PDA

View Full Version : Virtumonde



SuZam
2008-08-24, 23:55
Hello,
I believe my problem is Virtumonde and I got it during Windows update. I have Zone Alarm, Spybot, Avast and Adaware. The computer was acting up so I ran Spybot, Avast and Adaware. Spybot found Virtumonde, Web Trends and Statcounter and I thought removed them. Adaware found Virtumonde and 81 cookies (way more than usual) and said it removed them. And at the beginning Avast found malware and moved it to the chest. I cannot access Spybot or any other spyware, antivirus systems to update my versions although they are all pretty current.

I just ran the programs in safe mode and now Adaware only showed 11 cookies. Spybot waited for a reply for C:Program Files/Spybot_Destroy\Includes\Trojans.spi and said to see inlude errors.log but after that didn't find anything. Avast showed three unable to scans at the end:
Disk C Boot Record - unable to scan, no more data is available.
C:\Documents and Settings\All Users\Application Data\Spybot-Search & Destroy\Recovery\Virtumonde.zip\removalfile.bat
and
C:\Documents and Settings\All Users\Application Data\Spybot-Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini
and both are showing unable to scan archive is password protected.

Is that what it should be showing under Spybot? I am pretty illiterate in behind the computer scenes.

Thanks,
Su

pskelley
2008-08-26, 14:51
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

First let me say if you do have a Vundo infection you did not get it from Windows Updates.
any of these infected websites would do it though:
Infected websites are the next internet security threats
http://www.google.com/search?hl=en&q=infected+websites&btnG=Google+Search
http://www.youtube.com/watch?v=zBUZHiKhsog

Pinned (sticky) to the top of the forum and posted above are the directions, if you need help, read and follow the directions and post the required HJT log.

Thanks

pskelley
2008-09-02, 14:18
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.