I need some help getting rid of this Virtumonde. This is the most difficult trojan to remove I've ever encountered. I've used 4 or 5 tools designed to remove it and they all failed. None of them listed the exact files created by it, but I have managed to remove the catras dlls and the sartac.ini it created. No matter what I do I can't get rid of the msevents.1 registry entries.
Any help would be appreciated.

Dathon

Hello.
Please see:
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

Hi

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
1. Double-click VundoFix.exe to run it.
2. Put a check next to Run VundoFix as a task.
3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
4. When VundoFix re-opens - Click the "Scan for Vundo" button.
5. Once it's done scanning, click the "Remove Vundo" button.
6. You will receive a prompt asking if you want to remove the files, click "YES".
7. Once you click yes, your desktop will go blank as it starts removing Vundo.
8. When completed, VundoFix will prompt that it will shutdown your computer; click "OK".
9. Turn your computer back on.
10. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

steam

Due to lack of a response this topic will be archived.