PCWorld Forums

PCWorld Forums: Virtumonde.dll - PCWorld Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Virtumonde.dll

#1 User is offline   Vikta 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 25-September 09

Posted 26 September 2009 - 12:17 AM

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.

This post has been edited by Vikta: 26 September 2009 - 12:20 AM

0

#2 User is offline   mphenterprises 

  • Elite
  • PipPipPipPipPipPipPipPip
  • Group: Members
  • Posts: 12,259
  • Joined: 19-February 07
  • Location:Philadelphia, PA

Posted 26 September 2009 - 02:35 AM

View PostVikta, on 26 September 2009 - 12:17 AM, said:

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.






Hi vikta and welcome to the PCWorld Communities. :D




Most malicious files attach themselves to registry entries. Since most registry entries affect the normal operations a computer, any malicious file attached to a registry entry will not be able to be removed during a scan in normal mode.

However, if you restart your computer in Safe Mode, that same registry entry may not be present. If you ran another scan in Safe Mode, SpyBot should pick it up and then remove it.

That all being said, SpyBot is not the highly popular application it once was. Once in Safe Mode (with Networking), if you are still unable to remove this malicious file, please download SuperAntiSpyware. This application has been a God-send and should find and remove this file. Now, SuperAntiSpyware may not install in Safe Mode. If it does not, restart the computer and install the application and run the scan.

Regardless if SuperAntiSpyware works or not, I would still recommend you run an additional scan with Malwarebytes. This 1-2 combination has worked very well for my clients.

If you have any problems at all, please let us know.
Posted Image
0

#3 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 26 September 2009 - 03:14 AM

View PostVikta, on 26 September 2009 - 12:17 AM, said:

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.



Hey Vikta !!

Welcome to PCWorld Community !

In order to familiarize yourself with any forum , you should always take a look at the "Forum Guidelines" . This will help with the How Too's on any forum.
They mostly are all the same but, it's good to know what to post and Not to post.

Also, when asking for technical or cleaning help, it's good practice to detail your PC (eg. Operating System, the name and make of the PC and the Security Programs installed).
This will help speed up the process of answering your questions and we will be able to direct you to the appropriate tools.

Please read through my post before you do any work.


Now, Spybot is not capable of removing the Virtumonde.dll. In order to remove it , we will use VundoFix and MalwareBytes' Anti-Malware.
Download from this link : http://www.malwarebytes.org/mbam.php . Use the FREE version.
You should : Install and Up-Date the definitions upon completion of the installation (very Important)

Download a Fresh copy and Re-run VundoFix : http://vundofix.atribune.org/ making sure to follow the instructions set forth by Atribune.
Run a new scan and post the log from that scan in your next post. IF you are using Vista, you Must right click and "Run as Administrator"

Next , do a Quick scan with MalwareBytes' Anti-Malware after you have Up-Dated the definitions. Post the log from that scan in your next post.
Again , IF you are using Vista, you Must right click on the icon and from the context menu , choose to "Run as Administrator"

To quarantine and delete what MalwareBytes' finds :
When the scan is finished, a message box will say ,The scan completed successfully. Click "Show Results" to display all objects found".
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked , and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.


The last tool we will use (for now) is Dr.WebCureIt : http://www.freedrweb.com/cureit/ . This one does not require an installation. Simply download
and double click on the .exe . Once the program starts , click on the Start button and a Quick scan will begin. IF using Vista, right click on the icon and
choose to "Run as Administrator".
IF it finds anything , it will automatically delete (quarantine) the offending files. Please post the Names of the
infected files it finds.

Also, download this Temps File Cleaner : ATF Cleaner by Atribune :
http://www.atribune....id=25&Itemid=25 .
No installation is required. Double click on the .exe and check mark the "Select All" box. Then , click on the 'Empty Selected" button.
If you use Firefox. click on the Firefox name from the Top and repeat the procedure.

Most likely, these infected files will also show up in the old Restore Points which we will deal with latter. But, for now, scan and post the logs I requested.

Please be patient as some of these scans might take some time to complete.

FLASHORN.

This post has been edited by Flashorn: 26 September 2009 - 03:19 AM

Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

#4 User is offline   coastie65 

  • Moderator
  • PipPipPipPipPipPipPipPip
  • Group: Moderators
  • Posts: 20,651
  • Joined: 02-April 07
  • Location:Henrico, Va.

Posted 26 September 2009 - 06:26 AM

Good suggestions from both. SUPERantispyware will remove virtumonde, or at least it has in the past ( personal experience ). Both are good suggestions and should do the trick.
Coolermaster HAF 912 Case....ASUS Z87Pro MOBO.....Intel Core i7 4770k Haswell ( OC'd to 4.6 Ghz ) .... Gelid Tranquillo cooler.... Samsung 830 256 GB SSD.... Primary HDD- WD 1TB Caviar Black SATA III /6.0 .... SECONDARY HDD - WD 1TB Caviar Black SATA II / 3.0....16Gb GSkill Ripjaws Series X 2133 Mhz Memory....Corsair AX850w PSU....EVGA GTX 680 Super Clocked Signature 2 Gb GDDR5 Video Card....Samsung CD/DVD RW, DL, DVD-Ram, w/ Lightscribe Optical Drive....Samsung SyncMaster 2243BWX 22" Monitor..... Windows 7 Home Premium 64 Bit OS




______________________________________________________________

Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
0

#5 User is offline   SpiritWind 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 2,425
  • Joined: 19-August 06

Posted 26 September 2009 - 10:31 AM

Hi Vikta :

There is a relatively new Thread on the Spybot
Support Forums ( the 1st place One should go when
a Question about Spybot occurs ) about Virtumonde.
dll possibly being a "False-Positive" at
http://forums.spybot...ead.php?t=51151 .
As recommended there, do you have Spybot 1.6.2 ?
For the very Best in Life :

http://www.ctftoronto.com
0

#6 User is offline   Vikta 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 25-September 09

Posted 26 September 2009 - 11:25 AM

View PostSpiritWind, on 26 September 2009 - 10:31 AM, said:

Hi Vikta :

There is a relatively new Thread on the Spybot
Support Forums ( the 1st place One should go when
a Question about Spybot occurs ) about Virtumonde.
dll possibly being a "False-Positive" at
http://forums.spybot...ead.php?t=51151 .
As recommended there, do you have Spybot 1.6.2 ?


I have got spybot 1.5.2.20 and the last detection updates were 9/9/2009.
0

#7 User is offline   Vikta 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 25-September 09

Posted 26 September 2009 - 12:14 PM

View PostFlashorn, on 26 September 2009 - 03:14 AM, said:

View PostVikta, on 26 September 2009 - 12:17 AM, said:

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.



Hey Vikta !!



Welcome to PCWorld Community !

In order to familiarize yourself with any forum , you should always take a look at the "Forum Guidelines" . This will help with the How Too's on any forum.
They mostly are all the same but, it's good to know what to post and Not to post.

Also, when asking for technical or cleaning help, it's good practice to detail your PC (eg. Operating System, the name and make of the PC and the Security Programs installed).
This will help speed up the process of answering your questions and we will be able to direct you to the appropriate tools.

Please read through my post before you do any work.


Now, Spybot is not capable of removing the Virtumonde.dll. In order to remove it , we will use VundoFix and MalwareBytes' Anti-Malware.
Download from this link : http://www.malwarebytes.org/mbam.php . Use the FREE version.
You should : Install and Up-Date the definitions upon completion of the installation (very Important)

Download a Fresh copy and Re-run VundoFix : http://vundofix.atribune.org/ making sure to follow the instructions set forth by Atribune.
Run a new scan and post the log from that scan in your next post. IF you are using Vista, you Must right click and "Run as Administrator"

Next , do a Quick scan with MalwareBytes' Anti-Malware after you have Up-Dated the definitions. Post the log from that scan in your next post.
Again , IF you are using Vista, you Must right click on the icon and from the context menu , choose to "Run as Administrator"

To quarantine and delete what MalwareBytes' finds :
When the scan is finished, a message box will say ,The scan completed successfully. Click "Show Results" to display all objects found".
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked , and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.


The last tool we will use (for now) is Dr.WebCureIt : http://www.freedrweb.com/cureit/ . This one does not require an installation. Simply download
and double click on the .exe . Once the program starts , click on the Start button and a Quick scan will begin. IF using Vista, right click on the icon and
choose to "Run as Administrator".
IF it finds anything , it will automatically delete (quarantine) the offending files. Please post the Names of the
infected files it finds.

Also, download this Temps File Cleaner : ATF Cleaner by Atribune :
http://www.atribune....id=25&Itemid=25 .
No installation is required. Double click on the .exe and check mark the "Select All" box. Then , click on the 'Empty Selected" button.
If you use Firefox. click on the Firefox name from the Top and repeat the procedure.

Most likely, these infected files will also show up in the old Restore Points which we will deal with latter. But, for now, scan and post the logs I requested.

Please be patient as some of these scans might take some time to complete.

FLASHORN.







Sorry, did not exactly know the protocol...

I am running windows XP professional version 5.1.2600 service pack 3. For security, I use eset smart security business edition and Spybot.

This post has been edited by mphenterprises: 26 September 2009 - 03:17 PM
Reason for edit: corrected formatting

0

#8 User is offline   techie4fun 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 3,532
  • Joined: 18-October 06

Posted 26 September 2009 - 12:18 PM

As stated before, Spybot is no longer recommended. If you run Super Anti Spyware and Malware Bytes IN Safe Mode, see if the threats are removed.
-1

#9 User is offline   SpiritWind 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 2,425
  • Joined: 19-August 06

Posted 26 September 2009 - 05:02 PM

Hi Vikta :

Based on your latest Info, it appears your outdated
Version of Spybot is causing your Virtumonde.dll
"False-Positive" . If you wish to retain Spybot on
your computer, you should go to
http://forums.spybot...nloads.php?id=1 to get
the latest version ( do NOT know IF you need to
"uninstall" the version you have to do so ) . IF you
would like a higher quality of a malware-fighting
program, you should get Malwarebytes' Anti-Malware
and/or "SUPERAntiSpyware", BOTH of which come in a
FREE Version .
For the very Best in Life :

http://www.ctftoronto.com
0

#10 User is offline   Vikta 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 25-September 09

Posted 27 September 2009 - 10:43 AM

View PostFlashorn, on 26 September 2009 - 03:14 AM, said:

View PostVikta, on 26 September 2009 - 12:17 AM, said:

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.



Hey Vikta !!

Welcome to PCWorld Community !

In order to familiarize yourself with any forum , you should always take a look at the "Forum Guidelines" . This will help with the How Too's on any forum.
They mostly are all the same but, it's good to know what to post and Not to post.

Also, when asking for technical or cleaning help, it's good practice to detail your PC (eg. Operating System, the name and make of the PC and the Security Programs installed).
This will help speed up the process of answering your questions and we will be able to direct you to the appropriate tools.

Please read through my post before you do any work.


Now, Spybot is not capable of removing the Virtumonde.dll. In order to remove it , we will use VundoFix and MalwareBytes' Anti-Malware.
Download from this link : http://www.malwarebytes.org/mbam.php . Use the FREE version.
You should : Install and Up-Date the definitions upon completion of the installation (very Important)

Download a Fresh copy and Re-run VundoFix : http://vundofix.atribune.org/ making sure to follow the instructions set forth by Atribune.
Run a new scan and post the log from that scan in your next post. IF you are using Vista, you Must right click and "Run as Administrator"

Next , do a Quick scan with MalwareBytes' Anti-Malware after you have Up-Dated the definitions. Post the log from that scan in your next post.
Again , IF you are using Vista, you Must right click on the icon and from the context menu , choose to "Run as Administrator"

To quarantine and delete what MalwareBytes' finds :
When the scan is finished, a message box will say ,The scan completed successfully. Click "Show Results" to display all objects found".
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked , and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.


The last tool we will use (for now) is Dr.WebCureIt : http://www.freedrweb.com/cureit/ . This one does not require an installation. Simply download
and double click on the .exe . Once the program starts , click on the Start button and a Quick scan will begin. IF using Vista, right click on the icon and
choose to "Run as Administrator".
IF it finds anything , it will automatically delete (quarantine) the offending files. Please post the Names of the
infected files it finds.

Also, download this Temps File Cleaner : ATF Cleaner by Atribune :
http://www.atribune....id=25&Itemid=25 .
No installation is required. Double click on the .exe and check mark the "Select All" box. Then , click on the 'Empty Selected" button.
If you use Firefox. click on the Firefox name from the Top and repeat the procedure.

Most likely, these infected files will also show up in the old Restore Points which we will deal with latter. But, for now, scan and post the logs I requested.

Please be patient as some of these scans might take some time to complete.

FLASHORN.



Hello FLASHORN,
Thanx for the advise.

I have a Toshiba satellite L305 using Win XP service pack 3.

I downloaded Malwarebytes, but could not update...Instead I got an error reading {an error occured. error code 732 (0,0)}each time I clicked on the update tab.

For the Vundo fix scan, this is the report I got after downloading and running a scan {vundo fix V7.0.6 no files found, vundo fix will now close}

Dr. Webcureit could not run after downloading... Instead I got this reading each time I double clicked on the executable {Dr.web cureit is not a valid win32 application}

however, I went ahead and ran scans with Malwarebytes... below is the log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3, v.3264

9/27/2009 12:23:08 AM
mbam-log-2009-09-27 (00-22-57).txt

Scan type: Quick Scan
Objects scanned: 120612
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However, I went ahead and got spybot search and destroy version 1.6.2, updated and ran another scan...and there was NO virtumonde.dll detected.

it appears like the problem is now solved...thanks alot
0

#11 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 29 September 2009 - 01:40 PM

View PostVikta, on 27 September 2009 - 10:43 AM, said:

View PostFlashorn, on 26 September 2009 - 03:14 AM, said:

View PostVikta, on 26 September 2009 - 12:17 AM, said:

Hello,
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.

I need help to get virtumonde off my computer, all useful advise is welcome

I really appreciate your help on this... I am at the edge.



Hey Vikta !!

Welcome to PCWorld Community !

In order to familiarize yourself with any forum , you should always take a look at the "Forum Guidelines" . This will help with the How Too's on any forum.
They mostly are all the same but, it's good to know what to post and Not to post.

Also, when asking for technical or cleaning help, it's good practice to detail your PC (eg. Operating System, the name and make of the PC and the Security Programs installed).
This will help speed up the process of answering your questions and we will be able to direct you to the appropriate tools.

Please read through my post before you do any work.


Now, Spybot is not capable of removing the Virtumonde.dll. In order to remove it , we will use VundoFix and MalwareBytes' Anti-Malware.
Download from this link : http://www.malwarebytes.org/mbam.php . Use the FREE version.
You should : Install and Up-Date the definitions upon completion of the installation (very Important)

Download a Fresh copy and Re-run VundoFix : http://vundofix.atribune.org/ making sure to follow the instructions set forth by Atribune.
Run a new scan and post the log from that scan in your next post. IF you are using Vista, you Must right click and "Run as Administrator"

Next , do a Quick scan with MalwareBytes' Anti-Malware after you have Up-Dated the definitions. Post the log from that scan in your next post.
Again , IF you are using Vista, you Must right click on the icon and from the context menu , choose to "Run as Administrator"

To quarantine and delete what MalwareBytes' finds :
When the scan is finished, a message box will say ,The scan completed successfully. Click "Show Results" to display all objects found".
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked , and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.


The last tool we will use (for now) is Dr.WebCureIt : http://www.freedrweb.com/cureit/ . This one does not require an installation. Simply download
and double click on the .exe . Once the program starts , click on the Start button and a Quick scan will begin. IF using Vista, right click on the icon and
choose to "Run as Administrator".
IF it finds anything , it will automatically delete (quarantine) the offending files. Please post the Names of the
infected files it finds.

Also, download this Temps File Cleaner : ATF Cleaner by Atribune :
http://www.atribune....id=25&Itemid=25 .
No installation is required. Double click on the .exe and check mark the "Select All" box. Then , click on the 'Empty Selected" button.
If you use Firefox. click on the Firefox name from the Top and repeat the procedure.

Most likely, these infected files will also show up in the old Restore Points which we will deal with latter. But, for now, scan and post the logs I requested.

Please be patient as some of these scans might take some time to complete.

FLASHORN.



Hello FLASHORN,
Thanx for the advise.

I have a Toshiba satellite L305 using Win XP service pack 3.

I downloaded Malwarebytes, but could not update...Instead I got an error reading {an error occured. error code 732 (0,0)}each time I clicked on the update tab.

For the Vundo fix scan, this is the report I got after downloading and running a scan {vundo fix V7.0.6 no files found, vundo fix will now close}

Dr. Webcureit could not run after downloading... Instead I got this reading each time I double clicked on the executable {Dr.web cureit is not a valid win32 application}

however, I went ahead and ran scans with Malwarebytes... below is the log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3, v.3264

9/27/2009 12:23:08 AM
mbam-log-2009-09-27 (00-22-57).txt

Scan type: Quick Scan
Objects scanned: 120612
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However, I went ahead and got spybot search and destroy version 1.6.2, updated and ran another scan...and there was NO virtumonde.dll detected.

it appears like the problem is now solved...thanks alot




Hey Vikta !!

Sorry for the late response. Life gets in the way sometimes !

Please read through my post before you do any work.


OK, not being able to update MalwareBytes' OR to run Dr.Web , is not good.

First , you need to verify that your Firewall will let MalwareBytes' access the web to update. You can verify this by going into the Firewall's "Allowed Programs" section. Also, Eset might be stopping
MalwareBytes' from trying to update OR install the Updates as this changes the programs original settings (new signatures). Please make use of the "Exceptions" in the Eset Program for MalwareBytes'.

Another possibility would be that Internet Explorer is set to Work OFF LINE thus , not able to access the Net. Make sure that (if you use IE 7 or 8) you are Not using IE in the Off Line mode.
To verify : (refer to screen shot)

Posted Image .

Please download , install and update the definitions of ,SUPERAntiSpyware (Free Version) :

http://www.superanti...ntispyware.html

Could you also access Safe Mode in order to run SUPERAntiSpyware , Dr.Web (download a new version and delete the first one you downloaded) and AFT Cleaner.
To access Safe Mode :
Re-Boot PC. When post appears . Press f8 Continuously (gently) until you get a black screen with White options.
With the Arrow Keys (bottom right of keyboard) , choose the Safe Mode option and press the ENTER button.
You should now see a Black Screen with over sized icons and Safe Mode written in all four corners of the screen.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
Click on the Exit button (Bottom) once the files have been deleted.

Now access the SUPERAntiSpyware icon on your desktop and double click on it. Once opened , click on the "Preferences tab" and configure as per the screen shot.

Posted Image .

Now, scan with Dr.Web. http://www.freedrweb.com/cureit/ . Latest version.
Double click on the .exe once the program starts , click on the Start button and a Quick scan will begin. Please report any and all names
of infected files found.

When the scans are finished and IF asked to reboot , please do so and you should be back to Normal Mode.
IF NOT then, simply re-boot in Normal Mode when all scans and cleaning are done.

In your next post, please post the log for SUPER. Go TO > Preferences > Logs and click on the date of the appropriate log. A Notepad will open .
Copy and Paste .

If you have any questions , ask before you take action.

FLASHORN.














Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users