Results 1 to 3 of 3

Thread: Virtumonde also

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default Virtumonde also

    Hi, I don't have HJT, and I was looking for some guidance for my particular situation. My problem started when I clicked on a poorly chosen link and my computer slowed down considerably and I got a warning that my computer was trying to contact a malicious IP address. Also, TeaTimer warned me that a few startup registry entries were trying to be changed. I denied those changes and tried to close my browser (Chrome), but everything was running extremely slowly. Eventually I hard-rebooted the computer. On startup I was warned again about registry changes for startup programs with nonsense-looking names which I repeatedly denied, then blacklisted (the questions popped up every few seconds). At some point during this whole process it occurred to me to disconnect my internet connection, so I did that. I did a Windows Defender quick scan which found nothing, and then a Spybot scan which found some cookies and the Virtumonde trojan. I told Spybot to fix the problems and got no errors, but the description for Virtumonde suggested that I might need to more to make sure it didn't come back.

    So, my question is, what do I need to do to finish the cleanup? The description said Virtumonde installs a browser helper object, so I have not opened a browser since the initial event, and I have not reconnected to the internet (I'm using a different computer at the moment, obviously). Also, I denied all requested registry changes that were brought to my attention by TeaTimer.

    I have no problem downloading HJT and posting a log, but I didn't know if I could save some trouble by avoiding reconnecting my infected computer to the internet until the cleanup was complete.

  2. #2
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default resolved

    It seems I was being overly cautious. When I restarted my computer and rescanned with Spybot, it found nothing, so I think that my problem is resolved. If someone takes a look at this and there is something they think I should be concerned about, please let me know by email. My email address is my username (AT) gmail. Thanks anyway!

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,988

    Default

    Hi mikebind,

    If you need one of our volunteer analysts to advise you please follow the procedure in this sticky faq to produce a log and then start a new topic.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Note:
    If you have lost your Internet connection on the infected computer, or otherwise cannot post from that machine; you can download HJT to a clean PC if one is available. You can also try this if malware is blocking your access to security forums and tools.

    1. Upload to infected machine
    2. Place HJT into own folder
    3. Run HJT on the infected PC and post the log you produce using the clean PC.
    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •