PDA

View Full Version : Have you been infected with Virtumonde?



Tom.K
2008-07-01, 21:57
I have viewed lots of threads in Malware Removal forum, and most of them have problems with Virtumonde. I've created a poll in which just want to see how much users have been infected. It's simple: Yes or No.
If you have been infected with Virtumonde and removed it, or if you are still infected with Virtumonde, select Yes. If you never have been infected with Virtumonde, select No.

If you are infected with Virtumonde and you need help, you can create a new thread in Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22), BUT before creating a new thread, you MUST read this thread first: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) .

drragostea
2008-07-02, 02:36
I would agree that most of the threads are related to Virtuemonde.

However, my question is how Virtuemonde infects the computer. P2P? Malicious drive-by-downloads?

tashi
2008-07-02, 07:25
However, my question is how Virtuemonde infects the computer. P2P? Malicious drive-by-downloads?

Malware changes all the time, safe surfing is the key. :)

P2P, easiest route to 'any' infection.

Java: Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)

129260
2008-07-02, 07:27
because more infections are now spreading through "safe" sites. Known web sites that are classified as "safe" are being taken over by hackers, who in turn put threats on these sites, so then when a user goes on it, they are infected. This is where keeping your security software up to date, and using a secure browser that passed the acid 2 test, like firefox, comes into play.

bitman
2008-07-02, 14:27
129260,

Please try not to confuse a browser rendering test with security, they have nothing to do with one another.

http://en.wikipedia.org/wiki/Acid2
"Acid2 tests features of HTML and, more prominently, CSS. The purpose of testing such features is to identify standards compliance deficiencies in applications that render HTML."

For its more limited set of built-in features, the FireFox browser has about the same number of similar vulnerabilities discovered in the same time frame as Internet Explorer.

Vulnerability Report: Mozilla Firefox 2.0.x
http://secunia.com/product/12434/?task=statistics

Vulnerability Report: Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/?task=statistics

The belief that FireFox is inherently more secure than Internet Explorer is a fallacy. All bowsers and in fact all software have vulnerabilities, the key is the availability and effectiveness of updates and keeping them current on your own systems.

The confusion with FireFox is usually based on the fact that FireFox itself doesn't support ActiveX, which is where some of the vulnerabilities in Internet Explorer are found. This fact causes some to believe that FireFox is 'safer' when in fact it's simply lacking this ability altogether, so of course it won't have these particular vulnerabilities. If your Internet use requires the availability of ActiveX, which many corporate and other sites now do, switching to FireFox may not be an effective strategy at all.

As for the original subject of this thread, extending what Tashi has already stated, the most virulent malware suites are evolving constantly so there can be no one answer to this question. There would also be no significant value to a poll of users placed in such a forum since those coming here have a higher probability of being infected in the first place and would thus distort any statistics gathered. A more valuable question might be what kind of anti-malware protection did those who got the infection have if any and did it give any indication that they were being infected? This might help others to better tune or understand their own protection situation and how effective it might be.

Bitman

drragostea
2008-07-02, 18:19
Java: Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)

Yes, Java. But... I wonder why Java is even on any user's PC, like reinstalled.

Is this because many "applications" or online "applications" such as Housecall that require Java?

What would be happen (or disadvantages) of a computer not having Java installed?

blues
2008-07-02, 23:58
Yes, Java. But... I wonder why Java is even on any user's PC, like reinstalled.

Is this because many "applications" or online "applications" such as Housecall that require Java?

What would be happen (or disadvantages) of a computer not having Java installed?

some speedtests wont work without java, i have had no use for java other than online virus scanners and speedtests, some years ago i used it to be able to play an online game but i havent played online games on a long time.

shelf life
2008-07-03, 02:18
my question is how Virtuemonde infects the computer

any malware, virtumundo or otherwise can be installed several ways.
ie:software install:(games,cracks, piggyback)
e-mail, IM, social sites: (click random link or my picture etc)
p2p: (more malicious software, mislabeled files)
malicious web site: (drive-by, browser exploit, or "you need to install ...").

There is no magic involved.The majority of malware is installed by the user. Malware installs rely heavily on social engineering tricks and the easiest link in the chain is: the user themselves. No software can think for you or save you from your own actions.

Tom.K
2008-07-03, 21:07
I had downloaded cracks, but some of them worked. Those cracks were OK. But later, when I've wanted to download another crack (from same site and possibly same crack) , it seemed suspicious. It had .zip.exe extension. Then I've got confused. To download or not to download? With luck, I've decided to not download it. You should never download something with .zip.exe (a.k.a. expanded extensions) extensions (or .txt.exe, .bmp.exe, .mp3.exe .bla.exe ;) ). Now I've removed cracks.

A Question:
Does Virtumonde has something with WinSoftware (WinAntiVirusPro,WinFixer and ErrorSafe)?

drragostea
2008-07-03, 22:08
A Question:
Does Virtumonde has something with WinSoftware (WinAntiVirusPro,WinFixer and ErrorSafe)?

Can't believe that some cracks actually worked. :P

I think it was SmitFraud or something similar that installs the rogue programs. It could be Virtuemonde. I'm not sure, however, I'm sure that SmitFraud bombards your desktop with pop-ups.

NEVER EVER open a file with .xxx.exe. The .xxx is a variable (.txt, .jpg, .bmp, etc.). That would indicate a executeable, so some else comes bundled with that ".jpg" file.

129260
2008-07-03, 22:11
129260,

Please try not to confuse a browser rendering test with security, they have nothing to do with one another.

http://en.wikipedia.org/wiki/Acid2
"Acid2 tests features of HTML and, more prominently, CSS. The purpose of testing such features is to identify standards compliance deficiencies in applications that render HTML."
Bitman

Guess i got some researching and learning to do ;) :oops:

blues
2008-07-03, 22:21
I had downloaded cracks, but some of them worked. Those cracks were OK. But later, when I've wanted to download another crack (from same site and possibly same crack) , it seemed suspicious. It had .zip.exe extension. Then I've got confused. To download or not to download? With luck, I've decided to not download it. You should never download something with .zip.exe (a.k.a. expanded extensions) extensions (or .txt.exe, .bmp.exe, .mp3.exe .bla.exe ;) ). Now I've removed cracks.

A Question:
Does Virtumonde has something with WinSoftware (WinAntiVirusPro,WinFixer and ErrorSafe)?

from microsoft: Technical Information
Win32/Virtumonde is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.
Virtumonde is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.
Installation
Members of the Virtumonde family may compromise an affected system in a number of different ways. They use diverse methods of installation that often includes multiple components.

Virtumonde may use a dropper/downloader component that may be detected as one of the following:
TrojanDropper:Win32/Virtumonde.A
TrojanDropper:Win32/Virtumonde.B
TrojanDownloader:Win32/Virtumonde

Virtumonde also disables pop-ups if a targeted URL contains "mil" or "gov" in the domain.

Modifies System Security Settings
Virtuemonde makes the following registry modification in an attempt to bypass firewalls:
Sets value: "ProxyBypass"
With data: "1"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\

Sends Information to Remote Server
Virtuemonde may gather and send the following information from the affected machine to a remote server:
Outlook Express Accounts
Information from Software\Microsoft\Internet Account Manager\Accounts
Pop3 and SMTP user names
Registered owner
OS version number
Network adapter info
MAC address
Keyboard layout
Installation time
Crash log

Additional Information
Virtumonde has been observed in the wild being bundled with rogue anti-spyware products, for example, it has been observed being bundled with 'Evidence Eraser Pro'.

Virtuemonde has also been observed using encryption techniques in order to obfuscate its communications with remote sites.

This family may create the following registry entries in which to store data:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aldd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SysUpd

The Win32/Virtumonde family is closely associated with the Win32/Vundo and Win32/Conhook families.


from f-secure: Virtumonde is adware that displays pop-up advertisements. Some advertisements are for rogue antispyware applications such as Winfixer. Pop-ups are not marked as having originated from Virtumonde.

Virtumonde runs hidden from the user. It installs itself as a Winlogon notification package and locks its own module. The module has a random 5 character name and is installed to the windows\system32 folder.

Virtumonde infects Windows XP and 2000.

from wikipedia: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs.
As the virus is resident in memory and attached to Explorer.Exe and Winlogon, they must be stopped before trying to remove the virus. Without Winlogon, there is no way to reboot the pc, so a forced reboot is needed, as when Winlogon re-starts, the virus files are recreated. Internet Explorer, Mozilla Firefox, and Opera are affected by this trojan, but Apple Safari seems to be unaffected by the Trojan's .dll file.
Depending on versions, Vundo attempts to prevent the user from removing it or otherwise impede its operation, such as by disabling the task manager or Windows registry editor. WinFixer is closely related to Aurora Network's Nail.exe hijacker/spyware program. In worst-case scenarios, it may embed itself in Internet Explorer and become part of the program, thus being nearly impossible to remove. The program is also closely related to the Vundo and Virtumonde viruses.



i dont know if it can infect vista, but java can be installed on vista so i think it can infect vista too if java is outdated. i dont know if it infects in other ways than java, maybe someone here knows if it could? as you see above: Virtumonde has been observed in the wild being bundled with rogue anti-spyware products.

i dont know if everything from wikipedia is true, i think i have read somewhere that all who wants can edit sites on wikipedia.

i didnt know so much about viruses and spyware when using kazaa, i was downloading software from kazaa some years ago and one time my antivirus detected that a virus was infecting files on my computer, the antivirus went crazy. i also downloaded many software from www.download .com and i got spyware on the computer from some of the software from www.download .com i dont remember if i downloaded something from warez sites.

so i will not recommend anyone to use cracks from filesharing programs or warez sites and not from other places either.

i was also visiting porn sites and got alot of malware from that sites, the malware was installing when visiting the porn sites without me knowing it.

at that time i didnt know that i should download updates from microsoft, so the only software that was updated on the computer was my antivirus. the firewall was disabled at that time too and i think that that setting was the default setting some years ago.

drragostea
2008-07-03, 22:37
You should have read tashi's 14 ways to get infected without trying: Browse the web for free pOrn.

That could be the malicious drive-by-download. Malware is installed without the user's knowledge.

Kazaa is also infamous, because it is bundled with adware and malware.

Java or not Vista can get infected with Virtuemonde. I've seen HIJACK logs with Vista OS infected with Virtuemonde.

blues
2008-07-04, 00:49
You should have read tashi's 14 ways to get infected without trying: Browse the web for free pOrn.

That could be the malicious drive-by-download. Malware is installed without the user's knowledge.

Kazaa is also infamous, because it is bundled with adware and malware.

Java or not Vista can get infected with Virtuemonde. I've seen HIJACK logs with Vista OS infected with Virtuemonde.


how could i know that surfing porn and download cracked software were unsafe when barely knowing what viruses where? i also thought that www. download .com was safe to download from when other people i know of were downloading from there, and i never heard about that they were getting trouble with the computer when having downloaded software from that site.

i have never heard about spyware at that time either, i have read thashis tread but that was at a later time.

most of us have done stupid things without knowing the consecuenses, nobody is perfect and may make mistakes. im sure you have made mistakes too. some of us know things about computers that others dont and others know things about other things they like. nobody is really stupid but we cant know everything.

drragostea
2008-07-04, 01:16
I've never made a mistake!

Nah, I'm just joking. I'm the same as you, when I was younger, not knowing the consequences.

However, download . com is becoming infested... by ads and rogue products. You've heard of CopperHead Anti-spyware? Yea, it's rogue.

http://www.download.com/Spyware-Removal-Tool/3000-8022_4-10836838.html?tag=lst-0-6&cdlPid=10836839
http://www.download.com/Spyware-24x7/3000-8022_4-10811879.html?cdlPid=10813495

Here are two examples of rogue software. Trust me, from my perspective download.com is not even 50% safe. In my perspective. Downloads also are limited because probably of busy servers.

blues
2008-07-04, 02:10
I've never made a mistake!

