Home > I Think > I Think I'm Still Infected With Virtumondo

I Think I'm Still Infected With Virtumondo

Back to top #3 greatman05 greatman05 Topic Starter Members 6 posts OFFLINE Local time:11:06 PM Posted 01 March 2010 - 07:18 AM Can anyone help me? If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. A case like this could easily cost hundreds of thousands of dollars. Restart your computer after receiving the message CleanUp Successful. Source

Question: Did you have McAfee quarantine all the files? There are too many processes and slow processing, and my browser gets hijacked and redirected when i go to sites with the word 'security" in the title, after I search for I think u can close this topic now.From,Kenyas Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,338 posts Location: Belgium ID: 16   Posted I worked on it for a while and was able to remove them with a bit of playing around…. https://www.bleepingcomputer.com/forums/t/208817/i-think-im-still-infected-with-virtumondo/

The reason I know it came from there: It was the only thing I was doing I run WinPatrol and it is going fucking crazy with warnings of programs putting themselves Using the site is easy and fun. Can't thank you enough for this mate, cheers!

Apr 11, 2009 #2 Tungstencalais TS Rookie Topic Starter Hi Bobbye, thanks for the help. I also disbaled yahoo toolbar since I don't use it at all. O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for Apr 14, 2009 #9 Bobbye Helper on the Fringe Posts: 16,335 +36 My apology for the delay.

Virtumon.C VirtuMon.c is often thought of as VirtuMonde.C which is not correct. antivirus 4.8.1368 [VPS 100228-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\SysMonitor.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\setup\avast.setupsvchost.exeC:\Acer\LANScope Agent\awServ.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program I used a piece of software called Malwarebytes from http://malwarebytes.org. https://forums.malwarebytes.org/topic/17814-virtumondesdn-detected/ Good Luck!

Should I uninstall it and install something like Avira instead?Click to expand... To resolve this behavior, you must connect to the Internet or turn off the Update Root Certificates component. I downloaded and ran SuperAntispyware and HJT, the logs of which I've attached too. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know.

This should remove your problem!? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. The overheating problems you had might have damaged something> possibly the memory chips. 2. sorry, no I didn't.

Click to clear the Update Root Certificates check box, and then continue with the Windows Components Wizard.Click to expand... this contact form To learn more and to read the lawsuit, click here. Let the process run, don't be alarmed when the desktop goes blank or discolored while removing the file. I can add the link into my next post if you'd like to see it?

DISABLE SYSTEM RESTORE. Avira found 5 files which were subsequently removed. A virtumonde by definition is adware that modifies the Windows Internet connection mechanism and display various pop-up advertisements.? have a peek here Using the site is easy and fun.

It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot). Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? From here, I navigated to c:\windows\help\mui\accas.dll and renamed the file.

It also is used to deliver other malware to its host computers.

Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now I'm still not sure, but I definitely think my computer is faster before the computer got infected. From the walkthrough on that page it looks like there's a few more steps than what I've written out below, but doesn't make it as easy to screw up and delete Hawkeye_Fierce 2009-02-07 13:10:06 UTC #12 stusser: That thread now consists of people posting and discussing weird disturbing images.

Future proof Useful links: Entries (RSS) | Comments (RSS) Search PagesAbout me My Linux box Tim's F6 driver guide Tim's free-for-all driver guide Tim's laptop service manuals Blog Categories 7.04 (3) Some programs can interfere with others and hamper the recovery process. Web Scanner;avast! http://tagnabit.net/i-think/i-think-i-m-infected-not-sure-help.php How do I remove a Trojan.Virtumonde or Vundo 26 Dec Posted by Hemal in Browsers, Internet, Security, Software, Windows My computer currently has a Trojan.Virtumonde.

Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-14 138680]R2 AWService;AdminWorks Agent X6;c:\acer\lanscope agent\awServ.exe [2007-4-26 75032]R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664]R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112]R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]R2 KodakSvc;Kodak AiO But did you run it with system restore disabled? I'm suspecting this is still virtumonde, and that it could be McAfee that's infected, but I'm unsure how to fix it, since my comp doesn't boot up sufficiently long enough for Numerous pop-ups upon browser start up Changed desktop backgrounds Blue Screensavers (not chosen by default) Disabled Windows Security Center Computer offers a fix for the problem it seems to have How

Run them in Safe Mode. Freddo says: August 14th, 2008 at 16:55 Oh yea and it is still giving me pop ups and crap. This virtumonde.c Trojan will create a DLL (Dynamic Link Library) to facilitate the recording of your keystrokes and communicates with a website located on the internet.