PDA

View Full Version : Virtumonde.sdn



mmckinley
2010-03-27, 05:36
hey so i ran my Spybot Search and Destroy today and i got a problem found called "Virtumonde.sdn" and i was wondering what it was and how to get it off my computer. thank you

Matt
2010-03-27, 09:30
Hi mmckinley,

:snwelcome:

Virtumonde is a trojan. :fear: Did you let Spybot fix all problems after the scan has finished?

Which OS do you have?

mmckinley
2010-03-28, 01:03
Well when i first encountered the virtuemonde i hit fix selected problem but then when i did that my computer went black then shut down and did that the next couple times i turn it on even when i didnt hit any buttons after i turned it on. Then i let it sit turned off for about an hour then turned it back on and it has been fine since. I ran the Spybot Search and Destroy again but this time didnt hit fix selected problems because i wanted to check on here what to do because i did not want that happening again. Should i go ahead and hit fix selected problems again to see what happens. Also sorry what does OS mean?

Matt
2010-03-28, 12:57
Hi mmckinley,

Sorry... :rolleyes: OS means operating system... Which operating system (e.g. 2000, XP, Vista, 7) do you have? ;)

Please update Spybot, run another scan. After the scan has finished, right click on the white background where Spybot reports Virtumonde, and choose "Save results to file...". Save the file to your desktop and add it with your next answer. :thanks:

Then I'll give you further instructions. Perhaps you've to open your own thread in the Malware Removal Forum.

I'm waiting for your answer. :bigthumb:

mmckinley
2010-03-28, 22:32
Ok here is the file that i saved. My OS is Windows Vista. Thank you !

sonia_
2010-03-29, 03:46
Hi there,
Sorry for inerrupting........
.......I've got a problem with a Virtumonde too. I ran my Spybot S&D and when I choose "Fix selected problems" it said that its fixed, but its not - I ran it again and its still there. :hair:
Could you please help me get rid of it? :rolleyes:
My OS is XP.
:thanks:

Matt
2010-03-29, 11:11
Hi mmchinley,

Ok here is the file that i saved. My OS is Windows Vista. Thank you !
Hhmm... there is only this registry entry:

Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
Did you scan your computer with other Anti-Malware tools as well?
Do you have problems or signs of Malware (http://www.malwarehelp.org/symptoms-of-infection.html)?




Hi sonia_;365536,


Could you please help me get rid of it? :rolleyes:
First of all: You don't use the newest version of Spybot. Please download Spybot 1.6.2 from here (http://www.safer-networking.org/en/ownmirrors1/index.html). After that, uninstall Spybot 1.6.0, reboot your computer, delete all leavings ( http://www.safer-networking.org/en/howto/uninstall.html ) and install the newest version 1.6.2.
More here:
http://www.safer-networking.org/en/tutorial/index.html

Update Spybot and run another scan.

Do you have problems or any sings of Malware (http://www.malwarehelp.org/symptoms-of-infection.html)?

mmckinley
2010-03-29, 19:19
I dont seem to have any of the symptoms of maleware, my computer is running normally to my knowledge. Does that mean that i do not actually have the Virtumonde trojan or something?

mmckinley
2010-03-29, 22:54
and yes i also use Malwarebytes Anti-Malware along with Spybot

Matt
2010-03-30, 12:12
Hi mmckinley,


I dont seem to have any of the symptoms of maleware, my computer is running normally to my knowledge. Does that mean that i do not actually have the Virtumonde trojan or something?
Just to make sure, that you are not infected with Virtumonde, I would like you to do the following steps:

Please read this FAQ: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and post your HijackThis logfile.
Moreover, you can post your Spybot scan results right after your HijackThis Logfile or add it. An analyst will advise you as soon as available. :bigthumb:

Happy safe surfing! :)

mmckinley
2010-04-03, 22:26
hey so i think i did all those things right that you told me to do, and i posted the hijack file on the maleware removal page but no one has responded in about 5 days. should i post it again or just wait it out? thanks for your help

Zenobia
2010-04-03, 22:44
No,please don't post your log again,as it hasn't been archived.
There is a waiting room where you can leave a link after you've waited 4 full days with no response.
http://forums.spybot.info/forumdisplay.php?f=37
There's more info in this sticky topic:
http://forums.spybot.info/showthread.php?t=1137
You posted your Hijackthis logfile on March 31st,and it's now April 3rd,so I think it would be over 4 full days by tomorrow,April 4th,if you don't get a response by then. :)

mmckinley
2010-04-03, 23:02
ok will do thank you i appreciate it

Zenobia
2010-04-04, 03:36
You're welcome. :)