unsure which one i got virtumonde or something else

[niotxx]

I am running a HJT at the moment so will post when that comes out but I want to make sure i know what ive got while i'm waiting.

I installed an application and sometime after that it(not me) installed "xp antivirus 2008" and then did the whole flashing notifications thing - i didn't click on anything. The only thing i did was ripped out my internet connection immediately. After i'd done that my spybot tea timer kept wanting to get my permission to add or deny stuff so i denied everything and told it to remember my decision. Consequently repeated attempts by this thing just kept popping up and disappearing and every now and then it tries to connect to the net.

Some things i've also noticed:

1. my background now has a "warning! spyware detected on your computer! - install antivirus or spyware remove to clean your computer" wallpaper which i cant change because the tab has been removed if i go to change it.

2. i have a program installed on my computer that i didn't install called XP Antivirus 2008 - it has an uninstaller but i'm not game enough to run it.

3. I cant run spybot at all (double clicking the icon just does nothing) in normal or safe mode

4. if i try and open notepad it pops up a window telling me its closing it help protect my computer - its window title is "Data Execution Prevention - Microsoft Windows" and just shows the application name and publisher in the window area but some other things i can open like divx player for instance

5. if i try to install any applications to do with spyware removal it wont launch the installer unless i actually rename the file to something else in which case i can run and install

6. when this started happening nortons antivirus told me that it had found trojan.zlob

7. when i managed to get a full system scan of my computer done in safe mode with ad-aware it told me i had Virtumonde and another thing called Win32.TrojanDropper.Small as well - after removing them using that application i now do not have those tea timer windows anymore but my system is still trying to connect to the internet when i'm not connected and also - all the other program things are still happening - unable to launch executable and the notepad thing i mentioned before and not being able to change my desktop.

an aside, i haven't tried yet but if i can burn files off - am i likely to take this with me? if nothing i can do can fix it i would wipe the whole the machine but i have some stuff i really need to back up first. that would be my last resort!

also i would really like to be able to use spybot to scan because that adaware scan took close to 4 hours to do on a 1 TB drive with only half capacity - drive is 2 500 GB ones.

any ideas at this point if this is that nasty virtumonde thing would be great

stacey

[ken545]

Hello niotxx

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Make sure you install the latest version by Trendmicro and have it set up this way.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe

• Open HJT Scan and Save a Log File, it will open in Notepad
• Go to Format and make sure Wordwrap is Unchecked
• Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.