Nah, I'm just joking. I'm the same as you, when I was younger, not knowing the consequences.

However, download . com is becoming infested... by ads and rogue products. You've heard of CopperHead Anti-spyware? Yea, it's rogue.

http://www.download.com/Spyware-Removal-Tool/3000-8022_4-10836838.html?tag=lst-0-6&cdlPid=10836839
http://www.download.com/Spyware-24x7/3000-8022_4-10811879.html?cdlPid=10813495

Here are two examples of rogue software. Trust me, from my perspective download.com is not even 50% safe. In my perspective. Downloads also are limited because probably of busy servers.

majorgeeks had one program that was infected with cydoor if i remember right, i was looking at different programs at majorgeeks and visited the authors site, the site looked suspicious so i reported it to the hphosts forum and it is now in the hphosts hostsfile, the admin at hphosts forum detected that the program included cydoor.

i have never heard of CopperHead Anti-spyware.

www.download .com is always slow to download from for me, but that is only annoying after formatting the computer and downloading software from there.

drragostea
2008-07-04, 02:55
What I would suggest is keep a folder of all the executables of the programs you plan to install. That way you can install all of them beforehand, without have to downloading all of them again. I update it everytime there is something new.

Next, I would drag the folder to a flash drive with all my documents.

blues
2008-07-04, 11:17
What I would suggest is keep a folder of all the executables of the programs you plan to install. That way you can install all of them beforehand, without have to downloading all of them again. I update it everytime there is something new.

Next, I would drag the folder to a flash drive with all my documents.


i have a folder that i download the programs to, but i delete the install files after installing the programs. i sometimes burn the installers to a cd before formatting. i dont have any documents that i need after formatting. and i burn what i have in the download folder from utorrent in my documents.

drragostea
2008-07-05, 07:23
Download folder from uTorrent.

That reminds me... I have trouble... actually my brother is having trouble with "port forwarding" since he's getting 1kb/sec. on a DSL connection.

I've seen the portforward website, however the articles are too dated and the screenshots look nothing like the modern ones.

blues
2008-07-05, 11:10
Download folder from uTorrent.

That reminds me... I have trouble... actually my brother is having trouble with "port forwarding" since he's getting 1kb/sec. on a DSL connection.

I've seen the portforward website, however the articles are too dated and the screenshots look nothing like the modern ones.

i always use the speed guide in utorrent, but that wouldnt help with his problem, but if you restrict your upload speed, then you will have slower download speed that is what happened to me when trying it, i dont know if it is like that ONLY in utorrent but maybe other torrent programs too. but i dont know if it is the trackers (or what it is called) that lowers your speed when doing this. i think the torrent programs must follow some rules, or they will be banned from some trackers. but i maybe have misunderstand what i have read. maybe his router/modem has a firewall, i have mine turned on without a problem and hasnt needed to do portforwarding. i download with lightning speed sometimes, but that is just what i call it. other family members and people i know doesnt have such fast speeds that i have when downloading torrents. but it also depends what speed the other people that is sharing/seeding have. i was getting faster speeds when downloading torrents when upgrading my speed. dslreports shows wrong speed for me when using their tests,both on the flash one and the java one. but Norwegian tests shows better speeds than dslreports, but that isnt strange when dslreports is farer (how do i write it? i was about to write farther but that means probably another thing) away from me.

sorry, i dont know how you do portforwarding:sad:

drragostea
2008-07-05, 20:50
I see. I don't feel like continuing this torrent conversation because it's hijacking the main point of this thread : ).

Just a side note: You give and get. If you limit your upload, you'll slow down your download.

Tokamak
2008-07-07, 17:36
I installed a program that contained a copy of virtumonde, and then allowed it past teatimer.

Then swore lots and lots.

