Unsolved
This post is more than 5 years old
3 Posts
0
1062
December 27th, 2008 18:00
Trying to remove Malware- Virtumonde..NEED HELP
I have been trying to remove this really nasty virus Malware Virtumond
It was detected by Ad Aware. 5 objects found.
Symantec and Windows Defender did not even detect it. I quarantined it. I removed it. Ive done all I possible could to get rid of it but it keeps reappearing.
Does anyone know how to get rid of this virus?
I think this virus has disabled my Symantec updates and windows updates from being found. Also, on internet explorer(where I keep getting tracking cookies) I keep trying to set the privacy to Block All Cookies. I click apply and OK but when I close it and go back to that tab, its still going back to the Allow All Cookies setting. I wonder if this virus is related..
**** you Virtumonde
What do I do???


Bugbatter
4 Apprentice
•
20.5K Posts
0
December 29th, 2008 09:00
Welcome! Thank you for waiting patiently.
The volunteer analysts listed in the announcement at the top of this forum have been having a problem posting. Until Dell fixes the new software issues, I cannot get into a long fix. I can offer a suggestion to run a couple of general scans. If that does not fix the problem, click on the link in my signature and post at SpywareHammer for a follow-up review. Include your logs from the scans along with a fresh HijackThis log.
Try scans with these two programs in the following order:
Please disable other security software that may cause conflicts with the scans.
Instructions on how to do that are HERE.
Please download to your desktop Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Click Remove Selected.
Extra Notes:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
* If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use this update link here to manually download the update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "catchjunk.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the file to the infected computer. Install the "catchjunk.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.
Download and scan with Super Anti-Spyware Free for Home Users. It is available HERE:
*Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
cgmoll
2 Posts
0
December 29th, 2008 15:00
Hi,
I am new to the Dell Community Forum but I must say I am very impressed on my first visit. I was experiencing this very same thing with my computer (Virtumonde). It kept asking me to download Antivirus 2009 to my computer. I did more research and found to have (Virtumonde) on my computer as well.
It happen after my son downloaded songs from one of audio websites (not sure which one, but now I have Vuze search on my computer). I also had this icon telling me that I did not have automatic updates selected to ON. I tried to turn it on several times and it would not turn on, but after running the two scan programs, I GOT IT TO TURN ON!!!!!!!!!!!!!!
I think I have removed the malware using the advice you stated to another member, but I don't know how to get rid of the Vuze search that is on my web home page.
By the way, the antivirus program that I have is Invisus (which is getting ready to expired). I have purchase McAfee Toal Protection 2009 now and plan to install soon. Do I have to uninstall Invisus before installing McAfee.
Thanks for all your help and I definitely look forward to many, many more success.
Cheryl
Bugbatter
4 Apprentice
•
20.5K Posts
0
December 29th, 2008 17:00
Cheryl, yes, you need to uninstall Invisus before installing another anti-virus. I suggest BEFORE it expires, contacting their support and asking them how to uninstall. Some can be tricky and involve more than using Add/Remove.
It sounds like you still have some remnants of infection hanging around. I suggest having a review of your MBAM and SAS logs as well as posting a HijackThis log. Soon Dell will have their new forum software fixed, but for now please use SpywareHammer or another security forum to post your logs on. The link to SpywareHammer is in my signature below.
cgmoll
2 Posts
0
December 29th, 2008 20:00
Hi bugbatter,
For some reason I have been trying to login to SpywareHammer to activate my email address and it will not activate my address even though I have had the activation email resent about four times. I don't what the deal is. Then, if it lets me I not quite sure of what you are asking me to do. Can you give me more direction.
Thanks
Bugbatter
4 Apprentice
•
20.5K Posts
0
December 29th, 2008 22:00
I'm not sure what you were trying to do. Your account was activated by an Admin.
Just post your logs in the HijackThis forum.
rsulli16
1 Message
1
December 30th, 2008 07:00
hi
cant seem to figure out how to post a question here. soory if this is the wrong way to contact you.
I have a similar problem, i had a viruse/malware, i think it was AntiVirus 2009. I had the pop ups to go get the antivirus, ect. I ran all the scans i could, found that every antivirus, anti malware program was blocked, or wouldnt update. all the progams cant access the internet. i ran Malbytes anti malware, it told me Vundo,said it got it. i did get a removal tool for it at symantec, but it said i wasnt infected.. SuperAnti spyware found cookies galore. I did the Norton on liline scam, House Call on line. Manually deteleted every thing about AntiVirus 2009. now no more popups. all did checkdisk from MyComputer. CCcleaner, AVG free. cant download any of the others, i get the cant connect error when i try any spyware/virus site. Now the scans all come back clear, no infection at all
but,,
still cant update any spyware or malware.
cant sign on to aol or yahoo( tells me i dont have an internet connection, when i know i do) Aol techs had me delete the aol then try to download fresh version, but it wont connect. Now i dont aol at all, but can still get to AolWeb but only with IE, Firefox wont connect to AolWeb either.
In safe mode i dont have a keyboard !!!
I cant boot from a CD ! I gave up and tried to reinstall Windows.
Any ideas?
Thank you
Bob Sullivan
Bugbatter
4 Apprentice
•
20.5K Posts
0
December 30th, 2008 10:00
Hi, Bob,
It appears that you are still infected.
Can you use a clean computer to download tools to a CD or USB stick, rename them (see example for MBAM above), and transfer to the infected computer? If so, I suggest that you register and post your request for help here:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0
or at any one of the sites listed here:
http://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=8302720