MoreFien
2008-04-27, 00:40
OS: Windows Vista Home Premium
(I've had it for 6 months and no problems before.)
Antivirus out the arse.
1 of 2 Firewalls active.
Spybot S&D
Well, ok in order of events.
I had a 680+/- kbps speed when i was supposed to be at 6mbps.
My computer and everything on it was freakishly slow, in which never has been a problem before.
I had used the Spybot S&D to find out I had Virtumonde then used it to reference the exact locations and file names and found that it was attached to my "winlogon" and "Rundll32.dll" processes with several dlls, registry keys, and BHOs.
I never experienced the popups but I did notice the odd IP destination in my IE browser upon opening. (Maybe I dodged the pop-ups via blackliskting the the processes "MSServer" & "BMd7f03873" that were linked to the referenced .dlls) The IE wouldnt go to most sites but would some random sites.
So I disconnected my modem (direct connect no router) and chose "fix problems", restarted and found out that it didnt work in the least bit.
So I stayed offline, used Sypbot & the TeaTimer White/Blacklists to reference all the associated files and keys.
Deleted all DLLs (blocking the ones in use from being executed and renaming the ones that wouldnt be deleted, then deleting after restart)
Reconnected my modem.
Now, I never found the actual MSServer and "BMd7f03873" files. Only the associated DLLs and BHOs. After Deleting them all I went to S&Ds System Startup Tool and attempted to remove these(MSServer and "BMd7f03873") from startup and it wouldnt allow me to remove or uncheck without reapplying itself. Eventually allowing me to remove MSServer from that list but never the "BMd7f03873".
The good news is that I havent had any problems since, aside from the annoying messages that the "BMd7f03873" and MSServer processes' associated DLLs cant be found so the process has been terminated. Which tells me that there is still a process lingering somewhere just seems ineffective without the DLLs.
Id like to know where I could possibly find the files for the processes so that i can rid myself of the last pieces of this virus (Search found nothing with those names and Spybot comes back clean of Virtumonde everytime with a few minor tracking cookies).
The MSServer no longer makes a popup because i removed it from startup finally but i never deleted anything only removed it from startup list.
The "BMd7f03873" still comes up every time saying the associated dll cant be found(because i deleted it). I need to find the OTHER files that are harmless and initiate the dlls.
(I've had it for 6 months and no problems before.)
Antivirus out the arse.
1 of 2 Firewalls active.
Spybot S&D
Well, ok in order of events.
I had a 680+/- kbps speed when i was supposed to be at 6mbps.
My computer and everything on it was freakishly slow, in which never has been a problem before.
I had used the Spybot S&D to find out I had Virtumonde then used it to reference the exact locations and file names and found that it was attached to my "winlogon" and "Rundll32.dll" processes with several dlls, registry keys, and BHOs.
I never experienced the popups but I did notice the odd IP destination in my IE browser upon opening. (Maybe I dodged the pop-ups via blackliskting the the processes "MSServer" & "BMd7f03873" that were linked to the referenced .dlls) The IE wouldnt go to most sites but would some random sites.
So I disconnected my modem (direct connect no router) and chose "fix problems", restarted and found out that it didnt work in the least bit.
So I stayed offline, used Sypbot & the TeaTimer White/Blacklists to reference all the associated files and keys.
Deleted all DLLs (blocking the ones in use from being executed and renaming the ones that wouldnt be deleted, then deleting after restart)
Reconnected my modem.
Now, I never found the actual MSServer and "BMd7f03873" files. Only the associated DLLs and BHOs. After Deleting them all I went to S&Ds System Startup Tool and attempted to remove these(MSServer and "BMd7f03873") from startup and it wouldnt allow me to remove or uncheck without reapplying itself. Eventually allowing me to remove MSServer from that list but never the "BMd7f03873".
The good news is that I havent had any problems since, aside from the annoying messages that the "BMd7f03873" and MSServer processes' associated DLLs cant be found so the process has been terminated. Which tells me that there is still a process lingering somewhere just seems ineffective without the DLLs.
Id like to know where I could possibly find the files for the processes so that i can rid myself of the last pieces of this virus (Search found nothing with those names and Spybot comes back clean of Virtumonde everytime with a few minor tracking cookies).
The MSServer no longer makes a popup because i removed it from startup finally but i never deleted anything only removed it from startup list.
The "BMd7f03873" still comes up every time saying the associated dll cant be found(because i deleted it). I need to find the OTHER files that are harmless and initiate the dlls.