PDA

View Full Version : Virtumonde problem



HelpfulBear
2009-06-06, 16:43
Hello Team

I have been trying to help a friend of mine, who has Spybot installed on his computer & it keeps reporting the presence of Virtumonde, oddly enough in a dll file in system32 which belongs to Zone Alarm.

I did a Google search and was led to the MajorGeeks forum, where I found threads suggesting the download of all sorts of different products, including Malware Bytes, but despite running quite a lot of the recommended killers, Virtumonde remained. No other virus checker found it at all, I've tried AdAware, AVG & Avast as well as Spyware Doctor.

I tried removing Zone Alarm, which removed the offending dll, but Virtumonde just shifted to another dll close by & when I reinstalled Zone Alarm it went back to its original home.

Unfortunately my friend only has a dial up connection, so downloads are long winded and, because I'm not always in his house, running the scans etc means several days often elapse before I do the next thing. (All the software I have downloaded for him I have done via CDs rather than USB drives, to avoid infecting my own equipment.) Although after every Spybot scan it says "Problem fixed" and then Spybot runs again on start up, it always reappears.

I have tried to get his computer to boot up in Safe Mode but it won't, I don't understand why or whether that is related to the V problem or coincidental.

So I should be very grateful if there is any help you can offer, any suggestions of what I should do next? I have now downloaded the HJT program from your website, so I can go over there & put it on his machine & send you logs within the next few days...

I look forward to hearing from you.
:confused:

tashi
2009-06-06, 19:54
Hello HelpfulBea,r

So I should be very grateful if there is any help you can offer, any suggestions of what I should do next? I have now downloaded the HJT program from your website, so I can go over there & put it on his machine & send you logs within the next few days...


When you have the HJT log please start a new topic and copy/paste the log into it with a link back to this thread. :)

Provide the one log only. "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Cheers.

tashi
2009-06-09, 19:58
New topic: http://forums.spybot.info/showthread.php?t=49221