vondo/virtumonde help

[pemo]

i have caught vondo trojan on another pc. all attempts to remove has not
worked. tried fix vondo, vondo fix, both say it is not present. when i run
spybot search and destroy, it finds files, including 3 on registry. when i
click repair, it has acted two ways--
1- it removes files (so it seems) but a second scan finds they have
reloaded.
or
2- the program freezes.
when i reboot and scan again, same files are found even though previous scan
has said they were deleted.
have found two .dll files that are corrupted with the trojan, but i am not
permitted to delete them. i am told they are locked or in use by anothe
program or person.
have tried this over and over in both normal mode and safe mode. have
searched and found some info and "repairs" on web, but the repairs do not
find virus when they are run, even though spybot does.
any info would be appreciated,
thanks in advance,
pemo

 

[Kayman]

i have caught vondo trojan on another pc. all attempts to remove has not
worked. tried fix vondo, vondo fix, both say it is not present. when i run
spybot search and destroy, it finds files, including 3 on registry. when i
click repair, it has acted two ways--
1- it removes files (so it seems) but a second scan finds they have
reloaded.
or
2- the program freezes.
when i reboot and scan again, same files are found even though previous scan
has said they were deleted.
have found two .dll files that are corrupted with the trojan, but i am not
permitted to delete them. i am told they are locked or in use by anothe
program or person.
have tried this over and over in both normal mode and safe mode. have
searched and found some info and "repairs" on web, but the repairs do not
find virus when they are run, even though spybot does.
any info would be appreciated,
thanks in advance,
pemo

http://www.bleepingcomputer.com/for...result_type=topics&highlite=+vundo/virtumonde

 

[Sajjad Mehdi]

You can try this tool MalwareBytes Anti-Malware -
http://pcsafety.sheiky.net/portables/portable_antimalware.exe

This should remove your vundo.

 

[Craig S]

Anyone: Occasionally Malware Fixes include Disabling/Erasing System Restore
Files and I'm confused when that needs to be done si SR cannot Re-Introduce
the Baddie back in again. Can anyone clarify? I take it that's not an issue
here but don't know why. Thanks!

 

[Kelly]

Either use Disk Cleanup/More Options or System Restore/Turn off.
The former removes all but the last and the latter removes them all.
--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

SupportSpace
www.supportspace.com/pages?aiu=kellyskorner

 

[Ken Blake, MVP]

Anyone: Occasionally Malware Fixes include Disabling/Erasing System Restore
Files and I'm confused when that needs to be done si SR cannot Re-Introduce
the Baddie back in again. Can anyone clarify? I take it that's not an issue
here but don't know why. Thanks!

Any form of malware--whether spyware, virus, or anything else--in a
restore point is completely innocuous and can do nothing at all
*unless* you restore from that restore point.

You don't necessarily have to get rid of all the restore points;
instead you can just keep a record of which are infected and be sure
not to restore from them. Then wait for the infected point(s) to fall
off the end of the chain--a maximum of 90 days.

 

[pemo]

tried both of these fixes yesterday, they would find the files, but on
re-boot the virus/worm reloaded. thanks anyway
----- Original Message -----
From: "Kayman" <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
Sent: Monday, July 07, 2008 9:43 AM
Subject: Re: vondo/virtumonde help

 

[pemo]

THANKS! this did it. nice application. i like the file killer option. if i
had this yesterday i could have gotten rid of the locked .dll file(s) that
were re-installing the virus/worm. thanks again, this malware killer is a
keeper.
allot of the internet searches would show plenty of applications, they
scanned for free, but wanted allot of money for the version that would
remove
the virus.
this vondo shit is "ransom ware". i feel like i was being held up at gun
point.
pete

 

[pemo]

the recommendations to disable the restore point and disable network
connections were required prior to running "fix vondo", and "vondo fix",
both programs by the way were ineffective. antivir pe found the bad .dll(s)
and the corrupt registry items, but could not seem to delete the files.
reboot would show that they were back on system. the antimalware.exe in
sajjad's post worked excellently. A+

 

[PA Bear [MS MVP]]

Speaking from experience, I would NOT assume that machine's 100% clean if
all you did was run MBAM.

 

[pemo]

thank you --yes, i am still vigilant! i have been running spybot search and
destroy, a2square, and adaware, been deleting all cookies, emptying temp
folders, rebooting, defrag and start the process doing it all again and
again. have emptied all cache, quarantined files etc..
any other suggestions papa bear?

 

[PA Bear [MS MVP]]

It's PA (as in Pennsylvania) Bear, please.

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[pemo]

my apologies. i have added "super antispyware" to the arsenal. i will add
"hijack this" as well. thanks for the reply-- and the tips. i'll need to do
a little reading too!
pete

 

[Kelly]

Awesome program, thanks, Sajjad! As per your question:

How antivirus software and System Restore work together
http://support.microsoft.com/kb/831829
--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

SupportSpace
www.supportspace.com/pages?aiu=kellyskorner

 

[Kayman]

tried both of these fixes yesterday, they would find the files, but on
re-boot the virus/worm reloaded. thanks anyway
----- Original Message -----
From: "Kayman" <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
Sent: Monday, July 07, 2008 9:43 AM
Subject: Re: vondo/virtumonde help

Download/execute:
CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".

Then:
Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

Or:
Kaspersky's AVPTool for on demand scanning:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the application is updated
several times a day and you simply download the updated
scanner whenever you want to do a scan. (Scan in Safe-Mode).

Or:
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

Or:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Good luck