| Author |
Topic: Virtu Monde / Vmonde |
Lee Baucum
From:
McAllen, Texas (Extreme South) The Final Frontier
|
Posted 12 Jan 2009 7:07 am |
|
Looks like my computer is infected with this trojan. I find lots of sites that offer free software for removing it.
Can any of you guys recommend one that you are sure is safe?
By the way, when I run Spybot, it finds it and claims to delete it, but it comes back. There must be a hidden file somewhere that is re-creating it. AVG anti-virus/anti-spyware does not find it. Neither does Ad Aware.
Thanks!
Lee, from South Texas |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Jan 2009 8:50 am
|
|
Lee;
Since you have tried Spybot and AVG and the infection came back, it is probably because the files and settings used to protect the malware program are backed up in System Restore. Turn off SR, then run Spybot again, with the most current definitions and make sure it is the current version of Spybot. If you are using any version older that 1.6.0 it will not remove VirtuMonde trojans.
If all else fails, you have a rootkit version of VirtuMonde. There are other steps that must be taken in this event and I will point you in the right direction.
Let me know what success you have after disabling System Restore. Or ... try restoring the system to a date prior to downloading the trojan!
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Lee Baucum
From:
McAllen, Texas (Extreme South) The Final Frontier
|
Posted 12 Jan 2009 11:35 am
|
|
| Thanks for the reply, Wiz. I'm already using 1.6.0 Spybot and all definitions are current. Tell me how to turn off System Restore and I'll try that. I'm using Windows XP. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 13 Jan 2009 3:57 pm
|
|
| Lee Baucum wrote: |
| Thanks for the reply, Wiz. I'm already using 1.6.0 Spybot and all definitions are current. Tell me how to turn off System Restore and I'll try that. I'm using Windows XP. |
You must be logged on to Windows by using a computer administrator account to do this. Right click on the icon for "My Computer" and then select "Properties." When the Computer Properties box opens click on the "System Restore" tab. On that page you will see a checkbox labeled "Turn off System Restore." Click to select that checkbox, then click "OK."
When you receive the following message, click "Yes" to confirm that you want to turn off System Restore:
| Quote: |
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore? |
After you have removed the malware infection(s) you should reverse the process and turn on System Restore.
After this episode you should review your security protection and browsing/email practices. If your PC lacks an up-to-date, working malware protection suite, may I recommend that you try or buy Trend Micro Internet Security (PC-cillin)?
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 13 Jan 2009 4:15 pm
|
|
Lee;
I forgot to mention before that most VirtuMonde infections contain a rootkit component, which requires special removal routines. Spybot S&D usually has the subroutines needed to terminate VirtuMonde rootkits, located in the rootkit detection updates that are released every Wednesday afternoon.
I think that once you turn off System Restore and scan with the latest definition updates, due tomorrow, that Spybot S&D will finally terminate this malware.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Lee Baucum
From:
McAllen, Texas (Extreme South) The Final Frontier
|
Posted 15 Jan 2009 1:22 pm
|
|
This has gotten way over my head. I gave my computer to one of the IT technicians at the bank I used to work for. What he usually does, in cases like this, is transfer all of our personal files (documents, pictures, videos, etc.) to an external hard drive and then run several anti-virus and anti-spyware programs through those files to make sure they are clean.
Then, he wipes the hard-drive of my computer clean and reloads all the software. Then he moves all the personal files back to my computer.
I use the free version of AVG on my computer. It is both anti-virus and anti-spyware. It updates regularly and automatically. I'll do a manual update once per week. I also update and run both Spybot and AdAware at least weekly. Sometimes more often.
Thanks for your help. You are a great resource to us Forumites.
Lee |
|
|
|
John Cipriano
From:
San Francisco
|
Posted 18 Jan 2009 3:26 pm
|
|
That's a good idea Lee. With rootkits I think the best course of action is to start clean.
The whole point of the rootkit is that its files evade detection by the main system, so you have to read the hard drive from another system, like a Bart PE disc, and get a list of the bad files and delete them one by one. I did this for someone and it took far longer than a reinstall of Windows would have taken. |
|
|
|
