winfixer & virtumondo won't leave

[Steve]

I have run MS Spyware Beta a number of times and it find
16 instances of "virtumondo" on my computer. I tell it to
remove, as recommended, but it is always thee when I scan
again. Any ideas?

Also, winfixer seems to never leave. It still keeps
popping up ads to download it. How do I remove these?
Thank you.

 

[Engel]

Hello Steve;

Look in:

Subject: win fixer 2005
From: "junaid" <[email protected]> Sent: 9/19/2005
3:35:39 PM
Online Community forum


Subject: winfixer
From: "r" <[email protected]> Sent:
9/12/2005 8:30:57 AM
GENERAL

Subject: winfixer 2005 & winantispyware
From: "(e-mail address removed)"
<[email protected]> Sent: 9/8/2005
6:41:38 PM
SIGNATURES

Subject: Re: winfixer popup
From: "AndyManchesta" <[email protected]>
Sent: 9/11/2005 11:11:34 AM


Good luck and good searching

Engel

 

[Guest]

Thank you

-----Original Message-----
Hello Steve;

Look in:

Subject: win fixer 2005
From: "junaid" <[email protected]> Sent: 9/19/2005
3:35:39 PM
Online Community forum


Subject: winfixer
From: "r" <[email protected]> Sent:
9/12/2005 8:30:57 AM
GENERAL

Subject: winfixer 2005 & winantispyware
From: "(e-mail address removed)"
<[email protected]> Sent: 9/8/2005
6:41:38 PM
SIGNATURES

Subject: Re: winfixer popup
From: "AndyManchesta" <[email protected]>
Sent: 9/11/2005 11:11:34 AM


Good luck and good searching

Engel


.

 

[Alan]

Steve, I just had a bout with winfixer popups also, and
finally found a fix. MS Antispyware did identify
VIRTUMUNDO exactly as you described, and was unable to
remove it.
I found a procedure to fix it here:
http://www.bleepingcomputer.com/forums/How-to-remove-the-
TrojanVundoB-Search42com-MSevents-tx18610-0.html

This worked to kill this bad guy for me.

Good luck.

 

[Guest]

Thanks Alan and Engel. I've messed with it all day. Is
there any way the creators of these things be held
criminally or civilly liable? Steve

 

[Steve]

Thanks Alan and Engel. I'm curious. Why can't MS figure
out an EASY way to remove this if they know what it is? I
went to your link and it certainly seems a bit
complicated and somewhat intimidating. I'll give it a
show though. I am disgusted at the slimeballs who develop
these bad programs. Thanks again. Steve

 

[Steve]

Spyware Scan Details
Start Date: 9/26/2005 4:47:07 PM
End Date: 9/26/2005 4:55:15 PM
Total Time: 8 mins 8 secs

Detected Threats

Virtumondo Adware more information...
Status: Quarantined
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}\InprocServer32 C:\WINDOWS\system32
\ddccy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}\InprocServer32 ThreadingModel
apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}\ProgID MSEvents.MSEvents.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}\TypeLib {BAD59A24-6891-417D-A041-
C8FD495B77F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}\VersionIndependentProgID
MSEvents.MSEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697} MSEvents Object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697} AppID
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}\InprocServer32 C:\WINDOWS\system32\ddccy.dll
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}\ProgID MSEvents.MSEvents.1
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}\TypeLib {BAD59A24-6891-417D-A041-
C8FD495B77F1}
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697}\VersionIndependentProgID MSEvents.MSEvents
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697} MSEvents Object
HKEY_CLASSES_ROOT\CLSID\{52B1DFC7-AAFC-4362-B103-
868B0683C697} AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B1DFC7-AAFC-
4362-B103-868B0683C697}


Detected Spyware Cookies
No spyware cookies were found during this scan.


----------------------------------------------------------

 

[Guest]

By the way,

What happens if you simply try to delete these files
somehow? Thanks

ps- I hait bein ignurint.

 

[Guest]

It does seem intimidating when you read that procedure,
but if you carefully follow it step-by-step, it's not
that difficult.

Hopefully the feedback here will help MS figure out how
to modify antispyware to be able to remove this kind of
threat more easily.

Let us know how it works out. I battled this one for over
a week before I found this procedure.

 

[Engel]

Here is an other reference Thanks to plun
http://forums.techguy.org/printthread.php?t=376692

Engel