mikebind
2009-03-31, 09:34
Hi, I don't have HJT, and I was looking for some guidance for my particular situation. My problem started when I clicked on a poorly chosen link and my computer slowed down considerably and I got a warning that my computer was trying to contact a malicious IP address. Also, TeaTimer warned me that a few startup registry entries were trying to be changed. I denied those changes and tried to close my browser (Chrome), but everything was running extremely slowly. Eventually I hard-rebooted the computer. On startup I was warned again about registry changes for startup programs with nonsense-looking names which I repeatedly denied, then blacklisted (the questions popped up every few seconds). At some point during this whole process it occurred to me to disconnect my internet connection, so I did that. I did a Windows Defender quick scan which found nothing, and then a Spybot scan which found some cookies and the Virtumonde trojan. I told Spybot to fix the problems and got no errors, but the description for Virtumonde suggested that I might need to more to make sure it didn't come back.
So, my question is, what do I need to do to finish the cleanup? The description said Virtumonde installs a browser helper object, so I have not opened a browser since the initial event, and I have not reconnected to the internet (I'm using a different computer at the moment, obviously). Also, I denied all requested registry changes that were brought to my attention by TeaTimer.
I have no problem downloading HJT and posting a log, but I didn't know if I could save some trouble by avoiding reconnecting my infected computer to the internet until the cleanup was complete.
So, my question is, what do I need to do to finish the cleanup? The description said Virtumonde installs a browser helper object, so I have not opened a browser since the initial event, and I have not reconnected to the internet (I'm using a different computer at the moment, obviously). Also, I denied all requested registry changes that were brought to my attention by TeaTimer.
I have no problem downloading HJT and posting a log, but I didn't know if I could save some trouble by avoiding reconnecting my infected computer to the internet until the cleanup was complete.