PDA

View Full Version : "Deny Change" to registry denied (virtumonde)



Bluefoot
2008-06-07, 04:59
I have a virtumonde and virtumonde.dll that keeps making it's way into my system even after Spybot says it gone. After "fixing" the problem 3 times, firefox still gets stuck everytime I run a query.

Worse still an Important registry entry has been changed and there is nothing I can do about it

Category: Browser Helper Object
Change: Value deleted

Entry: {4dd6a8f1-58f6-4c11-998c-ec801603481d}

old data: none
new data: none

I have the option to "Allow Change"
Unfortunatly...
The "DENY CHANGE" button is not active

This happened the first time I ran spybot and I allowed the change as there was little else I could do.

Can anyone help me?
p.s. also help me fully remove virtumonde?

Bluefoot
2008-06-07, 06:24
I allowed the change.:clown:

:red:Duh, it was to delete the .dll bastard!:mad:

:spider:yet after I did the thing tried to rewrite itself:nono:

eventually I got the idea and hit the check box to repeat that action:cool:

the virtumunde went so crazy trying to rewrite itself:fear: that my monitor was overwhelmed with denials... until I started running :police:Search & Destroy again this time on highest priority in settings...

when the search finished the attack started again until I OKed it be destroyed the attack stopped

for now...:fear:


http://forums.spybot.info/showthread.php?p=199902#post199902