Highlighted
Paula_D
2 Bronze

Virtumonde and Spybot Search and Destroy, AVG rootkit detection

Hello, I need help on getting rid of the Virtumonde virus,  found with Spybot Search and Destroy, and understanding what is happening with my AVG free rootkit.

 

I apologize in advance foe such a long post, but I am wondering now, if all of my seemingly small comp problems are related. Here goes:

 

I have not had tons of pop ups, but my computer is slower now than it used to be. I thought it was becasue I had too many images on the drive. 

 

I used to have Zone Alarm, but it and spysweeper were causing problems, so I uninstalled them. But traces of Zone Alarm are still on my comp. The icon is still there, and it used to quickly flash onto my screen, as if it were trying to start up again. 

 

 I noticed that my Windows Media  Center stalls and  first would not let me view pictures. Then, it would not start at all - I'd get a  black screen instead with a  message at the top that said: C\windows\eHome\ehmass.exe 

 

Now, everytime I reboot, I get that same window. When I go to the Start Menu> Media Centre Programs, the other games are there with their green icons, but the Gem Master is showing that white icon with the red and blue dots -as if the program is not there.

 

But it is actually there; sometimes if I start Media Center, and wait a long time,   the black screen will eventually go away, and the program will start. Although Gem Master is not listed with the other programs there either, as it was before,  if I look in the C>Windows>Programs folder, I see gem master there, along with the other media centre games. And if I click it and wait, and wait, it will start up.

 

Sometimes, especially on start up,  a yellow triangle with an exclaimation point appears in the task bar. When I hover over it, sometimes it will say that a file is corrupted, and when I click it, it disappears.

 

I ran AVG Anti Virus Free.  Did not have a virus until a while after this  started. I got rid of it. Today went to a website and got sheur.buhg. Got rid of it as well, but found nothing online about it.

Downloaded spybot search and destroy today. It found the Virtumonde virus and the sceen steps said I should contact the Spybot forums or email them if I don't  know how to remove it. I don't know how,  but the forum will not load and their contact form is not working. I get a server error when I try.

 

Spybot also found tracking cookies and wants to get rid of the Wild Tangent stuff.  So I highlighted a tracking cookie, and  clicked on "FIX THIS," thinking that getting rid of a tracking cookie would not hurt anything.

 

 But I did not highlight the Virtumonde because the Spybot screen   said that it involved disconnecting from the internet, it might be tought to remove and that should contact them if I didnot know how to get rid of it.

 

Well, green checkmarks appeared next to everything in the list, not just the tracking cookie! So I did a restore on the cookie. I dont know what the green checks mean. Also, I think it wanted to change something in the registry, and I definitely don't know anythng about that. I redid the scan, and now it is not seeing Virtumonde! But I did not reboot because I don't know what will happen if I do.

 

 Lastly, I ran AVG anti rootkit free, 1.1.0.42. It found a lof of things, I dont know if I will ruin my system if I get rid of them -  some of them pointed to AVG, like this:

 C:\WINDOWS\Temp\avg8info.id, Hidden File

 

and others seemed to be in temporary folders, like this: C:\WINDOWS\Temp\siB.tmp,Hidden File

 

and some say hidden directory, like this one

 C:\WINDOWS\Temp\History,Hidden Directory.

 

I do have my system set to show hidden files  - I dont know if that is why so many showed up  in the AVG free rootkit, if these are really virus like things, or false postives. Any suggestions or insight on the AVF rootkit findings and the Spybot  Virtumonde Virus? Thanks 

0 Kudos
3 Replies
ky331
6 Indium

Re: Virtumonde and Spybot Search and Destroy, AVG rootkit detection

at this point, the best way for you to proceed is run a diagnositic tool, which hopefully will reveal much of what's happening on your system: 
Download the latest version of Trend Micro's HiJackThis (HJT) [version 2.0.2]   installer   from
.
Save it to your Desktop.
.
Double-click on the     HJTInstall.exe    file you just downloaded, and click on the  Install   button, to install HJT in the suggested/default folder,
C:\Program Files\Trend Micro\HijackThis
.
( As part of the installation, a shortcut to the HJT  program  will be placed on your Desktop, and another shortcut in your START menu [for easy-access to using HJT in the future ---
you only need to run the  program  again, but not the  installer ] ).
.
After installation, HJT will automatically open and start running.  
[If this is your  first time  running HJT, please read and accept the EULA (End-User License Agreement)]
.
Click on  Do a System Scan and Save a LogFile

 

This will automatically open NotePad

 

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

 

Then go to the forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

 

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

 

Be sure to include a detailed description of any problems/errors/warnings you are encountering.  

Also, please indicate the steps you've already taken, if any, in terms of running anti-malware scanners or malware removal tools.

 

When you submit your HJT log, please make sure the box under your text which shows "Automatically convert carriage returns to HTML line breaks" is checked, or your log may not format correctly... it should consist of separate/readable lines, not one large "jumble".
 

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  While it's  completely safe  for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!!  Improper use of this tool can severely damage your system.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Paula_D
2 Bronze

Re: Virtumonde and Spybot Search and Destroy, AVG rootkit detection

I cant post it. The system keeps saying that I have too many characters and cannot exceed 20,000. But when I copied and pasted into a word doc., I was well under 20,000. I even took out the symptoms and tried to post the log only with a one liner- having problems, too many characters to post, and included the  link back here, but it is not letting me post it.
0 Kudos
beversoll
3 Argentium

Re: Virtumonde and Spybot Search and Destroy, AVG rootkit detection

Hi Paul_D,

 

You may have to post the log in a few seperate posts.  Reply to your message until you have put the entire log in the thread (you may need to cut it in thirds, half, etc). 

Acer Windows 7 SP1  i3 Intel Process 6GB Ram Terabyte Hard Drive

Avast AV

MBAM real-time protection

Windows Firewall

Winpratrol

UAC On

0 Kudos