Urgent Help for the Trojan "Virtumonde".

Status
Not open for further replies.
here is my system.ini

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app857.FON
EGA80WOA.FON=EGA80857.FON
EGA40WOA.FON=EGA40857.FON
CGA80WOA.FON=CGA80857.FON
CGA40WOA.FON=CGA40857.FON
[ScreenTime]
Password Value=0
previousProjectorProcessID=512
[CineMac]
Password Value=0
previousProjectorProcessID=1004
 
"no reports available "??

i run AVG it find 2infected items (3traces )
Hikacker.small.mw
Adware.NewDotNet
and the related files are (icouldnt get the fuıll names though)

c:\system volume ınfo\restore\ ...\clsid \ ... stg
c:\wundofix Backups\22hrso.dll.bad
c:\windows\newdotnet3_38.dll.tobedeleted

i applied all actions but then after i click the reports tab it says "No reports avaliable" ???
and after i choose the infected tab with the button quarantine
Under the Infections tab chose Select All then Remove Finally
but there seems no quarantined objests there??
 
sorry.ijust found the report now.as it was set to autosave report lo

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:04:34 11.06.2007

+ Scan result:



C:\WINDOWS\newdotnet3_36.dll_tobedeleted -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{07F5AE74-2BB5-4A6E-8AE7-A9A44439AC20}\RP493\A0311103.dll -> Hijacker.Small.mw : Cleaned.
C:\VundoFix Backups\j2241430.dll.bad -> Hijacker.Small.mw : Cleaned.


::Report end
 
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
2 more questions

hi pskelley ,how is it going ? :bigthumb:
i have 2 more questions for u.:present:
Q1- i did the last insturcions.(system restore stuff)
and read alot of stuff from internet :) learned a lot.thanks for the links .still reading:)
then. i also installed the internet explorer 7 (it wanted a reboot 2 times)
then i did another search from AVG antispyware

it found one of the threats again. namely: hijacker.small.mw
and also says stg like
"the threat traces to:
c:\vundofix Backups\mcoinuka.exe.bad "

Q2:now i have alot of protetion stuff. 1 firewall,1 antivirus program, couple of antispyware programs,and passive protection ..but most of them have monitors or resident or etc.(and some fo them seem like they are doing the same thing.)
so i'm afraid if they may conflict
here is the list of my total protections
1) Zone alarm ( security wall)

2) Nod32 (Antivirus program) it has some stuff that u can turn on or off
a)AMON: File system monitor
b)DMON: Microsoft office document monitor
c)EMON: Microsoft outlook email monitor
d)IMON: Internet monitor

3) Spybot S&D 1.4
a)Resident SD Helper
b)Resident Tea Timer

4) AVG Antispyware 7.5
a) Resident Shield

5) AD-AWARE SE PRO 1.06r1.

6) AD-WATCH SE PRO

7)SpywareGuard 2.2.0
a)Realtime Scannig
b)Download Protection
c)Browser Hijack Protection

8)SpywareBlaster 3.5.1
 
This is left from Vundofix, delete it and any other tools you downloaded for the fix. You may keep ATF-Cleaner if you wish.
c:\vundofix Backups\mcoinuka.exe.bad " <<< delete that folder

Please review the information I posted in my last post, those questions should be answered in those links. If once you have done that, you still have question, post them.

Thanks
 
hi again pskelley.

i deleted that folder c:\Vundofix Backups .
but
what do u mean by "an other tools that u downloaded for the fix".
not my spyware programs? right ?
i guess mean just delete vundofix.exe and hijackthis_v2.exe and hijackthis backups folder. ??????

2- yes i readed all the links.and a lot more links.belive me.
it is kind of ambigious or i didnt get it well.
here is what i understand in short:
-only 1 software security wall and only 1 antivirus program to install.
-it seems the spyware programs can be multiple.

-but it doesnt say much about residents and monitors and shields .etc.
but my real question is which of those spyware programs shall i open before connecting to the net??
and which residents adn monitors will be enough and efficiently protect my pc without conflicting each other??

let me give u an example: lets say both ad-watch and teatimer are open, when a program wants to change my registery both of them respond to the same stuff and ask me "regisry change detected do u acccept or deny etc" twice.
and i'm not sure about nod32's monitors and AVG's shield; they may also do stg like that???
 
Delete Vundo fix and Vundofix backups

HJT is a great program, I would not remove it, but this is totally up to you.
Here is some information:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=faq#
You can delete the backups if you are sure you will not need them. Some other programs will scan the backups as threats, but they can not get back on your computer unless you restore them personally.

Do not run TeaTimer and SpywareGuard 2.2.0 at the same time, they do the same thing. I personally run SG and turn TeaTimer off on my computer.
http://www.malwarehelp.org/how-to-enabledisable-spybot-teatimer.html

SpywareGuard tut: http://www.bleepingcomputer.com/forums/tutorial50.html

I do not run Ad-watch (I do run Ad-Aware personal free) so you will need to consult the program or Ad-Aware Ad-watch tech support for answers:
http://www.google.com/search?hl=en&q=Ad-aware+tutorial&btnG=Search

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
I posted this before, we downloaded this program as a trial to look for hidden malware. Once you are finished with it, since it give no realtime protections after the trial is over, it should be turned completely off or uninstalled.

Thanks
 
some more questions :)

thanks for the info.
1)i have always googletoolbar notifier coming at my startup?
and also c:\windows\system32\ntfmon.exe
even if i uncheck them from Spybot SD's system start up tools.
can u give me link for what are they used for, or what is their purpose?

2)i have some zone alarm questions.i'm not sure if they are appropirate to ask here?

3):spider: and my display problems ( started 5-6 days ago that is after my trojan threats ,but before the time we get rid of the trojans) ; are still present!!! (i noticed them at my very first post.remember? )
i thought the display proglems were happening because of the trojans; but they are still there so, trıjans cant be the cause?! right??
DO u know where can i ask them,some forums, or some info, or u can help solving them if u want ?

thanks a lot :bigthumb:
 
Let me first say that while I am good at removing malware, I do not know everything. Many of the questions you are asking would be better answered at the websites of the programs which all have extensive faq areas.

googletoolbar notifier <<< had to be installed by someone who uses the computer. Most of this information is covered in link I have already posted.

http://www.netsquirrel.com/msconfig/ <<< see this

Here is a link to the Google search engine which will answer aboput any question you ask it: http://www.google.com/
http://www.google.com/search?hl=en&q=googletoolbar+notifier&btnG=Google+Search

Zone Alarm: Right click the program in the System tray. Choose Restore ZoneAlarm Control Center.
To the right are two key areas for unstanding, ?HELP and under it is a Flash Tutorial. If you are going to run this firewall, you should know the information in those areas, your firewall is a key to your security.

You will need to provide more information about "display problems" or do as I said and use Google:
http://www.google.com/search?hl=en&q=display+problems&btnG=Search
I probably know no more about display issues that you do, all I would do would be to Google any information you provide.

Thank you
 
As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks...pskelley
 
Status
Not open for further replies.
Back
Top