PDA

View Full Version : Threat found by NOD32!! Virtumonde related....



niccorny
2008-08-18, 15:03
Hi,

Team Spybot last month I seek help of one of you top malware removal specialist and i am very pleased and thankful that i've been entertained by one of your supports, specifically mr. Blade81. Unfortunately, after one month NOD32 detected an infection in:
D:\System Volume Information\_restore{1C0DAECC-E642-4D93-94FA-98FC9080E288}\RP24\A00144221.exe
NOD32 said that it is infected with a variant of Win32/Adware. Virtumonde. NAE application.

I browsed drive D: and i can't find any folder or anything relating to System Volume Information. Some said it is hidden and used by restore points. How can I access or delete this file?

However, my computer's performance still at its best and doesn't seem to be affected by this infection. But I am bugged every time I scanned my computer and detect this infection.

Hoping someone could look into my problem (again) ! Thank you very much! and More power... :)

pskelley
2008-08-19, 13:27
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

D:\System Volume Information\_restore{1C0DAECC-E642-4D93-94FA-98FC9080E288}\RP24\A00144221.exe
That is an infected System Restore file, clean those like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Additional information:
http://www.google.com/search?hl=en&q=what+is+system+restore&btnG=Google+Search

If that takes care of your problem, fine. If not, read the directions and follow them, they are posted above and pinned (sticky) to the top of this forum.

Thanks

niccorny
2008-08-21, 12:41
Thanks sir... it did solve the problem! rescanned and ZERO threat was found.

One last tiny problem sir...sometimes when I open my browser (firefox) another window will pop up and load this page: http://www.beautyscreens.com/jokes.php

I scanned spybot and nothing was found and did the "clear private data" tool on firefox nothing happened. I know its a little minor but I hated every time that I execute firefox this "JOKE OF THE DAY" appears...its not funny anymore!:sad:

Good day!

pskelley
2008-08-21, 15:28
Hard to tell, if it does not happen when you use Internet Explorer, it may be some junk has plugged into your Firefox browser. Try uninstalling it completely and download the newest version here:
http://www.mozilla.com/en-US/firefox/

Thanks

niccorny
2008-08-21, 20:06
Thanks PSKELLY "JOKE OF THE DAY" is just a thing in the past! :devil:
Thanks for helping me out! ^_^ good day!

pskelley
2008-08-21, 20:50
Thanks for the feedback:bigthumb: some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

niccorny
2008-08-22, 03:45
Wow...thanks PSKELLY!! Thanks to these links...gonna bookmark them out!! Again sir more power and Have a nice day! :bigthumb: