a note to what BJ has already given you to do and an answer to your question. Yes we have fixed literally hundreds (if not more) Virtumonde problems and we have procedures to do this in our stickies.

    However here is the note: You must note try to work problems in multiple forums. Either work all your remaining problems here or work them in the other forum. It's your choice, but DO NOT try working them in multiple forums as that will cause problems for everyone.
     
    chaslang, Feb 19, 2006
    #3
  4. Vickster3659

    Vickster3659 Private E-2

    Sorry if I confused anyone, writing is not my strong point:D I'm only wondering if anyone else has encountered this. I've been trying to research without much luck.
    Thanks,
    ~Vickster3659
     
    Vickster3659, Feb 20, 2006
    #4
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Yes, as Chaslang said we have removed hundreds if not thousands of these infections. These are very easy to remove.
     
    bjgarrick, Feb 20, 2006
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds