Carmens said:
I have a similar problem. Symantec antivirus is not detecting this trojan,
but Spybot S&D finds it as virtumonde.sci and smitfraud-c. It is not able to
remove one file named xxyvVOEW.dll in system32 folder. I cannot delete or
rename this file even in cmd prompt. I scanned with bit defender and it see
it as Trojan.Vundo.GHM but is unable to delete it. Some of its files are
deleted but they end up reinstalling themselves again. I even tried hijack
this but it has not helped.
Do all the following in Safe Mode. Avast! has a boot scan which might
remove the malware before it can take control. I believe McAfee has
this ability too. Another thing I would try:
Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.
You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.
You could click Start, Run, type MSCONFIG, click OK, click the StartUp
tab, and deselect the item(s). When you restart the computer, you will
be warned that you're running in the Diagnostic mode; click to not alert
you again, and OK out. You won't see the message again. But I think
it's best to just remove the references from the registry.
Also press Ctrl/Alt-Delete and shut down many tasks that could be
malware. Explorer32.exe is malware, e.g. If you shut down the right
ones, they may not be able to protect their entries, you might gain
control in Safe Mode, and be able to run some of the a/v software
effectively. As it is, you may be getting false reports from the
malware anyway.