Hello All,

This is more of an announcement than a request.

My computer was infected by the Virtumonde/Vundu malware. I asked for herlp through this forum. Rorschach112 (Mark) was nice enough to work with me. Through his help, and using all the tools he suggested I use, he declared my system as being clean. (I cheered, "Yay!").

I proceeded to create a "Restore Point."

After this I started using my computer normally. A day or so later, I decided to run my anti-virus program (AVG 8 Free), and my trusty two anti-spyware programs (Ad-Aware SE Personal, and, Spybot Search & Destroy) -- all with the most current updates. What do I find? AVG finds various malware in that System Restore file, including "Vundu." Then I run Ad-Aware and it reaches a certain point and finds similar malware. I next ran Spybot and it started finding malware, too.

What bothered me is, except for going to those sites I know do not have malware on them (Lavasoft, Safer-Networking -- spybot.info, and a few others), there should be no way my computer could get infected (I do not open mails I do not recognize or which look unusual.). I decided that the time had come when I must reformat and install MS Win, fresh. I had no intention of going through the same process in trying to rid myself of Vundu/Virtumonde if it were so able to attach itself to files which could not be spotted by anti-virus & anti-spyware programs. I wish this were not the case.

I am now getting close to restoring my system the way I want, and with all the programs I want it to run. One good thing is that by doing the reformatting, I was able to get rid of some programs I really had not decided whether I truly needed, nor still wanted. The result will be a leaner boot partition (the regular Win partition). One other reason is that I have placed more programs onto my "D" partition. These are programs which do not need to be on "C" to run correctly (Of course, some .dll's and other files might need to be in "C.").

I hope everyone else has better luck than I did, in getting rid of Virtumonde/Vundu, without needing to reformat. I want to thank, again, Rorschach112 (Mark), and the rest of the Spybot crew, for your help and your time. I know, that should my computer get infected with something I cannot rid, again, I will turn to the Spybot crew.

Kind regards,

Amigan

Amigan,

Sorry you had to reformat, sometimes its a good thing to really get your system back good and clean, let me ask you this.



I proceeded to create a "Restore Point."Did you flush it all out or just created a new one??? If you flushed it all out those entries would have been gone

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.


Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.



Reboot your computer


Turn ON System Restore.


Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.



Create a new Restore Point <-- Very Important


Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point

System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it


Ken

Hello Ken,

I presume that is your real name. My name is Julian.

Thank you for your advice. I was not aware of the procedure you stated, mostly because I only read those parts of manuals and instructions which seem appropriate for what I need ATM (Of course, gradually, I will have read just about all, so will be almost as knowledgeable as the experts.). From now on, when I create a Restore Point, I will follow your advice, even if I know I am absolutely free from any and all malware.

My main reason for presenting that post was that after I had gone through all the manipulations to get rid of the Virtumonde/Vundu malware -- obtained the programs and packages required to find, report on, and delete malware; and then posted those reports to this forum -- by diligently following Mark's advice, I found my computer was still infected. So, not wanting to spend another potential week going back and forth in trying this and that, and then, possibly be in the same situation, anyway, I decided to reformat and reinstall MS Windows XP Pro. I wanted to make sure that those who do read the postings in this forum understood that I did that as a last resort, and that it has rid my computer of computer viri, worms, and spyware.

As an aside, I am now creating a setup, with my computer that, should I, again, need to reformat and reinstall the OS, it will be less time consuming and less painful. Since I already have more than one partition on my harddrive (with a much greater amount on the partition which is not the "C" drive), I decided to place as many programs and packages on that other partition, which I believe do not need to be on the boot partition ("C"). I have done this by declaring that I am installing software in the "expert" choice, as opposed to "standard" installation. I will still have a lot on the "C" drive, but, much less. I also have not allowed as many programs to be activated at the "startup" nor to be on the "tray" part of my "desktop." This should result in both a smoother and faster booting of the computer and less to do should I need to again reformat that partition, and reinstall the OS.

Even though Mark is probably used to hearing of such outcomes, as what I experienced, he is, no doubt, probably more frustrated than I got, owing to Mark's greater knowledge of all the things involved. My hat goes off to Mark, to you, and to all who try to help.

Again, thanks for your advice, Ken.

Kind regards,

Julian.

Hello Julian,

Sounds like your on the right track. System Restore at a point in time starts to build up and its safe to remove it all, just make sure you create a new restore point. Its not something you want to do on a regular basis, maybe every six months or so.

Here are some free programs to install to help keep you more secure.


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 2.0.0.13 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp) Here is a free Firewall from Zone Labs



===================================



Install Spybot Search and Destroy, check for updates and run a can about once a week, be sure after you update to go to the Immunize folder and run it, right now its blocking 1000s or bad sites from installing malware. Do not enable the TeaTimer when you set it up or it will conflict with the next two.

Spyware Guard, just install it, nothing to run or update, it just sits in the background blocking bad changes to your system

Spyware Blaster Written by the same fine folks that wrote SG, no scans to run but you need to check for updates a few times a month and enable all protection, this is another program that blocks bad downloads and sites.

IE SpyAd keeps an eye on your system for changes and blocks them, no scan to run but update it about every other month or so.

Malwarebytes You installed the free version which is more than adequate, check for updates and run a scan a few times a month

ATF Cleaner This will empty out all your temp files and Temporary Internet Files that do build up and tend to bog down your system.

Windows Updates Make sure you have your system to download and install them automatically, you can find that option in the Security Center in the Control Panel.



I know this sounds corny but keep in mind that after installing all these free programs that the weakest link in the chain is the person sitting behind the monitor, so practice safe surfing, don't open attachments from emails or people you don't know. Stay out of porn sites, there a hotbed of nasty infections. Don't download any cracked or illegal software. Don't use any file sharing programs like Limewire and the like, you never know whats going to be attached to the music or video file you download. Don't download any registry cleaners or any programs that pop up offering you a free scan because they say your infected, your not but you will be when you accept the scan. Be wary of a site asking you to download a codec to view the site properly, some are legit but some are not, google the program first before you download it.

Hope this helps,


Safe Surfn