Virtumonde Removal - Assistance Request

[Tanggo]

Virtumonde Removal - RegSearch, ERUNT, Easy Cleaner

Does anyone else use the computer besides you?

We are a very small family. It's only the very rare mischievous friend or visitor that could pose a worry. I have a new password now.

The only signs of Probot I saw on your computer were from the files that ComboFix deleted. You can try searching your computer for any folders that are named "Probot" or "Probot SE"

I have searched all files and folders for -
- *probot* ( None was found )
- *a*k3book* ( 2 are in ComboFix quarantine )
- *ans2000* ( 1 is in ComboFix quarantine )
- "lightscribe* ( None was found )

Registry Search by Bobbi Flekman
The RegSearch.txt for Probot and Probot SE is below.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/25/2009 1:17:35 PM for strings:
; 'probot'
; 'probot se'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-755137727-2013218922-164856062-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="*probot*"

; End Of The Log...

I looked through your most recent attach.txt and saw this:

LightScribe 1.4.84.1

If you don't need/use LightScribe anymore, go to Add/Remove Programs and uninstall it, making sure to reboot your computer afterwards.

This Lightscribe is another pesky remnant. It does not appear at all in Add/Remove Programs nor in a search for files/folders.

I ran the RegSearch of Bobbi Flekman for "Lightscribe". Surprisingly, the search result is quite long. Perhaps the word "lightscribe" is also used in other ways. The RegSearch.txt is quite long (112 kB) with many long numbers. Rather than annoying you and others, I have attached RegSearchLightscribe.zip .

ERUNT and REGEDIT4
I have just run ERUNT and REGEDIT4, taking note of 'no empty space' , 'one empty line' , and reboot.

Easy Cleaner - Registry Cleaner
Yeh, I have seen many pros and cons about this topic. Its something like the ckicken and egg - who is first. Since this is coming from you first hand, unlike just reading about it somewhere, I will gladly uninstall Easy Cleaner.

Other Queries
1. In what way is ERUNT better than the Windows inbuilt registry backup ?

2. In the Attach.txt, there are many security updates for IE7. I no longer use IE7 but I can STILL see it in files and folders, after upgrading to IE8. I understand you might not be a MS employee with privileged information. Can these IE7 security updates be removed ?

 

[km2357]

[HKEY_USERS\S-1-5-21-755137727-2013218922-164856062-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"002"="*probot*"

All the registry value is showing that you recently searched for "probot" within Windows. So, its nothing to worry about.

1. In what way is ERUNT better than the Windows inbuilt registry backup ?

Not too much of a difference between the two. ERUNT backup your registry automattically when you run it, so you don't have to worry about using regedit and messing up the backup process manually. It's an ease of use thing.

In the Attach.txt, there are many security updates for IE7. I no longer use IE7 but I can STILL see it in files and folders, after upgrading to IE8. I understand you might not be a MS employee with privileged information. Can these IE7 security updates be removed ?

There shouldn't be any harm in removing them, but I would keep them on your computer, just in case. Something may happen to IE 8 and you'll have to rollback to IE 7 and if that happens, you want those IE7 security updates there.


Below will be a big regfix to help clear out the lightscribe junk on your computer. Be sure to back up your registry with ERUNT first before running the regfix:


Step # 1: Run a Regfix


Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\3105F253CD70D644D86B833F9380C606]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3105F253CD70D644D86B833F9380C606]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3105F253CD70D644D86B833F9380C606\SourceList\Net]
[-HKEY_LOCAL_MACHINE\SOFTWARE\LightScribe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Common Files\\LightScribe\\res\\"=-
"C:\\Program Files\\Common Files\\LightScribe\\"=-
"C:\\Program Files\\Common Files\\LightScribe\\Content\\"=-
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\LightScribe Direct Disc Labeling\\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05284D7060C9594478999421E4CE5DDE]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06FD517F5DA336E4592DC562D5207AF2]
"00000000000000000000000000000000"="-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFD34DD011FD24409CE1CFC18349CA2]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FEFA84100325094EBDEE207A74F0F4A]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14AD1805088519349872E0C7723D23CC]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\170EE4A9945C6A545A7CE66104D3CD0F]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E257D9C979EBCB47814F8A86C249648]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24138D77FDBB0C44CB8502F2AFD613F1]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\362B05EF3375BBB459D65B77695419B2]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F7CA3C6417B51E45957A18134DCB9C1]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\404200868E481DE42AFD938608663874]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42E54FE87DD886D48AFEFF1E53FFB565]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43730CFA61AC2784DBDD33ED21CB2E87]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CE97DA0DBB28B8498B2534E6416B0B0]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F837488459B65428CA0E6B011B5B67]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57027235CE244BD4691769E851B7C281]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AEB4204EC468EC4DBBD6FB618334623]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E323DCF751AAA42B0AC586E16FF657]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D23F60BF68E69140975CAD89B7E0C08]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\766433EAA5AA2DA4C972A81A42786F5F]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76BF73BCBDBD7D34DA1425A9343A85DB]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7889046A95AE3704395D03DC920D5EB2]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DDD8D078AC88554ABADBB47DBC50047]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82712AEF41C19EA468C4658880465EA2]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82F7046585ED4714496768BDD765E0A8]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83E3B1967563EC741AFD031096D4D9EF]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C9AE8FA6E46B9045AAB35ABEC2AAF90]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9027E90356F31D84FBAE9644FD04DB44]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9379DF39318A1E04B91FF4DE302AE129]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\973460BE848CDE948B8B203A8DF37BAE]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EECC5F79AF8BE040A4A47D6E35DC9BD]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B21810DA3F6261B47A26207BA92FE042]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B468DCDCBCB0021449D20BB527D3781A]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B680681B47DA72847B394A5360B3F33F]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6DF91935865D6644A5E266B40D27D90]
"3105F253CD70D644D86B833F9380C606"="-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6FC1D253DDEA4B49A1C4BF218154008]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDD56F591665FD745A9BD5A7F5112C91]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3508C66927AFBD43AC3CB0465B6F846]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D88D87D89D92B4140B83ACAB98FB2794]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E7DD2C96B11279D43977EDA3A3CA166F]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFE74C78F0C3F38458EFB7DA57796E06]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F424B5D657452DB4ABE52A27CD95816E]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F77F75764B49EFD42A7B7583A52570B3]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F962BA67C155981468798E7410AADA76]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9A96258B7D047C4C8EDE9937D1E788A]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB3FF101A61375B4AAF7D8F92574793C]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEFBF195AFD6BAA4FBEEDD7E63B1010F]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3105F253CD70D644D86B833F9380C606\Features]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3105F253CD70D644D86B833F9380C606\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3105F253CD70D644D86B833F9380C606\Usage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{352F5013-07DC-446D-8DB6-38F339086C60}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_LIGHTSCRIBESERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_LIGHTSCRIBESERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LIGHTSCRIBESERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LightScribeService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LightScribeService]
[-HKEY_USERS\S-1-5-21-755137727-2013218922-164856062-1005\Software\Microsoft\Search Assistant\ACMru\5603]

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as Fix1.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix1.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.

 

[Tanggo]

Virtumonde Removal - Computer Running Well, RegSearch, REGEDIT4

Thanks for answering all my queries and preparing the REGEDIT4 entries to fix the registry. It has fixed many things. I appreciate the time you spent on the voluminous entries. I have done a new RegSearch for "lightscribe" (see attachment if you think it's important) . If you agree with my entries below for another REGEDIT4, then I will run it.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6DF91935865D6644A5E266B40D27D90]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6DF91935865D6644A5E266B40D27D90]
"3105F253CD70D644D86B833F9380C606"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B468DCDCBCB0021449D20BB527D3781A]
"00000000000000000000000000000000"=-
"3105F253CD70D644D86B833F9380C606"=-

Right now the computer is running very well, no problems at all.
You have done a great job and guided me through the process in a very competent and professional yet friendly way.

 

[km2357]

Your proposed entries for the new regedit4/regfix look good, I see no problems with it.

Make sure you run ERUNT first and when making the regfix, be sure that there are NO blank lines before REGEDIT4
and make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as Fix2.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix2.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.


Since there are no more problems, you are good to go.

You can reenable Teatimer.

You can delete the following off of your computer:

DDS.scr
The DDS Logs
GMER.zip
GMER.exe
The GMER Log
Regsearch.zip
The C:\Regsearch folder
All the regfixes you created (fix.reg, fix1.reg and fix2.reg (after you've run it))

To remove ComboFix, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.



Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

• Go to Start > All Programs > Accessories > System Tools > System Restore
• Select Create a restore point, and Ok it.
• Next, go to Start > Run and type in cleanmgr
• Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
• Select the More options tab
• Choose the option to clean up system restore and OK it.
• This will remove all restore points except the new one you just created.

.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it asks you if you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Set correct settings for files that should be hidden in Windows XP

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please checkHide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

• Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
• Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
• Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
  Computer Safety on line Anti Malware
• Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  • Click the start button on the task bar at the bottom of your screen
  • Click run
  • In the dialog box, type services.msc
  • hit enter, then locate dns client
  • Highlight it, then doubleclick it.
  • On the dropdown box, change the setting from automatic to manual.
  • Click ok..
• Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
• Please read Tony Klein's excellent article: How I got Infected in the First Place
• Please read Understanding Spyware, Browser Hijackers, and Dialers
• Please read Simple and easy ways to keep your computer safe and secure on the Internet
• If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
  Opera.
  If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
• Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
• If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.

Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

If your computer is running slow, click here for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.

 

[Tanggo]

Virtumonde Removal - The Best Way to Remove Virtumonde

@km2357,

1. Through your close guidance I have cleansed my computer and got familiarized with quite a few new tools I would not have tried on my own. Sure, many know about them but few know how to use them without guidance. Your contribution to me in particular and the community in general is like one of the refreshing daffodils among the weeds.

2. :thanks: and :thanks: again.

3. God helps those who help themselves, God loves those who help others.

Best regards,

Tanggo

 

[km2357]

You're welcome. I'm glad I was able to help you out.

Good luck and safe surfing!