Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 47

Thread: Virtumonde.prx, can't boot

  1. #31
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    OK, that is done. Should I turn TeaTimer back on now?

    It was a bit disappointing when mbam identified another file infected with vundo. Does this mean it just missed an innocuous file on earlier scans, or that there are still problems lurking in my system that will reinfect me at some point, or that I encountered a new attack from the Internet. If it is a new attack, then I still have some vulnerability somewhere.

  2. #32
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I don't run TT, preferring SpywareGuard which you will read about in the links I provided. If you wish to run it, turn it on, but first read the tutorial so you know how to respond to the prompts that may occur.

    The one file may have been something added to the MBAM data base recently or it may have been something missed the first run for one reason or another. Malware removal is not an exact science and the hackers continue to change the rules. Chances are any good scan you run willl locate something, but we have destroyed the executables and the malware is no longer valid.

    Here is a little information about this junk.
    http://en.wikipedia.org/wiki/Vundo_trojan

    Keep clearly in mind that the days of kids doing pranks online are over, it is now all about the $$$ and organized crime.
    http://news.cnet.com/8301-1009_3-9992897-83.html
    http://www.youtube.com/watch?v=zBUZHiKhsog
    http://en.wikipedia.org/wiki/Russian_Business_Network
    http://rbnexploit.blogspot.com/
    http://www.google.com/search?hl=en&q...=Google+Search

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #33
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    It looks like everything is holding up OK. Fast startup and loading of programs, no Fatal System Errors, and pleasant Internet sessions with no pop-ups are all continuing. I updated and ran Spybot S&D last night and it detected evidence of virtumonde, which it said it fixed. I then updated and ran Mbam, and it was clean.

    After reading some of the scary stuff you sent me on trojans and organized crime, I also changed a bunch of my passwords, as I have no idea how long I was infected. Checking and card accounts haven't shown any funny activity, but then I never downloaded any of the anti-spyware junk that was offered by the pop-ups.

    I have noticed one consequence of the cleanup that I hope you can explain. A lot of the folders in Windows Explorer, with the exception of those in My Documents, have been rearranged, and several folders have disappeared. For instance, last night when I removed my old version of Mozilla Firefox, I tried to save my Bookmarks, which I always do when I back up my files. Firefox stores the Bookmarks file in a folder in Documents and Settings called Application Data\Mozilla\Firefox\Profiles\. The entire Application Data folder is gone, and although the Firefox Bookmarks still worked, I was unable to find that file to save it. Where did that file and the rather large Application Data folder go? In addition, I have a couple of new folders at the top of the C: drive heading that have no information to identify the purpose of the files they contain. One of the folders is labeled 174f375f17ca3244962838b9bf1caee, and it contains a .txt file that appears to be some sort of log with the name msxml4-KB927978-enu. The other folder has a similarly lengthy combination of letters and numbers, and it contains a single Application file for Windows Service Pack Setup.

    Lastly, when I removed the old version of Firefox using Add-Remove, it left behind a "Mozilla Firefox" folder under my Programs folder. This Mozilla folder includes three subfolders labeled "defaults," "extensions," and "plug-ins." The "extensions" folder contains a single subfolder labeled {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}, which looks suspiciously like one of the files you had me remove through HJT. That folder eventually leads to a bunch of files labeled ffjext.dtd. Any idea what those might be, and is it OK to just delete that whole "Mozilla Firefox" folder before I install the new version?

  4. #34
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Most of these questions are not malware related and as such I have limited knowledge and would prefer you ask at a good Windows XP forum, here are two:
    http://www.techsupportforum.com/micr...ws-xp-support/
    http://www.geekstogo.com/forum/Windo...003-NT-f5.html

    Here are a couple of Firefox forums:
    http://forums.mozillazine.org/index.php?c=4
    http://support.mozilla.com/en-US/kb/...Website+Forums
    While I keep a updated copy of my computers for emergencies, I rarely use Firefox and my knowledge is limited.
    A lot of the folders in Windows Explorer, with the exception of those in My Documents, have been rearranged, and several folders have disappeared.
    Possible this is a result of the malware, I just do not know.
    You should be able to arrange folder as you wish, for instance:
    My Documents > View > Arrange Icons by...

    For your issues with files/folders in Firefox, I suggest you uninstall the program and download it again. It will install all files and folders it requires:
    http://www.mozilla.com/en-US/firefox/
    Make sure to update the program at that point.

    msxml4-KB927978-enu >>> http://www.google.com/
    http://www.google.com/search?hl=en&q...earch&aq=f&oq=

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #35
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    Am I OK to update my Windows XP with Service Pack 3 now?

  6. #36
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    To be truthful, I have two XP computers. One updated with no problems, the others had issues and removed the update. I since ordered and received a CD to see if I can install it that way, but have not have the time to do it. There is also a website at Microsoft where you can get free help if you have any issues. That information:

    Microsoft Windows XP Service Pack 3 (All Languages)
    http://support.microsoft.com/oas/def...3&gprid=522131

    PURCHASE CD <<< $10. includes S&H
    http://support.microsoft.com/kb/322389

    If you wish to continue updates but wait on SP#3, here is additional information:
    How to prevent SP3 from being installed by Windows Update
    Windows Service Pack Blocker Tool Kit
    http://www.microsoft.com/downloads/d...displaylang=en

    I would say to go for it, but I am not the one who has to do it.

    Thanks...Phil (not as in Phillies)
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #37
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    Possible this is a result of the malware, I just do not know.
    You should be able to arrange folder as you wish, for instance:
    My Documents > View > Arrange Icons by...
    The problem is not so much that the folders have been rearranged, but that several major folders aren't there anymore. Everything works OK, so I guess the files are there somewhere, but I can't find them using File Search. I'll contact one of the Windows XP forums and let you know what I find out.

    For your issues with files/folders in Firefox, I suggest you uninstall the program and download it again. It will install all files and folders it requires:
    That is what I did. The orphan folder was left behind after Uninstall. I'm worried that it may include malicious files that will be inserted into the new version of Firefox, so I'm reluctant to do the Installation without finding out what they are.

  8. #38
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    By the way, I can't get rid of that danged Viewpoint. I have uninstalled it several times now through Add-Remove, but it shows back up whenever I reboot. I guess AOL keeps automatically reinstalling it. Guess I'll go on an AOL forum and research that annoyance.

  9. #39
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    C:\Program Files\Viewpoint\ <<< you can try starting in safe mode and see if you can delete that folder. Another option I can think of is to install it again to create a new uninstaller, then try to uninstall. I wonder why aol thinks they have the right to install junk on your computer anyway. I say that, but they are smart enough to know the legalities and you can bet the information about viewpoint was included in the EULA agreement with whatever program you installed.

    I have not used it, but there is a tool in MBAM you can try. The only thing, it is for files so you would have to open the folder and delete one file at a time.

    MBAM > More Tools > FilesASSASSIN > Run Tool

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #40
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    Phil, I think we have done what we set out to accomplish, and I believe we can close this thread at your discretion. From the looks of the new pleas for help showing up on the Malware Removal forum, you have plenty of work to do, so I need to get out of your way. You have been an immeasurable help and a pleasure to work with, and I can't thank you enough.

    Also, as the father of an active duty Marine infantry officer, I appreciate your "thank a veteran" signature. If you are a veteran yourself, thank you for your service, and I hope you receive the recognition that you deserve on Veterans Day tomorrow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •