Hi all.. Just to add to the list...
A web site ran an update for Java early yesterday. I did the normal. Then after the update the applet on the web page loaded, wasn't what I was after
so left the page.
I had spent a bit more time on the net and eventually thought I'd do my usual sweep and clean and reboot.
Everything was fine until about 5 minutes after reboot. Any applications I had running on the desktop would stay open, but all the desktop icons and
the 'Start' button at bottom of screen would all disappear.
Cannot use right click on desktop to do 'refresh'.
Minimise any running programme and you can't restore it.
If you want to get to progs running then move the prog windows around until you can click on ones behind to bring to front.
Had to press reset button to force reboot.
Upon login I ran
a-squared... nothing found.
I ran
anti virus...nothing found.
I ran
spybot... 3 problems found.
Name of the nasty little critter was "Virtumonde".
Tried to use spybot to remove the prog. Cleaned up my system, did a reboot. Problem still existed. Ran spybot again, same problem but different file
names in registry.
Did a net search for virtumonde... oh, what a nasty little thing it is.. sneaky or what!!
Vundo or Virtumonde
So, I was left with a few possibilities upon further searches.
I tried what was suggested,
Paretologic antispyware..completely useless. It found
two files that had no relevance to my problem.
Killbox at least was able to stop the programme, but didn't help to fix all.
adaware could not even find the problem, let alone fix it.
This lot didn't help either...
Looked like I was going to have to dive into registry and maybe kill my system seeing as Virtumonde appears to have so many different names and can
rename itself. It would be like trying to fin a pin on the moon using binocular\s from Earth.
Then I found this...
FREEFIXER Very helpful little tool.
I have now completely removed Virtumonde from my system.
How?
Far easier than it would seem. Just took me nearly 12 hours to work it out
Run spybot. Let it find the problem, but don't use it to fix the files.
Once found run Freefixer.
Now go to control panel/internet options/programmes/manage add-ons and dis-able the Browser helper object that you find listed in spybot.
Now, back in spybot, below the browser helper file, there may/will be more files. Select one so it is highlighted, then right click it and choose
'more details' and then 'jump to location.
Regedit will now open. Delete that highlighted file from the registry editor.
Do the same with all other files in spybot that are below the browser helper file.
Now go back to Freefixer and select ALL the browser helper files you find that are in the same section as the BHF you have found in spybot.
DELETE the lot... Freefixer will remove them upon reboot.
With a bit of luck, that should have fixed the problem..it's fixed mine..but seeing as virtumonde seems to be adapting over time, I'm sure this
might change in the future.
