Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Virtumonde and ?others?...

  1. #11
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    RealVNC I installed quite a while back to remotely help her manage her PC. I trust it, but will immediately update it.
    Even if you trust the program, I suggest you scan the files to be positive they are not infected.
    If you do not wish to install RC, let me know so I can continue with the cleanup.
    There was no request for a Kaspersky scan? We need to get past the RC instructions. If combofix is needed to install RC, I do not want to remove it until you have done so. As I explained, the installation is optional (can be important in the future as is also explained in the instructions I posted)
    Once we are past that point one way or another, then the tools we unsed will be removed and the last Kaspersky Scan run.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  2. #12
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default RC Installed

    Sorry for the late reply - my mother was out of town and I didn't have access to the PC.

    I installed RC as the page instructed and it appeared to be successful.

    I misunderstood your earlier post asking me to scan those specific files and that's why I ran the Kaspersky scan again. Sorry about that. I have now scanned those files again that you mentioned and they are clean.

    Thank you and let me know what else I can do. She has used the PC some since my last post and she said it appears to be operating normally and performing well.

    Lyndal.


    This was returned by the RC install - wasn't sure if you needed it....

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

  3. #13
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for the feedback, I am looking at the last Kaspersky scan, please do this.
    KASPERSKY ONLINE SCANNER REPORT Sunday, February 24, 2008 10:35:49 PM

    1) C:\Documents and Settings\Sue McMurphy\Application Data\Sun\Java\Deployment\cache\ <<< delete the contents of Java cache
    http://support.f-secure.com/enu/home...avacache.shtml

    2) Remove combofix and Vundofix from your computer.

    3) C:\QooBox\Quarantine\ <<< delete that folder

    4) C:\VundoFix Backups\ <<< delete that folder

    5) Empty the Recycle Bin on your Desktop

    6) Restart the computer

    7) Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot

    Turn ON System Restore,
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.

    You can scan at that point with Kaspersky and it should only find the RealVNC files which you can ignore

    Safe surfing

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •