Help with Virtumonde clean up

[al5579]

Sorry for double posting but I've discovered the redirect problem is gone in Internet Explorer. I think it is Firefox that is having this problem.

[ken545]

Good Morning,

C:\WINDOWS\ijibanovekegubix.dll <-- Delete this file

Open Firefox and go to Tools> Clear Private Data, put a checkmark in everything and click on Clear Private Data Now



Go to Tools> Options> Application Tab, do you see anything out of the ordinary in there.

If that didn't help what about this.


Did you completely uninstall Firefox ?

Mozilla Firefox <---Did you delete this folder ??


You need to to that so that there is no trace of Firefox on your system, then reboot and reinstall it
http://www.mozilla.com/en-US/firefox/

If your still having this issue than I am going to have someone else look at this as I am out of ideas

Ken

[al5579]

Good morning.

Ok, I found and deleted the file you indicated in C:\Windows and now it's gone.

I uninstalled Firefox and deleted the Mozilla Firefox folder in C:\Program files. I did a Windows search and found additional folders with the title Mozilla. Those I deleted as well. Then I rebooted and reinstalled Firefox. I did a web search on Google and Yahoo. I still got redirected by goored in Google and Yahoo led me elsewhere. Internet Explorer is still unaffected by this, so I guess I'll do my web searches there for the time being.

Still, I appreciate the ideas you're giving to help me. Thanks.

[ken545]

Look for and delete this file, it may be in C:\windows or C:\windows\system32
f52c75cc.dll

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"99452efa"=-

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

[al5579]

I did a search and nothing was found. Did a search in My Computer and drive C, nothing found.

[ken545]

Did the reg fix help?

[al5579]

I merged the reg file and I tried the search again in Firefox. Still no effect. I didn't reboot when the reg file was merged. Is a reboot needed?

[ken545]

Go ahead and reboot and then try Firefox, I am going to have someone else take a peak at this

[al5579]

Did a reboot. Still redirecting in Firefox. Hmm, this thing is pretty stubborn.

[ken545]

Lets try bypassing your router, just plug your lan cable directly into your computer and see if your still getting redirected, if not then you need to reset your router.