I've downloaded SpywareBot and Ad-Aware, but neither found my bug.
When I run the Symantec program specifically intended to remove
Adware.Virtumonde, it doesn't find anything. Neither does Avast.
Perhaps Adware.VirtuMonde and Win32/VirtuMonde are not the same thing.
Any clues on what else I can try?
"Malke" wrote:
> Go through the preparatory steps here:
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to
> do all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://pcdid.com/Multi_AV.htm - download
>
> Then do the specific removal steps here:
> http://www.elephantboycomputers.com/page2.html#Winfixer
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the first link above (not here, please).
>
> Not all tools used will work in Vista and you will need to run them
> elevated. Since Vista is so new, it will be a while before removal
> techniques and tools are developed. If you are unable to remove the
> infection by following the general steps, register at one of the
> HijackThis forums as suggested.
>
> Standard caveat: If the procedures look too complex - and there is no
> shame in admitting this isn't your cup of tea - take the machine to a
> professional computer repair shop (not your local version of
> BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may
> be so infested that Windows will need to be clean-installed. Have all
> your data backed up before you take the machine into a shop.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
Two phase answer...
Perform Part 1 then perform Part 2
If the first two parts don't work, perform the alternate utility.
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.
It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 2 (jre 6u2)
Simple check, look under...
C:\Program Files\Java
The only folder under that folder should be the latest version.
Such as...
C:\Program Files\Java\jre1.6.0_02
http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp
FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Part 1
------------
Download Adware-Virtumundo Removal Tool --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049
Part 2
------------
Download Atribune's VUNDOFIX.EXE
http://www.atribune.org/ccount/click.php?id=4
Save VUNDOFIX.EXE to "C:\" ( C:\VUNDOFIX.EXE ) and execute it from there.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Also are you recieving ad marketing windows multiple prompts or so
experiencing slowdon on start-up or loading windows?
--
Milo
MSPSS
Ron: I tried both SpyBot and SpywareBot. Both found some adware, but
not the VirtuMonde.O I needed to kill.
Milo: Yes, I have been seeing lots of windows prompts, many from sites
I never heard of, telling me that I have a virus, and that I must
download their software immediately. I do not. Also, I have not seen
any general slowdown of the machine.
David: I did have JRE1.4, which I uninstalled and put on JRE1.6. The
VirtumundoBeGone, which I ran first, seems to have done the trick.
VundoFix was next, but it did not find it. I then reran both in Safe
Mode, and both came up empty, I then ran the WD scan again, and it
also came up empty. (whew!)
Another note... I use Avast as my virus blocker, and it was the first
to tell me that a virus was inbound. I told it to delete the virus,
and it said it was unable to do so because the file was locked. A few
minutes later, Windows Defender popped up its message. By then, the
virus was already embedded on the machine. I find it interesting that
both packages saw it, and could do nothing about it.
Much thanks to all of you.
Da
1. Go to start > run
type %temp% ( folder would appear delete all entries that can be deleted
)
type temp ( same )
type prefetch ( same )
2. Go to control Panel > locate an icon named System left click
System Properties console would appear and go to System Restore tab
put a check on "Turn off System Restore", apply and ok
restart the computer scan again.
Should the process be successfull uncheck the "Turn off System Restore"
box
to avail of the restore point feature of windows, this time its no
longer tainted by the said strands of infecton.
--
Milo
MSPSS
Thanks
Dan
Dan
~On a clear disk, you can seek forever ~