Virtumonde.generic, virtumonde, & smitfraud-c

[magoo63601]

Here you go


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Virtumonde: [SBI $FA87DB10] Text file (File, nothing done)
C:\WINDOWS\system32\2ff6afe7-.txt

Virtumonde: [SBI $FD08B4B7] Configuration file (File, nothing done)
C:\WINDOWS\system32\QAGOWyxx.ini2

Virtumonde: [SBI $2A2DCEAC] Configuration file (File, nothing done)
C:\WINDOWS\system32\QAGOWyxx.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, nothing done)
C:\WINDOWS\system32\rhruotvg.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, nothing done)
C:\WINDOWS\system32\hakmgaqr.ini

Virtumonde: [SBI $D510A69C] Configuration file (File, nothing done)
C:\WINDOWS\system32\mvwaulvl.ini


Thank you
Dave

[random/random]

Use Windows Explorer to find and delete these files:

C:\WINDOWS\system32\2ff6afe7-.txt
C:\WINDOWS\system32\QAGOWyxx.ini2
C:\WINDOWS\system32\QAGOWyxx.ini
C:\WINDOWS\system32\rhruotvg.ini
C:\WINDOWS\system32\hakmgaqr.ini
C:\WINDOWS\system32\mvwaulvl.ini

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete

Run Spybot Search & Destroy again. Does it still detect anything?

[magoo63601]

All clear now.
Thank you very much. I'm sure that I speak for probably thousands of ppl that use this forum when I say that it is truly amazing that there are people out there with the patients and talent that you all have, and that you are willing to help us out voluntarily.
Again, Thak you,
Dave

[random/random]

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

1. • Turn System Restore off
   • On the Desktop, right click on the My Computer icon.
   • Click Properties.
   • Click the System Restore tab.
   • Check Turn off System Restore.
   • Click Apply, and then click OK.
   Restart
   
   • Turn System Restore on
   • On the Desktop, right click on the My Computer icon.
   • Click Properties.
   • Click the System Restore tab.
   • Uncheck *Turn off System Restore*.
   • Click Apply, and then click OK.
   
   Note: only do this once, and not on a regular basis
2. Make sure that you keep your antivirus updated
   New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
   Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
3. Install and use a firewall with outbound protection
   While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
   I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Online armor
   See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
   Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
4. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
   Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
   Go here to check for & install updates to Microsoft applications
   Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
5. Keep your non-Microsoft applications updated as well
   Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
6. Make Internet Explorer more secure
   Click Start > Run
   Type Inetcpl.cpl & click OK
   Click on the Security tab
   Click Reset all zones to default level
   Make sure the Internet Zone is selected & Click Custom level
   In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
   Next Click OK, then Apply button and then OK to exit the Internet Properties page.
7. Install SpywareBlaster & make sure to update it regularly
   SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
   If you don't know what activex controls are, see here
   You can download SpywareBlaster from here
8. Install and use Spybot Search & Destroy
   Instructions are located here
   Make sure you update, reimmunize & scan regularly
9. Make use of the HOSTS file included with Spybot Search & Destroy
   Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
   Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
   
   • Run Spybot Search & Destroy
   • Click on Mode, and then place a tick next to Advanced mode
   • Click Yes
   • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
   • Click on Add Spybot-S&D hosts list
   Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
   
   • Click Start > Run
   • Type services.msc & click OK
   • In the list, find the service called DNS Client & double click on it.
   • On the dropdown box, change the setting from automatic to manual.
   • Click OK & then close the Services window
   For a more detailed explanation of the HOSTS file, click here
10. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date