Virtumonde-New Thread-As Per request

[Blade81]

Do you believe this was a valid CF Update?

Yes, CF checks for available update before it runs.

QUESTION: Do you want me to paste (or attach) the DDS_Attach Log?

Won't need attach.txt anymore

C:\atapi.sys.vir can be deleted. How is your system running now?

[TomZT]

As per my previous post...

"The system appears to be running pretty good except for Windows Security Alert in Tray... "AVG A/V is out of date!" (I have not run or updated AVG or SpyBot for awhile.) Windows Automatic Updates are also turned off."

Did you mean you want me to Delete: C:\atapi.sys.vir ... and then tell you again "how the system is running?" after that???

Also... when we searched for all instances of "atapi.sys" it was found in 5 or 6 locations. Then we replaced the bad one with a good one we copied from the C:\....ServicePackFolder. Is there a possibility that any of the other instances/locations could be copies of the bad "atapi.sys"

[Blade81]

As per my previous post...

"The system appears to be running pretty good except for Windows Security Alert in Tray... "AVG A/V is out of date!" (I have not run or updated AVG or SpyBot for awhile.) Windows Automatic Updates are also turned off."

Sorry, seems that I paid too much attention to those two bolded questions of yours and missed this.

See if you're able to get AVG and Spybot updated now. Better let Windows Automatic Updates be until we've finished the cleaning process.

Is there a possibility that any of the other instances/locations could be copies of the bad "atapi.sys"

Never should say it's impossible but what is important is that healthy copy is in the location we put the file in. There's nothing to worry about

[TomZT]

I will try to update AVG and SpyBot and reply with results.

Please advise when I should start and enable the SpyBot and AVG Resident Shields?

One thing I noticed in IE7... When logging on to the Malware Removal Forum, after the page loads... the bottom left corner of the IE screen shows... "Done, But with errors on page." I do not see this on other Websites I've tried. Is this a problem with the forum's page? Or a problem with my Computer or IE settings?

[Blade81]

Hi,

You can enable Spybot and AVG resident shield after we've finished.

One thing I noticed in IE7... When logging on to the Malware Removal Forum, after the page loads... the bottom left corner of the IE screen shows... "Done, But with errors on page." I do not see this on other Websites I've tried. Is this a problem with the forum's page? Or a problem with my Computer or IE settings?

Don't have to worry about that error message. Happens also in one of my machines with IE7.

[TomZT]

I will try to update AVG and SpyBot and reply with results.

Please advise when I should start and enable the SpyBot and AVG Resident Shields?

One thing I noticed in IE7... When logging on to the Malware Removal Forum, after the page loads... the bottom left corner of the IE screen shows... "Done, But with errors on page." I do not see this on other Websites I've tried. Is this a problem with the forum's page? Or a problem with my Computer or IE settings?

Hi again Blades,

I have updated Spybot succesfully but I have not yet run a Spybot Scan or enabled Spybot's SDhelper or Teatimer.

I was not able to update AVG. I can open the AVG User Interface but when I click UPDATE NOW, the display shows Searching for updates... but nothing happens. Seems to be hanging here. I tried restart, after setting update on restart, but that did not help. Do you think the infection could have disabled or misdirected AVG's Update feature? Any suggestions for this?

I look forward to your reply!

[Blade81]

Infection may have harmed AVG installation. Better try to reinstall it.

[TomZT]

Infection may have harmed AVG installation. Better try to reinstall it.

Just when I think we're getting close... More problems!

I cannot re-install fresh AVG Free 9.0. First I used Windows' Add/Remove Programs to uninstall the current AVG Free 8.5. When completed, message said, "You must Restart to Complete the Removal.) and press DETAIL to view unsuccessful items. Details showed... Action Failed: file avgmfx86.sys. Windows' Search did not find ay file named "avgmfx86.sys"

After restart, AVG Desktop and Start Menu Icons were removed. Add/Remove programs no longer shows AVG 8.5 to remove.

But the START>ALL PROGRAMS>AVG Free Edition program group was still there. Selecting AVG Control Center, Virus Vault, or Test Center, displayed "Bad Shortcut" but Selecting Uninstall AVG from the Program Group, displayed, "Searching for setup.exe" with a Browse Button. If you just wait nothing happens and the window disappears. I didn't press Browse because there are probably many "setup.exe" files on the system and I wouldn't know which to choose.

Windows Explorer still shows (in... C:\Program Files...) the AVG Free Folder & Subfolders (not much in there) and in the Grisoft Folder an older version AVG 7.0 with just an AVG install exe file.

I downloaded AVG 9.0 from the free.avg.com site and was redirected for the download to Cnet. I downloaded and ran the AVG installation but after copying files got a message saying "Some potentially incompatible software is currently installed on this computer. (OLE (Part 1 of 5). Click uninstall s/w button to launch Windows Add/Remove programs to uninstall the incompatible software. The Add/Remove Program screen did not show the OLE program.

Restarted and downloaded a fresh AVG instal exe program and got the same results.

I'm stuck again and apologize for all the trouble I'm having!

[Blade81]

This removal tool from AVG is worth trying.

[TomZT]

This removal tool from AVG is worth trying.

Thank you much Blade!

I will close out of what I'm doing here on this machine and reconnect the infected computer to download the AVG removal tool. I will post my results.

I do appreciate your assistance!
Tom