YoKenny
2008-07-07, 18:49
I haven't been infected by Virtumonde yet on my WinME ( It was a free system given to me ), XP Home nor Pro systems but then I have hpHosts, MVPS HOSTS files, Windows Defender and WinPatrol installed.

I use avast! Home anti virus and Spybot S&D resident and I run its scan every time there is s definition update.

Tom.K
2008-07-07, 20:49
The best thing to make your computer safe and view programs is Virtual PC. You can use/install programs on Virtual PC, and your real PC does not have any changes. It's really useful. Only I hate about using Virtual PC is that you must set some settings which can be confusing. I use innotek VirtualBox http://www.virtualbox.org/.

Note: If you have shares between Virtual PC and real PC, and Virtual PC is infected, the infection can infect real PC.

drragostea
2008-07-07, 20:51
Note: If you have shares between Virtual PC and real PC, and Virtual PC is infected, the infection can infect real PC.

Wait a minute... can you explain that part again?

Can VPC run Vista on XP?

Tom.K
2008-07-07, 21:03
If you run for example a worm in Virtual PC, the worm can thru shared folders infect a real PC by copying the file to shared folder.
About running OS, you can run Vista (as Virtual OS) on XP.

drragostea
2008-07-07, 21:07
So it would be 50, 50 risky to attempt to test and play with malware on a VPC?

So I can use Vista as a VPC and just close the session like it never happened?

Tom.K
2008-07-07, 21:13
Only if you are using shared folders between Virtual PC and real PC.

You can run Vista on VPC and use it. When you close the session, the real OS (XP) doesn't have any changes affected by VPC.

drragostea
2008-07-07, 21:16
Just one last question, would you say it's "okay" to run VPC for fun and see the functions of Vista.

Say like you've never had a Vista before and all you see were screenshots from the Internet.

Tom.K
2008-07-08, 20:47
If you want to see some features of it, and you have setup for Vista, you can install it on VPC, but you shouldn't activate Vista because you can use Vista without activation for 30 days.

There is something good/bad (depends). When Vista becomes expired on VPC, you can reinstall Vista by installing Vista on new virtual drive. And you can use it again for 30 days.

drragostea
2008-07-08, 22:47
So are you saying that I need the... setup CD?

Oh, I see. I thought VPC came with it, then I was thinking... it can't be that small?

Tom.K
2008-07-09, 20:14
You need Vista Installation DVD. There is no way to get free Vista with VPC (the size of VPC setup + Vista setup = +3 GB!).

drragostea
2008-07-10, 00:25
Just find it odd, how people (*cough Computer educated and knowledgeable people/idiots), who are still downloading cracked versions of Vista Ultimate.

Thanks for the explanation Tom.

Fairplayer
2008-07-16, 14:17
Here's my way of using the cracks and keygens. I have winrar installed and when I rightclick on a keygen.exe file and it allows me to extract the file then it's probably virus inside. So go ahead and extract the file to any name and it creates a folder by that name. I did that with the last keygen.exe file I was going to use and inside was 2 .exe files. One named keygen.exe and the 2nd just file.exe wich was the virus. I deleted file.exe and used the keygen.exe only and it works.
Cheeerrrzzzzz

blues
2008-07-16, 14:30
Here's my way of using the cracks and keygens. I have winrar installed and when I rightclick on a keygen.exe file and it allows me to extract the file then it's probably virus inside. So go ahead and extract the file to any name and it creates a folder by that name. I did that with the last keygen.exe file I was going to use and inside was 2 .exe files. One named keygen.exe and the 2nd just file.exe wich was the virus. I deleted file.exe and used the keygen.exe only and it works.
Cheeerrrzzzzz

thanks, i will try that.:police: just kidding, why register here only to post that crap

Tom.K
2008-07-16, 20:32
Keygens can contain trojans. AVG has detected one keygen as Generic Trojan, but I have another keygen which is completely same, but it's used for other program. The strange is that the AVG didn't found anything in that keygen. Both keygens were from same "company/author".

