Virtumonde problem - help please

[cazzyk]

Malwarebytes found nothing but there are still items in the quarantine folder, is it ok to delete these?

There is still a folder for BitTorrent on C:\ Drive - do I just delete this?

Everything seems to be ok at the moment - it did take a long while to shut down though during the restart after uninstalling and installing Java updates

What do I do with the following on the desktop

ComboFix
Reset Tea Timer
Regfix

 

[ken545]

Hi,

You can delete that folder for Bittorrent and also the one for Limewire if you see it

Drag these to the trash
Reset Tea Timer
Regfix


ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Hijackthis <---Your call, hopefully you won't need it again, if you do you can redownload it

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  • 
  
  
• When shown the disclaimer, Select "2"

The above procedure will:

• Delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

• 
  How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• TonyKlein CastleCops
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

• Spybot Search and Destroy 1.6
  Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  
• Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  
• Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  
• IE-Spyad
  IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

 

[cazzyk]

Hi

Have just run the combofix uninstall I didn't get shown any disclaimer just the blue box and then combofix has been uninstalled

Another question - I have just had a popup from AVG saying Adware Generic3.AHAK has been found in System Volume Information

 

[ken545]

System Volume Information <-- These are entries in your Windows System Restore program, there are instructions in my last post to clear this out and also how to create a new restore point, you need to do this as if you use this program to restore your computer to a previous date you can reinfect your self because most of , if not all of what we removed is backed up in this program.


System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

• Right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore on all Drives.
• Click Apply, and then click OK.

Reboot your computer


Turn ON System Restore.

• Right-click My Computer.
• ClickProperties.
• Click the System Restore tab.
• UN-Check Turn off System Restore on all Drives.
• Click Apply, and then click OK.

Create a new Restore Point <-- Very Important

• Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

System Restore Tutorial <-- If you need it

Ken

 

[cazzyk]

Hi Ken

I have another problem - I have just looked for the System Restore in Control Panel/System as per bleepingcomputer.com's instructions but the tab is missing, all the others are there but not this one

 

[cazzyk]

I also still have the combofix folder in c:\ Drive as well as the txt file

Something's still not quite right!

 

[cazzyk]

Have solved the system restore problem - had to do a restart but the other one remains

 

[ken545]

You can just delete it, the actual program is gone but on some systems is leaves the entry...go figure

 

[cazzyk]

Looks like we're clean!

Thanks for your help - much appreciated

 

[ken545]

Your very welcome,

Take care,
Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.