Vikta, on 26 September 2009 - 12:17 AM, said:
I am a newbie in regards to forums and computers. My computer is slow, and opens tabs that I have not requested for. I ran spybot search&destroy and found a problem called Virtumonde.dll. Somehow, spybot's "fix selected" cannot get rid of virtumonde. Each time I restart the computer, spybot does an unauthorized scan, and I cannot stop the scan. So far, I have failed to get solutions online. I have used Vundo fix, Eset smart security, and recently downloaded a 30 day trial version of Kaspersky Anti virus 2010, but virtumonde cannot be detected except by Spybot...which in turn cannot fix it.
I need help to get virtumonde off my computer, all useful advise is welcome
I really appreciate your help on this... I am at the edge.
Hey Vikta !!
Welcome to PCWorld Community !
In order to familiarize yourself with any forum , you should always take a look at the "Forum Guidelines" . This will help with the How Too's on any forum.
They mostly are all the same but, it's good to know what to post and Not to post.
Also, when asking for technical or cleaning help, it's good practice to detail your PC (eg. Operating System, the name and make of the PC and the Security Programs installed).
This will help speed up the process of answering your questions and we will be able to direct you to the appropriate tools.
Please read through my post before you do any work.
Now, Spybot is not capable of removing the Virtumonde.dll. In order to remove it , we will use VundoFix and MalwareBytes' Anti-Malware.
Download from this link : http://www.malwarebytes.org/mbam.php
. Use the FREE version.
You should : Install and Up-Date the definitions upon completion of the installation (very Important)
Download a Fresh copy and Re-run VundoFix : http://vundofix.atribune.org/
making sure to follow the instructions set forth by Atribune.
Run a new scan and post the log from that scan in your next post. IF you are using Vista, you Must right click and "Run as Administrator"
Next , do a Quick scan with MalwareBytes' Anti-Malware after you have Up-Dated the definitions. Post the log from that scan in your next post.
Again , IF you are using Vista, you Must right click on the icon and from the context menu , choose to "Run as Administrator"
To quarantine and delete what MalwareBytes' finds :
When the scan is finished, a message box will say ,The scan completed successfully. Click "Show Results" to display all objects found".
to close the message box and continue with the removal process.
Click on the Show Results
button to see a list of any malware that was found.
Make sure that everything is checked
, and click Remove Selected
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved and can be viewed by clicking the Logs
tab in MBAM.
The last tool we will use (for now) is Dr.WebCureIt : http://www.freedrweb.com/cureit/
. This one does not require an installation.
and double click on the .exe . Once the program starts , click on the Start button and a Quick scan will begin. IF using Vista, right click on the icon and
choose to "Run as Administrator".
IF it finds anything , it will automatically delete (quarantine) the offending files. Please post the Names of the
infected files it finds.
Also, download this Temps File Cleaner : ATF Cleaner by Atribune :
No installation is required. Double click on the .exe and check mark the "Select All" box. Then , click on the 'Empty Selected" button.
If you use Firefox. click on the Firefox name from the Top and repeat the procedure.
Most likely, these infected files will also show up in the old Restore Points which we will deal with latter. But, for now, scan and post the logs I requested.
Please be patient as some of these scans might take some time to complete.
This post has been edited by Flashorn: 26 September 2009 - 03:19 AM