Donít know what else to do. Please help.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


My computer became infected a few days ago. I am currently running
ESET NOD32 Antivirus (no firewall) i also reguarly scan with both
Adaware and Spybot S&D. Despite running all these applications and
removing several files my problem still hasnít gone away.

One name that keeps reapearing is a file called Virtuemonde. Every
time i run Spybot it find this file and deletes it but when i restart
it is there again. I have tried doing a search on that name but as you
can see from the symptoms listed below i canít search on google or
yahoo etc.
I have used msconfig to disable all startups and non windows services.
Deleted all temp internet files and cookies.

I am using Windows XP Pro with SP3 and IE. I also have Firefox version
2.0 but i have the same problems with either browser. All software
including windows has all critical updates.

Current symptoms include:

1. Various websites do not load. For example i canít even do a search
with google. The IE progress bar just ticks away and no search results
are shown.
2. Microsoft Visual C++ Run time errors resulting in all browser
windows shutting down.
3. Pop-ups.
4. (rarely) The windows taskbar disapears for a few seconds and then
reappears.

Im not sure what else i can do. Please advise.

Regards,

Lee.

--
Posted at author's request, using moderated http://www.securityforumz.com
interface
Thread archive: http://www.securityforumz.com/Don-help-ftopict11354.html

Re: Donít know what else to do. Please help.



On Mon, 15 Sep 2008 11:22:20 -0500, in alt.comp.anti-virus, lee1001
arranged some electrons, so they looked like this:

 ... My computer became infected a few days ago. I am currently running
 ... ESET NOD32 Antivirus (no firewall) i also reguarly scan with both
 ... Adaware and Spybot S&D. Despite running all these applications and
 ... removing several files my problem still hasnít gone away.

Try a-squared free and/or Spyware Terminator. AdAware has never caught
everything in my
system.

The best was Bazooka, but it's not being updated any longer. You can try, anyway.


 ... One name that keeps reapearing is a file called Virtuemonde. Every
 ... time i run Spybot it find this file and deletes it but when i restart
 ... it is there again. I have tried doing a search on that name but as you
 ... can see from the symptoms listed below i canít search on google or
 ... yahoo etc.
 ... I have used msconfig to disable all startups and non windows services.
 ... Deleted all temp internet files and cookies.
 ...
 ... I am using Windows XP Pro with SP3 and IE. I also have Firefox version
 ... 2.0 but i have the same problems with either browser. All software
 ... including windows has all critical updates.
 ...
 ... Current symptoms include:
 ...
 ... 1. Various websites do not load. For example i canít even do a search
 ... with google. The IE progress bar just ticks away and no search results
 ... are shown.
 ... 2. Microsoft Visual C++ Run time errors resulting in all browser
 ... windows shutting down.
 ... 3. Pop-ups.
 ... 4. (rarely) The windows taskbar disapears for a few seconds and then
 ... reappears.
 ...
 ... Im not sure what else i can do. Please advise.
 ...
 ... Regards,
 ...
 ... Lee.

=====
It sounds much better in French, but then, everything does.

Re: Don't know what else to do. Please help.

Get rid of the problem and then turn off system restore. that is probasbly
what is keeping the problem in the PC. Then reboot and turn it on again.

--
Yours Quilly,
http://quilljar.users.btopenworld.com /
Quoted text here. Click to load it


Re: Don?t know what else to do. Please help.



none@000.com says...
Quoted text here. Click to load it

Only download software you can validate as uncompromised - in the case=20
of non-vendor site you have no guarantee that the files are unmodified=20
or uncompromised. Anyone providing a link to a non-vendors site with a=20
direct download should not be trusted, the vendors sites are the safest=20
place to download their application.

No person of sound mind would download files from a hack site that=20
requires a password to access the unknown files when they are available=20
directly from the vendors.

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad=20
ware removal tools and also for Antivirus tools. After you install any=20
of these applications and update them, run them in SAFE MODE to allow=20
them to properly clean your system.