blues
2008-07-16, 21:03
antiviruses detects some keygens and say that it detected trojans in them even if it isnt a trojan in the keygen, so some people get sick of it and doesnt care anymore and are downloading and using keygens and patched programs anyway. some antiviruses should be called antipiracysoftware, it isnt their job to do this.:lip:

avg is a joke if you ask me. it couldnt even tell if the entries from spybot and spywareblaster in the registry were legitimate, i dont know if it detects the entries now anymore but i will still avoid using it.

tashi
2008-07-16, 21:20
Hello,

FYI for all members, from the malware removal forum:
http://forums.spybot.info/showpost.php?p=25290&postcount=4


Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.Regards.

blues
2008-07-16, 21:33
tashi: did i say that i was using keygens and such? i dont know what you mean. i hope you dont sue me for doing that. i have used keygens and such in the past but the past is the past.

(i dont know if it is called sue)

but using filesharing programs isnt illegal, even if it isnt so good to do it all the times.

tashi
2008-07-16, 21:44
Hi blues,

No just a general FYI for the topic. ;) We see a lot of infections caused by people downloading such.


but I have another keygen which is completely same, but it's used for other program.

Cheers.

blues
2008-07-16, 21:59
Hi blues,

No just a general FYI for the topic. ;) We see a lot of infections caused by people downloading such.



Cheers.

ok, i understand:)

kira666
2008-07-23, 19:35
I have been seating on my laptop for a week strait trying to get rid of this vitumond thing and I am really new to the virus removal because I just got the internet for my laptop so i have no Idea what I am doing and I would love it if some on could talk me through cleanin all this crap of my laptop so I can get back to playing world of warcraft so if you want to help im me my profile gives it out but just in case its tdog21121

drragostea
2008-07-23, 19:39
Welcome to the forums kira666. I'm not a World of Warcraft player so I'm unfamiliar with it, although I've heard it's interesting.

However, I don't see how providing technical assistance in quick chatrooms in WoW might do any good. :laugh:

Read:
--
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
--
:cowboy: Virtuemonde can be persistent to remove. Start a thread and a malware specialist will assist you ASAP.

JainaSolo
2008-07-26, 02:01
You can (unfortunately) count me in the "yes" votes. Caught it about 2 weeks ago, and would've thrown my computer out the window by now if it weren't for the help I've been able to get here. I think some outdated software is what did me in. I only recently ditched my dial-up connection, and on dial-up, upgrading stuff like my Java and browsers was basically impossible. And I guess I didn't realize how vulnerable that made my system. Oops.

I was really surprised that my Norton Antivirus didn't catch this thing, only the occasional associated trojan. A friend who had the virus a couple months back told me her antivirus program didn't find it either. Digging around the Symantec site I found info on a really old Virtumonde/Vundo, and removal instructions and a tool that didn't do a darn thing.

Is this kind of thing common with viruses now? It's been ages since I've been hit with anything this bad, and that was back in the 90's, when I didn't even have an antivirus program. (Didn't think I needed one, either, because I had a Mac then, but that's a whole 'nother story.)

drragostea
2008-07-26, 02:19
Virtumonde is a trojan/adware. In other words, you can call it 'malware'. Anti-spyware applications detect Virtumonde, however modern anti-virus programs (AVG for example) have only began starting to detect the trojan. So, in my perspective it was 50/50 that Norton could not have detected it. What version is your Norton AV?

:cowboy: Dial-up can be a pain. I was a dial-up user once, and updated was a impossible feat :laugh:.

Use a firewall and anti-spyware/virus application and safe surfing.

Welcome to the forums.

lused-nightmare
2008-07-26, 03:31
:sad: i have it right now..... i may be a computer wizz but i am only good with hardwere so i ask fore some one who is wlling to lend me a hand.... i have had it now almost 2 munths and im one step away from shootin my pc if you have the time then pleas help me and if you have msn you may be able to walk methru it step by step thanks

p.s
my msn is

tashi
2008-07-26, 03:38
Hello lused-nightmare,



Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288).

