PDA

View Full Version : Virtumonde HELL



thesaintsa
2008-07-18, 18:21
Hi guys,

I downloaded a file, which I thought was trusted and all of a sudden I started to see popups and shortcuts appearing on my desktop.

I immediately stopped the installation and went to my TuneUp Utilities 2008 - Startup Manager - I noticed many processes, such as 1.exe, 2.exe, 4.exe etc. Two directories were also made in Program files. The one was something like VNV and the other PC Health...I think...

There also were a few icons (next to the time, at the bottom right of my startbar) which mimics some sort of "Anti-virus software".

I immediately downloaded and ran Spybot and Spybot picked up the "Virtumonde" trojan - 4 of them.

I cannot remove them, although I have tried. I have even downloaded Vundofix, but that also didn't work.

Everytime I go to TuneUp Utilities - Startup Manager 4 processes appear:

2x "command" AND
2x "command prompt"

i have disabled and deleted it from the Startup Manager, but when I return it is back again...

Another thing I have noticed...I cannot use Windows Update anymore. The Automatic updates also cannot be started. Even when I go to services.msc and click on "Automatic Updates" and select "Automatic" and then automatically changes to "Disabled" ... there is also no "Start" or "Restart" function...

I doubt it is even "Virtumonde" - what else can it be?

Please help...Pleaseee.....

Thanks a lot

md usa spybot fan
2008-07-18, 18:31
thesaintsa:

What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?

If you are not running Spybot 1.6.0.30, consider upgrading. The downloads are located here:
Mirror selection - The home of Spybot-S&D!
http://www.spybot.info/en/mirrors/index.html
If you are running Spybot 1.6.0.30 and it did not correct the problem, consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from the above instructions.