Virtumonde repeatedly found

[Liam27]

Hi there,

I have the latest version of Spybot search and destroy

I believe that a couple of weeks ago I was infected with the Virtumonde virus, but I thought I had got rid of it.

However I have ran Spybot since and it still seems to find it. It says it removes the infection, but then when scanning again, just finds it again...seem to be going in circles...!

Report says this:

Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-10223769-3664160080-2574443034-1000\Software\Microsoft\rdfa

If anyone is able to help, I'd be very grateful! Thanks!

Liam

 

[129260]

Did you try scanning with all your security software?

Including other antispyware or an antiviruis program? Also, try scanning in safe mode to clean the infection:

How to boot into safe mode:

Reboot your computer into SafeMode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
* Instead of Windows loading as normal, a menu should appear.
* Select the first option, to run Windows in Safe Mode.
* Once windows loads, launch spybot and do a complete scan. remove anything found. Launch other security software and scan with them as well, remove anything found.
*restart your machine, you are now using windows in normal mode.*

Does that help? I hope so. Let me know if you need further assistance.

 

[Liam27]

Thank you for your quick reply. I should say, I have Norton 360 installed and I will scan right now, but I checked only a few days ago, and it did not find anything. I also believe I did the scan in safe mode, with the same outcome.

I have noticed a great improvement in the performance of my laptop since I removed the virus last week, so I don't believe that I am infected any longer. Just seems strange to me that Spybot finds it.

Also, this could be related, but on start up, I get a Run DLL dialogue box appear:

Run DLL
Error loading
C:\users\liam\appdata\local\temp\jkkKawuV.dll
The specified module could not be found

This has only appeared since my Virtumonde problem, and I would like to get rid of it - very annoying! I've googled the dll extension but found nothing, does anyone have any ideas what it is or how to get rid of it?

Thanks again

 

[md usa spybot fan]

Liam27:

Consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the logs produced from the above instructions.

 

[129260]

ok

Thank you for your quick reply. I should say, I have Norton 360 installed and I will scan right now, but I checked only a few days ago, and it did not find anything. I also believe I did the scan in safe mode, with the same outcome.

I have noticed a great improvement in the performance of my laptop since I removed the virus last week, so I don't believe that I am infected any longer. Just seems strange to me that Spybot finds it.

Also, this could be related, but on start up, I get a Run DLL dialogue box appear:

Run DLL
Error loading
C:\users\liam\appdata\local\temp\jkkKawuV.dll
The specified module could not be found

This has only appeared since my Virtumonde problem, and I would like to get rid of it - very annoying! I've googled the dll extension but found nothing, does anyone have any ideas what it is or how to get rid of it?

Thanks again

Like md spybot fan suggested, you should post in the malware removal forums. I didn't suggest that at first because i was waiting to see if safe mode solved your problem. If you want to make sure your system is clean, please post in the malware removal forums. GOOD LUCK!!

 

[Liam27]

OK, I will do that, thank you.

Only problem is, I'm not very technically advanced, so for getting the logs etc up, I may struggle!

 

[129260]

its ok.

If you knew how to boot into safe mode, and can follow directions, you will be fine Do your best and follow the directions carefully!! Good luck!

 

[Liam27]

Awesome, thanks guys. I'll give it my best shot a bit later this evening when I have more time on my hands. What a friendly forum!

 

[drragostea]

Liam, welcome to the forums. Virtuemonde can be a persistent trojan and can be difficult to remove. I attempted to fix with Spybot one time (at my aunt's place) and it wouldn't work the first try (because Smitfraud with there too), so I was persistent too :cowboy:. It took around some 10 scans around a 2 month... or less period to remove it. Each time, I saw it, BAM! I fixed it. Sadly it reappeared.

http://forums.spybot.info/showpost.php?p=199060&postcount=4

You can consider posting a hijack log in the Malware Forums if the SAFE MODE tactic fails.

 

[Liam27]

Thanks - I posted in the Malware forum last night but no replies!

 

[tashi]

Hello,

Thanks - I posted in the Malware forum last night but no replies!

http://forums.spybot.info/showthread.php?t=29066

Although our volunteers are a little swamped at the moment in malware removal, it would help if you produced a HJT log for someone to analyse.

Instructions for HJT here:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Cheers.

 

[Liam27]

Thanks - just done that now