Virus, Spyware.. Need Help? Here it is

Hi all.. Just to add to the list...

A web site ran an update for Java early yesterday. I did the normal. Then after the update the applet on the web page loaded, wasn't what I was after so left the page.

I had spent a bit more time on the net and eventually thought I'd do my usual sweep and clean and reboot.

Everything was fine until about 5 minutes after reboot. Any applications I had running on the desktop would stay open, but all the desktop icons and the 'Start' button at bottom of screen would all disappear.

Cannot use right click on desktop to do 'refresh'.
Minimise any running programme and you can't restore it.
If you want to get to progs running then move the prog windows around until you can click on ones behind to bring to front.

Had to press reset button to force reboot.

Upon login I ran a-squared... nothing found.
I ran anti virus...nothing found.
I ran spybot... 3 problems found.

Name of the nasty little critter was "Virtumonde".

Tried to use spybot to remove the prog. Cleaned up my system, did a reboot. Problem still existed. Ran spybot again, same problem but different file names in registry.

Did a net search for virtumonde... oh, what a nasty little thing it is.. sneaky or what!!
Vundo or Virtumonde

So, I was left with a few possibilities upon further searches.
I tried what was suggested, Paretologic antispyware..completely useless. It found two files that had no relevance to my problem.

Killbox at least was able to stop the programme, but didn't help to fix all.
adaware could not even find the problem, let alone fix it.

This lot didn't help either...

Looked like I was going to have to dive into registry and maybe kill my system seeing as Virtumonde appears to have so many different names and can rename itself. It would be like trying to fin a pin on the moon using binocular\s from Earth.

Then I found this... FREEFIXER Very helpful little tool.

I have now completely removed Virtumonde from my system.
How?
Far easier than it would seem. Just took me nearly 12 hours to work it out

Run spybot. Let it find the problem, but don't use it to fix the files.
Once found run Freefixer.
Now go to control panel/internet options/programmes/manage add-ons and dis-able the Browser helper object that you find listed in spybot.

Now, back in spybot, below the browser helper file, there may/will be more files. Select one so it is highlighted, then right click it and choose 'more details' and then 'jump to location.

Regedit will now open. Delete that highlighted file from the registry editor.
Do the same with all other files in spybot that are below the browser helper file.

Now go back to Freefixer and select ALL the browser helper files you find that are in the same section as the BHF you have found in spybot.

DELETE the lot... Freefixer will remove them upon reboot.

With a bit of luck, that should have fixed the problem..it's fixed mine..but seeing as virtumonde seems to be adapting over time, I'm sure this might change in the future.

I'm surprised you just didn't follow the link for vundofix.exe in the wiki page you linked in your last post. It has the free download.

vundofix

BTW, I have found this website invaluable in helping and fixing virus and spyware issues. It links to the same fix for vundo.

reply to post by Tuebor

---

I did try vundofix..but it didn't help.

Vundo/virtumonde looks like it's being constantly worked on and adapted.
From what I've read, it's been around for at least 5 yeas and, to date, nobody has managed to create a viable programme to stop it or remove it.

A great list of online scanners for a variety of threats:
www.malwarehelp.org...

I have used avast for months now and it managed to block some trojans

Excellent resource, this thread.

Thanks for all the ideas and free downloads to work with to help us keep our pc clean!

Some of these things that attach themselves can literally take days to work out, the better *tools* the quicker the fix.

I truly appreciate the layman terms used so that those of us who are pretty illiterate with computers can still understand the "how to's"

reply to post by Merger

---

I would suggest AVG Free Edition for a antivirus solution.
They incorporate antivirus and antispyware in 1 solution.

They also have a site advisor feature that works very good.

You can get it from. free.grisoft.com...

Also Spybot and Ad-aware are good to have but also install spywareblaster as a preventive solution.
If you use the blocking feature of Spybot it does the same thing but more effectively.
I am a professional, I've been in the field for over 10 years, and the best defense is being more informed of what your doing and downloading.

If you need to download any of the above software please use www.majorgeeks.com

They check every download on their site and tell you if the software is freeware, adware, shareware, or whatever it may be.

I'm currently running Windows XP Home
I have
free zonealarm (i don't run more than one firewall at a time)
Ad-aware
Spy-bot
Noads
Windows Defender
AVG (paid)8.0 edt.
Recently I've had prob's starting I.E. so I removed Zonealarm and went with free XP firewall. it seems to work ok now. however i've now got a new prob. my AVG files get corrupted. when running diskcheck i saw Ad-aware files being restored. as an attempt to do something i removed Ad-aware. now my probs are gone.
Are there issues with Ad-aware that might be giving me problems?

Ad-aware is crap. Don't use it. There are better free anti-malware programs.

AVG is good but not the best. As a matter of fact, there is no best anti-virus program. AVG Free also installs some trojan crap, like the LinkChecker.

The Windows XP firewall is not that great. Use ZoneAlarm if possible.

To keep my computer nice and fast, and virus free. I life to use
Advanced SystemCare
IOBIT Security360(beta)
Avast!
SpyBot S&D
SpywareBlaster

I HIGHLY recommend Advanced SystemCare. I have used that since the first beta. And the program they had before that one. Advanced Windos Care i think it was called.

As for Web Browsers. My favorite has always been Opera. I love Opera. I tried FireFox, didnt really like it. I tried Safari for Windows. Didnt like it. I tried, and till have the first and only 3D Web Browser. Called Space Time. Right now, im using Google Chrome. Its the fastest. It doesnt have the cool add-ons like other browsers, but it is fast and simple. I suggest you use it, step away from the Firefox and try something new. And dont use IE. I have IE8, it is slow.

[edit on 27-6-2009 by ShadowLife]

I need some help to remove a nasty little hijacker that has somehow managed to infect my PC.

It lives here: C:\WINDOWS\system32\tdlwsp.dll
and is called Agent_r.OT

AVG removes it, but it respawns.

IObitsecurity360, same thing.

Won't allow boot up in safe mode (any of them)

Won't allow system restore.

Any help appreciated

reply to post by budski

---

Try Malwarebytes

You may have to either rename it after downloading.

Or

Try it in safe mode.

I googled your virus, seems others are infected with it and I couldn't find a sure answer of how to get rid of it.

Malwarebytes is a good tool, hopefully it will work for you.

reply to post by elevatedone

---

No joy there either.

Now tried malwarebytes, spybotS&D, IObit360 plus my usual AVG

can't get into safe mode.

Think I'll have to wait for the techies at AVG to immunise, or just keep looking for a fix

Thanks anyway

Unless anyone has any other idea's?

googled the name of it, then found a couple of tech forums which recommended combofix

A bit of a pain to use, but sorted out the virus and rootkit and removed it.

Then went into safemode with networking (couldn't get in until virus removed) and ran avg.

PC now fine and dandy - recommend ComboFix for any problems that other utilities can't sort out.

Just stop by the lower parts to ask you guys.

Is there a good and bad website I can download google earth from?

Anybody know a good one?

[edit on 4-3-2010 by randyvs]

reply to post by randyvs

---

this should help, randyvs

earth.google.com...

reply to post by 12m8keall2c

---

Thank you ki mo sabe: