help with removing virtumonde

[elmoisevil]

ive got 4 anti virus software and only spybot search&destroy can help because it is the only one to detect the virus "virtumonde" but every time i have tryed to fix the problem i run a extra search to make sure it deleted but it gets detected again.

 

[tashi]

Hello.

ive got 4 anti virus software

By anti virus software, are you perhaps confusing them with anti spyware, because only one resident AV should be running.

Please produce a short log, which will also show the version of Spybot-S&D you have installed.

• Open SpyBot.
• Check for problems.
• When the scan completes, right click on the results list, select "Copy results to clipboard". (Not the full report option.)
• Paste (Ctrl+V) those results to a new post in this thread, and someone will take a look.

Cheers.

 

[Teensy]

Vitrumonde infection

I have the same problem. Here's my report:

AdRevolver: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Tina) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Tina) (Cookie, fixed)


ErrorSafe: Tracking cookie (Firefox: Tina) (Cookie, fixed)


ErrorSafe: Tracking cookie (Firefox: Tina) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: Tina) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: Tina) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: Tina) (Cookie, fixed)


AdRevolver: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Winsoftware: Tracking cookie (Firefox: Tina) (Cookie, fixed)


Virtumonde: Tracking cookie (Firefox: Tina) (Cookie, fixed)


ErrorSafe: Tracking cookie (Firefox: Tina) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-29 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

 

[elmoisevil]

i have done what you said, but do i have to put it in the form or do i have to go into another form

 

[chi-va]

It seems that you have problems to remove cookies from Firefox. This could be caused by a bug in Spybot-S&D 1.4 which you are using. Spybot-S&D 1.5 doesn't seem to have this bug so it is recommended to upgrade your version:
http://www.safer-networking.org/en/mirrors/index.html

In order to avoid possible problems with the old version it is advisable to uninstall Spybot-S&D 1.4 before installing the new version.

Here you can find an uninstall instruction from Team Spybot:
http://www.safer-networking.org/en/howto/uninstall.html

Apart from that, tracking cookies reappear as soon as you visit the host website again. Spybot-S&D 1.5 provide a new immunize feature for Firefox which should automatically block the tracking cookies which the software is able to detect.

 

[tashi]

Hi elmoisevil.

You can copy paste the short log here as Teensy did.

 

[TSmith62x3]

Shut off system restore and boot in safe mode

run Spybot from safe mode fix problems,, then run it again till it comes up with a clean run no problems found

then you can re-boot in regular mode, and turn on your system restore again

Some spyware embeds itself into your system restore files and they just pop back into action from there after you have "deleted" them,, when you actually didnt, turning off system restore is only way to emove some malware

T

 

[tashi]

Shut off system restore

http://forums.spybot.info/showthread.php?t=288

Please do NOT turn off System Restore trying to remove an infection. Doing so would only serve to destroy a known restore point (not good) and won't remove the malware. Let your helper advise you as to when a System Restore flush is called for.

 

[galo1424]

Ayuda Con Virtumonde

Por favor...que alguine me ayude a remover este trojano.....Virtumonde...ya me tiene jorro...si alguien sabe como por favor diganmelo

 

[elmoisevil]

hi
ive allready posted it up in the malware form and someone called markka is helping me but his way seem to be very long and can dangor the health of my com so ill post my most recent log


Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-602162358-152049171-854245398-1005\Software\Microsoft\aldd


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-26 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-26 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-26 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-26 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-26 Includes\KeyloggersC.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-26 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-26 Includes\PUPSC.sbi (*)
2007-09-26 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-26 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-26 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-26 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

 

[md usa spybot fan]

elmoisevil:

Taking malware removal advice from two places at the same time is dangerous. So stick with Markka in the following thread:

• cant remove the virtomunde
  http://forums.spybot.info/showthread.php?t=18368

ps: So far Markka only asked you to post the required logs for any help in the Malware Removal forum. See:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)