win32/adware.virtumonde and win32.privacyremover.m64

[I don''t know anything]

Hi

My computer is infected by this: win32/adware.virtumonde and
win32.privacyremover.m64

On my screen it says in big letters that your computer is effected.

I tried to do system restore to a previous point but the only point
available now is the one whe re the virus was effected. I did it and nothing
happened and the virus is still there
My McAfee Antivirus has expired but even then I did a Scan in safe mode and
it didnt find anything.
I downloaded AVG Antivirus (free) from download.com and tried to insgtall it
but it wont run the installation process.
I am able to connect to internet with my effected computer. But it won't
OPEN any anti-virus site. I am able to search on google but when I click on
any link it goes to some adware website and doesn't go to the link I click on.
Now my computer wont also connect on this site.

My effected computer is besides me now. I am using my landlord's computer.
My computer is my best friend. Please tell me how can i make it good.

I can use Outlook on my computer and send mails through it. So if you want
to know some details from my computer, i can copy them on outlook and send it
by email to my landlord's computer and u can read it.

Please help me ASAP. Please SOS!

Thanks and God bless!

 

[David H. Lipman]

From: "I don''t know anything" <[email protected]>

| Hi

| My computer is infected by this: win32/adware.virtumonde and
| win32.privacyremover.m64

| On my screen it says in big letters that your computer is effected.

| I tried to do system restore to a previous point but the only point
| available now is the one whe re the virus was effected. I did it and nothing
| happened and the virus is still there
| My McAfee Antivirus has expired but even then I did a Scan in safe mode and
| it didnt find anything.
| I downloaded AVG Antivirus (free) from download.com and tried to insgtall it
| but it wont run the installation process.
| I am able to connect to internet with my effected computer. But it won't
| OPEN any anti-virus site. I am able to search on google but when I click on
| any link it goes to some adware website and doesn't go to the link I click on.
| Now my computer wont also connect on this site.

| My effected computer is besides me now. I am using my landlord's computer.
| My computer is my best friend. Please tell me how can i make it good.

| I can use Outlook on my computer and send mails through it. So if you want
| to know some details from my computer, i can copy them on outlook and send it
| by email to my landlord's computer and u can read it.

| Please help me ASAP. Please SOS!

| Thanks and God bless!


Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Then post the contents of the HJT log in your post in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[I don''t know anything]

Hi,

Thanks for your response. I tried to go to the trendsecure site but it open.
It wont open any anti-virus site or sites like bleepingcomputer.com
It just opens google.com or msn.com and some basic sites.

When I try to open any other site, the browser just stops as if there is no
internet connection.

What should I do?

 

[The Real Truth MVP]

Use my free Remove-it software, it will remove that malware from your
system. Download it here http://pcbutts1.com/downloads/tools/tools.htm

 

[David H. Lipman]

From: "I don''t know anything" <[email protected]>

| Hi,

| Thanks for your response. I tried to go to the trendsecure site but it open.
| It wont open any anti-virus site or sites like bleepingcomputer.com
| It just opens google.com or msn.com and some basic sites.

| When I try to open any other site, the browser just stops as if there is no
| internet connection.

| What should I do?

Start off by NOT going to to the PCBUTTS1.Com site.
It is run by a fake MVP and software plagiarizer whose software will also block access to
other anti malware sites.

"He" can not be trusted !

If you are using IE, try using FireFox instead.
Additionally, if you have a file called; hosts in the following folder,
C:\windows\system32\drivers\etc

Deleted the file; C:\windows\system32\drivers\etc\hosts

Then in a command prompt type; ipconfig /flushdns

Then go to one of the sites I suggested.

 

[Elmo]

Hi,

Thanks for your response. I tried to go to the trendsecure site but it open.
It wont open any anti-virus site or sites like bleepingcomputer.com
It just opens google.com or msn.com and some basic sites.

When I try to open any other site, the browser just stops as if there is no
internet connection.

What should I do?

See where the Hosts file is located and check if it's being used to
block the sites. A quote:

"C:\windows\system32\drivers\etc is only the "default" location for the
hosts file and an alternate is settable in the registry here.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

Some malware will change this location to prevent being blocked by
hosts."

Also try downloading some a/v software to a different computer then run
it from a thumb drive, or other media.

Try a malware ng for more ideas.

 

[Stephen Harris]

Hi

My computer is infected by this: win32/adware.virtumonde and
win32.privacyremover.m64

On my screen it says in big letters that your computer is effected.

I tried to do system restore to a previous point but the only point
available now is the one whe re the virus was effected. I did it and nothing
happened and the virus is still there
My McAfee Antivirus has expired but even then I did a Scan in safe mode and
it didnt find anything.
I downloaded AVG Antivirus (free) from download.com and tried to insgtall it
but it wont run the installation process.
I am able to connect to internet with my effected computer. But it won't
OPEN any anti-virus site. I am able to search on google but when I click on
any link it goes to some adware website and doesn't go to the link I click on.
Now my computer wont also connect on this site.

My effected computer is besides me now. I am using my landlord's computer.
My computer is my best friend. Please tell me how can i make it good.

I can use Outlook on my computer and send mails through it. So if you want
to know some details from my computer, i can copy them on outlook and send it
by email to my landlord's computer and u can read it.

Please help me ASAP. Please SOS!

Thanks and God bless!

You are fortunate to be getting fixing advice from David H. Lipman.

I would not count on being able to fix this. While your
computer is still somewhat working, I would backup any
important files. Buy a 2gig USB flash drive, they plug
into a USB port. You can use Windows Explorer (not IE)
to drag and drop any important documents or data files
from your C:\ drive to your USB drive which is often the
letter, following the letter for the last cd/dvd drives.

You might want to save your email and maybe the Favorites
links. If you can still use Google, then google how to
save/backup these applications. Maybe you need to print
out the instructions. For the future, you might want to
make a full backup of your hard drive. Then you can just
overwrite the problem partition from the working backup.
I use Acronis True Image Home, which, if not the best, is
at least first among equals. This backup safety measure
will save you hours of time battling malware which is very
prevalent. You need two and better three anti-virus programs.

Some computers come with a "hidden" partition which has the
basic Operating System (OS) and drivers ready to be
automatically reinstalled after formatting the problematic
malware partition. If you have your important files saved,
they can then be reinstated after you have installed again
your applications, programs that act upon your data files.

Other computers come with reinstall cds which restore your
basic OS and hardware drivers. It is difficult for a user
with low computer literacy to navigate the steps to fixing
a (this)malware problem. That is why my advice is centered on
taking precautions against the possibility of failing, first.

Regards,
Stephen

 

[Plato]

My computer is infected by this: win32/adware.virtumonde and
win32.privacyremover.m64

On my screen it says in big letters that your computer is effected.

I tried to do system restore to a previous point but the only point
available now is the one whe re the virus was effected. I did it and nothing
happened and the virus is still there

System restore does not get rid of viruses. Best bet in the future is
NOT to install the virus in the first place.