Hi, I am yet another sorry victim of Virtumonde:mad:

Now I've found that our PC's restore points have been turned off for goodness knows how long. Java is all messed up and refuses to update. Basically this PC is well overdue a clean reinstall so I wanted to know if a format and clean install of XP will get rid of this Virtumonde?

If not, then I think I'm in for a hell of a rocky ride and will need some serious hand-holding!

Apologies in advance if this is a stupid question. I'm a complete amateur.

(I'd love to meet the individual/s responsible for Virtumonde and.....)

Yes a reformat will remove it

But we can remove it manually if you want. We get so many Vundo logs here it is crazy

What do you want to do ?

Thanks. I'm long overdue a fresh install though so I'll go down that route.

For future, what AV software do you recommend?
I've been using Panda Internet Security 2007 and this fails to even find Virtumonde.

Thanks for the help:bigthumb:

My recommendations would be

Avira for anti-virus
Comodo for firewall
MalwareBytes Anti Malware and Dr. Web Cureit for anti-spyware
SpywareGuard and SpywareBlaster for real-time protection

Here are some other suggestions

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)

* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)




Any other questions ?

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.