PDA

View Full Version : 8-29-09 I Need tech's assistance removing Virtumonde



flywelder
2009-08-29, 23:38
Hello,
I am new here to the Forums and to using Sybot S&D.
here is my story, I decided I must have spyware and or malware and Viruses because my system was extremely slow. SO I researched the software available to clean my system.
I choose SypbotS&D I am very pleased.
I installed spybot and followed the insytructions from a forum. I ran spybot and it found 20 infections. I read about each of them I saved a screen print of sybot's findings.
i then had spybot fix 19 infections. I still have Viirtumonde because as you know Spybot recommends asking for assistance from Spybot forum or support group.

I have just minutes ago read Trish's before you post.
I have installed ERU NT and have copied the registry, as Trish advises.
It is my hope that I have all my ducks in a row and I can provide you with all the assistance you need to help me, keep in mind I am slightly above a novice in computer use...again, that is 'just slightly'.
I don't know if you need to know but my computer is:
Not a Dell or gateway but was built for me by a friend's college attending son. from items purchased from Tiger direct
I have 1 gig of memory a 160 gig hard drive a 250 gig hard drive and a portable signature mini hard drive. and a flash drive all presently attached to the computer.
A celeron 3.2 Ghz CPU
Windows XP home edition Version 2002 and service pack 3

I have AD Aware installed but it never found the 20 infections Spybot did.
I have AVG installed..it has never found these infections...odd? I have all the AVG test results if they are needed, I can send them to you. Just tell me how.
Once we have cured my computer, will you be able to tell me tips to use so my computer is not infected again with Virtumonde and others?

I look forward to your help, and thanks for your help and for being available on a sat.! Thank you! :friend:

Flywelder
8-29-09

tashi
2009-08-30, 01:04
Hello flywelder,

Did you miss the part in the FAQ about providing the HJT log. :)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If malware isn't stopping HJT from running, please copy/paste the log into a new topic.

Best regards, tashi

flywelder
2009-08-30, 20:24
Dear Tashi,
I read the posting your link sent me to......forgive me, forgive me, I referred to you as Trish and not Tashi, I do apologize.
I want to share that I am now very confused, and feeling very overwhelmed and lost. hence, I am reducing my self evaluated status of computer knowledge to Novice level, even to 'very green behind the ears' level :) and happy to do so.

Tashi, I will be as completely upfront with you as I possibly can, ......know that I am autistic, I have trouble following, I may repeat myself and I need
'lead by the hand' .....sorta to speak.... please, please bear with me.

...I do not know what a HJT malware Log is. I do not know how to find it.?

I want to share with you, that I discovered SPYBOT S&D from the web site www.Bleepingcomputer.com
it is that site, that has an article titled "Cleaning your Computer"...I followed it because I am a novice and was feeling I had found a trusted site and the info was clear and seemed logical & made sense to me, I may have fallen victim ..i suspect we will learn if this is true in the time that comes.......that article lead me to SPYBOT S&D
Now, I so wish that things had been different and I had discovered SPYBOT's web site first!!:sad:

Do know also,
I followed the article's advise and did turn off system restore!... I apologize :sad:.... now system restore shows a restart date of Aug. 29 2009

I wish to be as cooperative as I can.....With that shared, How do i locate the HJT log? what do i do with it?

I hope i have answered your questions and given you good amount of info to be able to assist me :)
I await your next instructions.
Sincerely,
Flywelder

tashi
2009-08-30, 20:42
Hi flywelder,


I want to share with you, that I discovered SPYBOT S&D from the web site www.Bleepingcomputer.com (http://www.bleepingcomputer.com/)
it is that site, that has an article titled "Cleaning your Computer"...I followed it because I am a novice and was feeling I had found a trusted site and the info was clear and seemed logical & made sense to me, I may have fallen victim ..i suspect we will learn if this is true in the time that comes.......that article lead me to SPYBOT S&D

Bleeping Computer is a legitimate site. :wink:




...I do not know what a HJT malware Log is. I do not know how to find it.?


http://forums.spybot.info/showpost.php?p=1150&postcount=2

HJT Logs



Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download Trend Micro (http://forums.spybot.info/vbglossar.php?do=showentry&item=Trend+Micro) HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" and Paste (http://www.webmasternow.com/copyandpaste.html) the entire contents of the log (no attachments) into your (Click --> ) own new topic (http://forums.spybot.info/newthread.php?do=newthread&f=22) Please provide only the one log until a helper responds, thanks.

Hope that helps. :)

flywelder
2009-08-30, 20:56
Hi Tashi,
I wanted to share, that I do have Norton's ghost 2003 installed and running,...perhaps it may prove to be of good use????

Also, I use firefox.

Also, my computer is extremely slow at changing from one web page to another. Such as wanting to change from Hotmail to this Spybot forum takes between 40-45 seconds....where just two months ago I could change web pages within 2-4 seconds.!!! does sharing this info help give you a clue/indication, that something negative is effecting my computer's performance?......or an insight to what / if any is wrong inside my computer or a clue that something Negative is happening inside my computer?
Also, I have screen shots of what is listed in my Task Manager, i will be happy to send you if it will help. ( there are so many abbreviations listed ...I have know idea what they represent! I only know a few like Kodak and Ghost, and Logitech.

I also have a Logitech camera installed if this will some how help?

I also still have open on my computer SPYBOT's main scan page, listing all that was discovered{ it is minimized,}.should I close it? ...Virtumonde is still listed as not fixed.
I left the main scan page up, not knowing if it would be needed to refer to, I also do not know how to get away/close/out of that page..will you please instruct me how, when it is time to close that page..
I also made a screen shot of the main scan page should it be needed as in sent to you. should I send it to you now?......how to what address?
Again Sincerely,
Flywelder

flywelder
2009-08-30, 21:19
Hello Tashi!
Yes that information help a great deal! I learned allot! I like that!...thank you!

OK it is completed and I pasted the HJT onto a new topic as instructed.
I titled it Flywelder's HJT log

It would be great to learn how you decipher all that is in the log!...wow! ......... perhaps, and surely / hopefully there are things there that, are duplicates, and things I can get rid of that, will help my computer...will there be?

I do hope so because there are so many things listed in my windows programs that I have no clue what they are , or how they came to be on my hard drive!..but with no clue to what uses them or if they are actually needed.....I am afraid to remove them ....you understand.
Sincerely,
Flywelder

tashi
2009-08-30, 21:37
Thank you flywelder,

A helper will assist you as soon as available. :)

New topic: http://forums.spybot.info/showthread.php?t=51312

This thread has been closed.

Cheers.