First, make sure that your Java is updated to the latest version:
http://www.java.com/en/download/index.jsp

These sites are for downloading Anti-Malware and Anti-Spyware tools, in=20
order that I would use them myself:

Dave Lipman's tools:
Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

MalwareBytes Anti-Malware
From http://www.bleepingcomputer.com /
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

--=20
Leythos - spam999free@rrohio.com (remove 999 to email me)
Public Service Warning: Learn about PCButts before you trust:
http://www.velocityreviews.com/forums/t513604-author-of-removeit.html
http://www.google.com/search?hl=3Den&q=3Dpcbutts1+thief

Re: Don't know what else to do. Please help.

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.





Quoted text here. Click to load it


Re: Donít know what else to do. Please help.





Quoted text here. Click to load it


It's already running in memory so you have to kill the running
processes before removing it from automatic startup locations
otherwise it will be written back.

Download autoruns and process explorer from sysinternals
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Run process explorer first to find and stop the offending running
processes, then run autoruns which monitors automatic startups.



Jim.


Re: Donít know what else to do. Please help.




| My computer became infected a few days ago. I am currently running
| ESET NOD32 Antivirus (no firewall) i also reguarly scan with both
| Adaware and Spybot S&D. Despite running all these applications and
| removing several files my problem still hasnít gone away.

| One name that keeps reapearing is a file called Virtuemonde. Every
| time i run Spybot it find this file and deletes it but when i restart
| it is there again. I have tried doing a search on that name but as you
| can see from the symptoms listed below i canít search on google or
| yahoo etc.
| I have used msconfig to disable all startups and non windows services.
| Deleted all temp internet files and cookies.

| I am using Windows XP Pro with SP3 and IE. I also have Firefox version
| 2.0 but i have the same problems with either browser. All software
| including windows has all critical updates.

| Current symptoms include:

| 1. Various websites do not load. For example i canít even do a search
| with google. The IE progress bar just ticks away and no search results
| are shown.
| 2. Microsoft Visual C++ Run time errors resulting in all browser
| windows shutting down.
| 3. Pop-ups.
| 4. (rarely) The windows taskbar disapears for a few seconds and then
| reappears.

| Im not sure what else i can do. Please advise.

| Regards,

| Lee.

First, pay no head to "The Real Truth MVP"

His Remove-It software is plagiaried and does NOT target the Vundo trojan and
Virtumonde
adware.

Read the following...
http://groups.google.com/group/microsoft.public.security.homeusers/msg/213247814fb4d61e
and
http://groups.google.com/group/microsoft.public.security.homeusers/msg/e19fce884897662f

Secondly, the following does target the Vundo trojan and Virtumonde adware and
is very
effective on them.
Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: The truth about the David Lipman Troll




Quoted text here. Click to load it

Darn,those pages were blocked because of the wonderful hosts file that I  
use provided by the nice folks at mvps.org

Oh well,it's for the best.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is for use in USENET-feel free to use it yourself.

Re: Donít know what else to do. Please help.

X-No-Archive: yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Quoted text here. Click to load it


Virtuemonde is a pain in the ass to get rid of and variants of it just
keep
cropping up. Eset just added a number of Virtuemonde variants to their
malware definitions earlier this evening, but although it may detect
it, it
may not fully remove the registry entries and all of the files it
leaves on
your computer.

The one time that I had a run in with it a few months ago, I had to
use
Trojan Remover to get rid of it entirely. You can download a fully
functional trial version at www.simplysup.com

Hope this helps.

-----BEGIN PGP SIGNATURE-----
Version: Compiled from PGP source code.
Comment: KeyID: 0x2527F8A2
Comment: Fingerprint: 2121 9948 00AB D7CC C3BC  72FA E700 E48C 2527
F8A2

iQA/AwUBSNCJTecA5IwlJ/iiEQJVFQCfQjSGUhRl8TGnh9Ti/DLckwm59QQAoPI4
XIU9EswqRD+tTkWdrKyP4nub
=9Vlp
-----END PGP SIGNATURE-----


Site Timeline