Re: Win32/VirtuMonde.O

From: Malke <notreally@xxxxxxxxxxxxxxx>
Date: Tue, 24 Jul 2007 07:09:36 -0700

DanG wrote:

I had a message pop up today from Window Defender, indicating that I
had a "Win32/Virtumonde.O" trojan on my PC. I had WD remove the
virus, and restarted as required. A few minutes later, the message
popped up again. I have tried everything I can think of, including
running WD in Safe Mode, but the virus keeps coming back. It seems
that WD says it's been successfully removed, but it really isn't.

I've downloaded SpywareBot and Ad-Aware, but neither found my bug.
When I run the Symantec program specifically intended to remove
Adware.Virtumonde, it doesn't find anything. Neither does Avast.
Perhaps Adware.VirtuMonde and Win32/VirtuMonde are not the same thing.

Any clues on what else I can try?

Go through the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

Then do the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Winfixer

You can also check to see if there are targeted removal steps for your malware here:
Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them elevated. Since Vista is so new, it will be a while before removal techniques and tools are developed. If you are unable to remove the infection by following the general steps, register at one of the HijackThis forums as suggested.

Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.

Follow-Ups:
- Re: Win32/VirtuMonde.O
  - From: Ron H

References:
- Win32/VirtuMonde.O
  - From: DanG

Prev by Date: Re: Installing Software without being Local Admin?
Next by Date: Re: Win32/VirtuMonde.O
Previous by thread: Win32/VirtuMonde.O
Next by thread: Re: Win32/VirtuMonde.O
Index(es):
- Date
- Thread

Relevant Pages

Re: Win32/VirtuMonde.O
... but the virus keeps coming back. ... I've downloaded SpywareBot and Ad-Aware, ... Multi_AV in Vista. ... your data backed up before you take the machine into a shop. ...
(microsoft.public.security)
Re: unknown virus that delete zip and jpeg file
... the virus or trojan attacked to my laptop it is doing delete all jpeg and zip file and damaged othe folder and it changed to foldername.exe i want to know what is this virus and can i recover lost file. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.security.virus)
Re: I get Error loading C:WINDOWSsystem32ijjjykl.dll
... virus, this was done from some I know that I was chatting to msn sent me a link by accident which has now given me this virus. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.windowsxp.security_admin)
Re: How do i get rid of Win32/zlob.zwc?
... Since Vista is so new, it will be a while before removal techniques and tools are developed. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.security.virus)
Re: antispystorm
... Since Vista is so new, it will be a while before removal techniques and tools are developed. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.security)