View Full Version : Virtumonde keeps coming back
nbbc1377
2008-11-26, 22:56
Hi,
I ran Spybot yesterday after having strange websites pop up when I was trying to open other webpages. Spybot found "virtumonde" and "virtumonde.prx" and said it fixed them, but then I had the same problem today and Spybot found the same problems again. How do I get rid of these permanently?
ML
nbbc1377
2008-11-27, 16:10
Hi, I'm new to Spybot and the forums. I posted a request for help yesterday and no one has responded. I see lots of people who posted after me have gotten help. Is there more information that you need? Did I not post correctly? Please tell me what I need to do to get help.
Thank you,
ML
nbbc1377
2008-11-27, 16:46
Hi, I put a post up yesterday and then added info this morning, but then I noticed a post saying that if you reply to your own post it will be ignored by the helpers since they will think someone is already helping you so I figured I needed to start a new thread.
Here's my problem. I've never had any infections in my computer before and I am very careful about what I download (this is my computer at work, I'm a church secretary). I started having problems Tuesday morning when surfing the internet. Random sites would start to pop up when I was opening other pages. I have AVG and it was only alerting me when the "Anti-Spyware 2009" page was coming up. I ran a full AVG scan and it didn't find anything. I downloaded Ad-Aware from Download.com and it didn't find anything. Then I downloaded Spybot from Download.com and it found Virtumonde and Virtumonde.prx. I had Spybot fix that but the next day the problem was back and Spybot found the same trojans again. I finally found your forum and now I'm asking for help to get rid of this. It's now Thursday morning and Spybot has again found both trojans.
I don't know anything about these trojans. If the only problem is that they pop up websites, I'm not too concerned. But if they can possibly steal information or infect other computers on our network, I need help as soon as possible. We are a charity and our financial software and database is stored on my computer so we'd have a serious problem if my computer were corrupted or data stolen. Please let me know as soon as possible if I need to worry.
Thank you,
ML
Dakeyras
2008-11-28, 01:22
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi and welcome to Safer Networking :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.
nbbc1377
2008-11-28, 19:02
Please tell me what I need to do. This has been going on all week and I need to get this fixed as soon as possible.
Thank you,
ML
P.S. I'm located in Canada in the Eastern Time Zone. If you're not available to help during normal office hours here, please find me a helper who can. Thank you.
Dakeyras
2008-11-29, 14:35
Hi :)
Unfortunately I have bad news and will be unable to assist. If you refer to this topic (http://forums.spybot.info/showthread.php?t=288):
Specifically post#5:
When the infected computer in question is a company machine in the workplace, and you are an employee.
The intention of this forum is not to replace a company's IT department, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.
More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.
To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected, immediately.
Thanks for your understanding.
If you have any questions or in need of further advise do hesitate to ask myself :bigthumb: