Yesterday, i had a Virtumonde.sdn and a coupon bar found. When i tried to clean them i forgot to expand them so had to try it twice.

The 2nd time one item was not cleaned an i put a check mark in the yes box i think for the next startup, i ran it as administrator also.

Today when i booted up Search and Destroy started and the system did not load " desktop", until it was done, about an hour, "everything was clean".

I don't want it to boot up that way everytime so what do i have to change if anything?

tks

vista home premium, 2 gig ram 160 sata 160 sata, 250 ext hdd, maywarebytes, spyblaster superantispyware run by myself, ca av, amd athlon x2 4600, and prob more items

Hi rebel3229,

If Spybot asked you if you wanted to run Spybot on next start-up, presumably after not being able to remove the infection without a reboot, then Spybot should only run at start up a single time. Any subsequent reboots, Spybot should not start up unless you specifically check-marked the option for it to do so in 'Options'.

Best regards,

thanks

in , msconfig,, processes running search and destroy was one of them, i took the check out, should it have been left?

the only other check was as i mentioned, it did not clean all yesterday and i know i put a yes tick in that box for next start i believe.

so what do i do about msconfig?

i haven;t been here for awhile so i did not have email notifies on.

thks

Since you do not want Spybot to launch at start-up, disabling the Spybot entry in msconfig was the right thing to do. If you use Spybot's resident protection module aka Teatimer, then make sure that you do not disable it accidentally! :bigthumb:

If your scans have shown to be clean I see no reason why Spybot should launch at every start up.

No tea timer is not active, had issues with it.

Scans have been clean since ridded of virtumonde.sdn and the coupon bar.

When the engine kicks in and watching the itemized items in the scan, "virtumonde.dll and virtumonde.sdn, show up for quite a while, is that what it's looking for?

This is the only place i see virtumonde.sdn or .dll show up, it's never in a ca av scan or malwarebytes, and i have spyblaster running also.

As i under stand virtumonde is a trojan and i don't want it but not sure if i understand where it is or where it is not?

i hope i don't have it.

no system issues, i will say it shuts down faster now, but this just happened in the past few days and i don't screw around on goofy sites or games.

tks

Hi rebel3229,


When the engine kicks in and watching the itemized items in the scan, "virtumonde.dll and virtumonde.sdn, show up for quite a while, is that what it's looking for?
Yes - The products shown in the bottom status bar during a scan are what Spybot is looking for.


As i under stand virtumonde is a trojan and i don't want it but not sure if i understand where it is or where it is not?

Some information about Virtumonde:
http://en.wikipedia.org/wiki/Vundo


This may be of interest also:
So how I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)


Best regards,

can you look at this log if that is your category just to tell me?
http://forums.spybot.info/showthread.php?t=55986
tks

Hi rebel3229,

can you look at this log if that is your category just to tell me?
Only members with the following user titles are allowed to assist with logs: MRU Team, Security Team, Security Warrior, Security Expert, Developer.

Please wait for your HijackThis log to be examined by a qualified analyst for confirmation whether or not the infection has been completely removed. :bigthumb:

Thanks,

honda :)

ok, thanks
not having any problems, just would like to know.