PDA

View Full Version : Virtumonde - I canīt access my computer


Skipper
2008-09-30, 23:28
Hello,
I hope you can help me. I have been noticing strange things in my laptop computer for three days now (pop ups, Internet Explorer trying to start itself, etc.). I ran Spybot and it detected a virus, Virtumonde. I have been deleting files in the system.32 carpet and all the corresponding entries in the registry I could find, but they always replicate themselves after a while. I also get unknown objets as Internet Explorer complements. Some of the file names I get are: awtrPjjj.dll; ieebujoh.dll; kxtclfys.dll; wvUNdAQK.dll; etc.

The worst thing is that after beeing out for a few hours this afternoon, when I came back and I started the computer I just saw my User account name, and it asks me for a password to enter! But I didnīt have any password set; now I just canīt access the computer nor all my files in it. How could this happen, does it have to do with the virus? I canīt run a HijackThis either, because I canīt access the computer. Can you please help me? Thank you in advance.
ken545
2008-10-01, 11:00
Hello Skipper

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Try starting in Safemode with Network Support and log on as administrator

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Network Support
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

More info if you need it
http://support.microsoft.com/?kbid=321305

If your successful, then download, install and run Malwarebytes in Safemode
Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.




Then reboot and hopefully you will be able to log on and post the Malwarebytes log and a Hijackthis log