Regards. :)

lused-nightmare
2008-07-26, 03:56
i hve and all i have been tolde is what i can do yet none seem to work this virous is verry badly intrenhed in my computer now and idh what to d so i tryed suming rather unortherdox i formatted and reinstalled windws yet wen i downloaded spybot new and reinstalled it it ss i still have it :sad:

lused-nightmare
2008-07-26, 03:58
then may i ask how do i et remoat assistance?

drragostea
2008-07-26, 04:19
lused-nightmare, sir. You cannot receive remote assistance. The best thing to do right now is to wait for a response from a experienced malware fighter.

In the mean time, can you run a full scan with Spybot-Search&Destroy? If this does not work, try to run the scan in 'Safe Mode' (by tapping F8 during bootup).

Do you use a firewall? How about an anti-virus program?

lused-nightmare
2008-07-26, 04:25
i have ran ll of the above and more i have tyed every thing i can think of and all hat others have tolde so fare its some how gotten into the boot time segmant of my hardrives as well so its ow more then your standerd fore the standerd (virtualmondan(sorry fore the speling)) i hav 3 difarent forms of it one th standerd 2 ends in ".dl" and 3rd ends in "gtx"

drragostea
2008-07-26, 04:30
Don't worry. A malware fighter will help your purge Virtumonde from your computer ASAP. However, remember that the Malware Forums is busy, I should say very busy and volunteers are not active 24/7.

Virtumonde can be persistent to remove, regardless of scanning in 'Safe Mode' or during bootup. So this is why I am asking you to await a response in the Malware Forums.

lused-nightmare
2008-07-26, 04:43
:sad:i know but in 8 days it will have been on my pc fore 3 munths and its relly anoyying me because it keeps downloading new things like "zlob downloader" and "adrevolver" all the time i have 13 standing problems of the virtuwal standrd 8 of gxt and 108 of .dll i do wait pashenty but im begining to think its now becomeing a hoples case.... im just worryed that some one may have acses to my contacts so i sreded them quickly... i know ppl in hi places so i had to but getting them back haha not so easy....:sad: but thank you eney way i hope sooner or latter that i will be able to sort it out.

drragostea
2008-07-26, 04:54
Then why have you not requested help during that 3 month period? 'AdRevolver' is not considered "malware" but it's just a harmless tracking cookie.

Do you use a firewall? How about an anti-virus program? At least using these tools will keep the spyware/viruses at bay.

A helper will assist you as soon as possible. So don't continue to worry.

lused-nightmare
2008-07-26, 05:06
i use avg 7.5 (new one) spyboy s&d 1.6 and hijack this (fore really bad problems) also i have avg anti route kit and on ocaston i usemy shotgun disk witch is an anti virous a skilled softwere dveloper made fore me ya just put it in and it gose to work on its own i have never had a virous before so ts all new ground also i use the comando plus fire wall because it works perfectly with windows fire wall yet this thing hass bypassed both them and all my spy were anti-virus were and anti rutkits so idk what to do at all now and i have been looking fore help just at other places and i have evern tryed re-formating my pc and it has had no efect witch relly pissed me off and it also maniged to get thru my firewalled v.p.n i-net switch

drragostea
2008-07-26, 05:13
Well, really in my perspective... the virus or malware did not exactly "bypass" your solutions or Comodo Pro Firewall. I would call it... user decision. Usually careless mistakes would have resulted in this infection. Let it be a malicious .exe file from a unknown attachment or a malicious drive-by-download. You get the point.

I believe AVG 7.5 is no longer supported by Grisoft. If you're running a Windows XP OS, you can safely upgrade to AVG 8.0 as it offers simultaneous protection against both spyware and viruses. There's not really sense in running a outdated program when it can not actively defend you. As for AVG Anti-rootkitm it has not been updated in a while. I think it was in March 2007 that was when it was last updated.

HiJackThis is not a anti-spyware tool nor is it a substitute for any anti-spyware or virus tool. It is a diagnostic tool who provides detailed information about your running Operating System.