PDA

View Full Version : Help a layman/computer idiot get rid of this!!!



AresMars1
2010-09-20, 00:03
Hello everybody,

First of I want to thank people for just reading this:

I turned on my computer today and everything had been reset (like when I first got my computer-- a PC (Dell)) I freaked out since I am a college student and all of my files were missing. So I did system restore and everything went back to normal. Then I ran symantec antivirus and Spybot S&D just in case. Symantec didn't find anything neither did Spybot. Sounds good right? Except when Spybot was scanning it went through PornBHO.ru and Virtumonde.sdn .dll, etc. for a long time (this was displayed at the bottom of the spybot window). But nothing malicious was found. I ran Malwarebytes' Anti-Malware and nothing was found either. So I searched for PornBHO.ru and Virtumonde... turns out they are dangerous! I want them off of my computer so nothing like this ever happens again!!! Please help me get rid of them!!! I am a computer idiot so I don't know what DSS logs are or how to get them. PLEASE HELP!!!!!!!!!

Sincerely,
AM1

PS: I googled the two things and this website popped up : http://188.165.126.154/showthread.php?t=37631

but I can't find any of the registry keys...

Jack&Jill
2010-09-22, 08:09
Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Jack&Jill
2010-09-22, 08:17
Hello AresMars1 :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Please download OTLŠ by OldTimer from one of the links below and save it to your desktop.

Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here. (http://www.gmer.net/download.php)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)
2. GMER result

Jack&Jill
2010-09-25, 19:19
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.