Results 1 to 3 of 3

Thread: Virtumonde

  1. 2008-04-18, 14:23 #1
    vanr-vnd
    vanr-vnd is offline
    Junior Member
    Join Date
    Apr 2008
    Location
    Netherlands
    Posts
    1

    Default Virtumonde

    SpyBot detected the Virtumonde trojan and eliminated the offspring files. But it kept being alive.
    I got suspicious about a file named qoMffGab.dll in C:\Windows\system32, which could not be renamed nor deleted in the normal way.

    Eventually in WinXP Pro (SP2) Safe mode, this file could be deleted (in command line window!) and as a result the infection was over.

    This might be helpfull for you.

    Martin
    Reply With Quote Reply With Quote
  2. 2008-05-04, 21:30 #2
    Renneberg
    Renneberg is offline
    Junior Member
    Join Date
    May 2008
    Posts
    1

    Default Virtumonde Trojan

    I have the same problem. In addition when trying to use Spybot to fix the problems I keep getting the error "out of memory" and some others, which often end in Spybot providing a message that it must close. I've looked for the file you said in Windows/System32, but it is not present. Any other ideas/help would be appreciated?

    Mike
    Reply With Quote Reply With Quote
  3. 2008-05-04, 22:34 #3
    md usa spybot fan
    md usa spybot fan is offline
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Renneberg:

    What version of Spybot are you running (Spybot » Help » About)?

    If the display does not show:
    • Spybot - Search & Destroy 1.5.2.20
      Latest detection update: 4/30/2008

    Upgrade or update as appropreate:
    • If you are not running Spybot 1.5.2.20, consider upgrading. The downloads are located here:
    • If you are running Spybot 1.5.2.20 and are not running with the 2008-04-30 updates, update.

    If you have that latest version fully updated, there are two things that you can try to get rid of the things that Spybot-S&D is having difficulty removing:
    1. Try to run it the next time you reboot.
      • Go into Spybot > Mode > Advanced mode > Settings > Settings > look for "System start" (located half way down the page).
      • Check the option: "Run program once at next system startup".
      • Reboot the system.
    2. Run it in Safe mode.
      • Reboot your system in Safe mode and run Spybot-S&D.

    If Spybot still fails to correct the problem consider posting in the Malware Removal forum and having someone take a look at your system.

    If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:
    After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the logs produced from the above instructions.

    Getting an answer is one thing, learning is another.

    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules