PDA

View Full Version : Virtumonde and Zlob.Downloader



RavemanX
2008-06-01, 17:27
HELP!
My laptop has been infected and I can't get rid of the darn thing.
I've tried the classic things:
- Safe Mode --> Turn off System restore + SpyBot + run with SAV on latest version update ==> Spybot always finds Virtumonde, Virtumonde.dll and Zlob.Downloader.vcs. No matter how many times I try, it keeps coming back.
(Vundofix didn't find anything by the way.)

I also enabled a selective startup config, by disabling a service that didn't belong there (f.ex. ksilcckj executed thru rundll32.exe). But of course, the virus keeps activating new services.

I also installed AdAware and Spyhunter (the free version), but they are also ineffective. The free version of Spyhunter only detects stuff, and I'm not feeling tempted to buy their Removal engine.

Can anyone help me out here?

Thanks in advance!

PS: I'm Dutch speaking, so feel free to reply in Dutch. I'm working in Safe mode right now, by the way.

Blade81
2008-06-02, 11:25
Hi

Looks like you missed BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) sticky ;)

Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Blade81
2008-06-08, 14:03
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.