Virtumonde, Virtumonde.generic, Smithfraud-C infections

I thought everything was good. Now I'm not so sure. I turned on Norton and reconnected to the web to download all the new definitions and updates. Everything worked perfectly. Even the Norton "SONAR Advanced Protection" ran without shutting itself off.

Not having done so since all of this began, I decided to have Norton do a full system scan. I was surpised to see the following reported:

3/28/2009 7:34 PM,High,Trojan.Vundo detected by Virus scanner,Removed,Resolved - No Action,Virus scanner,2009.03.28.003,Trojan.Vundo,Virus,File Based,Fully removed,

3/28/2009 7:34 PM,High,Trojan.Vundo detected by Virus scanner,Restart Required,You must restart your computer.,Virus scanner,2009.03.28.003,Trojan.Vundo,Virus,File Based,Fully removed,109.1.0.61

3/28/2009 7:34 PM,High,Suspicious.Vundo detected by Virus scanner,Removed,Resolved - No Action,Virus scanner,2009.03.28.003,Suspicious.Vundo,Heuristic Virus,File Based,Fully removed,

3/28/2009 7:34 PM,High,Trojan.Adclicker detected by Virus scanner,Removed,Resolved - No Action,Virus scanner,2009.03.28.003,Trojan.Adclicker,Virus,File Based,Fully removed,109.1.0.61

3/28/2009 7:34 PM,High,Hacktool.Rootkit detected by Virus scanner,Removed,Resolved - No Action,Virus scanner,2009.03.28.003,Hacktool.Rootkit,Virus,File Based,Fully removed,109.1.0.61

3/28/2009 7:31 PM,High,Suspicious.Vundo detected by Virus scanner,Restart Required,You must restart your computer.,Virus scanner,2009.03.28.003,Suspicious.Vundo,Heuristic Virus,File Based,Fully removed,109.1.0.61

3/28/2009 7:17 PM,High,Suspicious.Vundo detected by Auto-Protect,Restart Required,You must restart your computer.,Auto-Protect,2009.03.28.003,Suspicious.Vundo,Heuristic Virus,File Based,Fully removed,109.1.0.61

3/28/2009 7:14 PM,High,Downloader detected by Virus scanner,Removed,Resolved - No Action,Virus scanner,2009.03.28.003,Downloader,Virus,File Based,Fully removed,109.1.0.61

Then this morning, there was this message waiting for me:
3/29/2009 12:01 PM,High,Suspicious.Vundo detected by Auto-Protect,Restart Required,You must restart your computer.,Auto-Protect,2009.03.28.003,109.1.0.61,Suspicious.Vundo,Heuristic Virus,File Based,Fully removed

So what does this mean?

Thanks.
 
Hi

I believe those findings may have well been in quarantine items. Is there a way that you could check what items exactly were removed?
 
I reviewed the Norton Security Log and, if I correctly understand what I am reading, the program considers these NEW infections, removed as a result of my Norton scan of 3/28 except for the one entry on 3/29 which was removed by Norton Auto-Protect.

Could these really be new infections? After I reconnected to the Internet, the ONLY sites I visited were this one and the Symantec Live Update.

What do you think?

Regards.
 
Hi

I still believe those may have been items quarantined in c:\QooBox folder. Without seeing any location paths it's difficult to say if that's so or not.
 
So how should I proceed? Is there any way for me to give you the path information you need? Should I just ignore the Symantec stuff and move on?
 
Hi

I'm not familiar with Symantec solutions so don't know if there's possibility to get some report with file paths included.

Anyway, you may uninstall ComboFix to see if those alerts keep coming after that.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top