Solve : Suspected Virtumundo?

1.	Solve : Suspected Virtumundo?
Answer» It all began when I ran an executable called keygen.exe... Yes, I know, stupid. If any of you are familiar with it, it's the sort that comes with crack.exe in the same archive as a text file. If it's pertinent, I'll post the link where I got it. I've done a lot of crap on my system, trying to fix it myself, so I haven't done anything else on the "Before you post" thread in case it'll make my system worse. I'll describe what's wrong with my system, then I'll give a list of the things I did, in the order I did them. Symptoms: -Certain sites won't load. Specifically, when I try to search google, or make any other search. Other various forums, including this one, won't load, and I'm actually using my laptop to make this post right now, which is why it's hard to get logs from my PC to here. I tried with the Firefox and Internet Explorer browsers, but the end result is the same - it just hangs while going "Waiting for www.google.com...." or whatever site I'm trying. -In the beginning, it kept saying my automatic updates were disabled, even though it said it wasn't on the control panel. Despite turning it off and on, every time I started up my comp, it would say that my automatic updates were disabled (in the Security Center). -The start bar lags on startup as well, you can't see anything but a long blue strip until it finally loads up correctly. What I did: -First, I ran a scan with Symantec, and it didn't find any errors. -Then, I installed Kaspersky (I had to uninstall Symantec to do so) and ran a full system scan, which found a few trojans and other malware, and deleted them, but my symptoms remained the same. -Next, I installed Spyware Doctor and ran a full scan, which also found some spyware and deleted them, but my computer was still just as bad. -I then followed these instructions: Quote *********** Download [but do NOT yet run] FixVundo from http://securityresponse.symantec.com/avcenter/FixVundo.exe [we'll have you run it later] Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version. ******************** Next, download VirtumundoBeGone from: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe * SAVE it to your Desktop * Close all running programs (including your Internet Browser) * Double-click VirtumundoBeGone.exe on the desktop * Follow the directions as indicated please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens. just reboot if your system "jams" ******************* After rebooting, it's now time to run FixVundo (which you had downloaded earlier). Make sure all other programs, including your Internet Browser, are closed. Double-click the FixVundo.exe file to start the removal tool. Click Start to begin the process, and then allow this tool to run. Important: Do not launch any new applications while the tool is running! Reboot your computer. Run the FixVundo removal tool again to ensure that the system is clean. I ran VirtumundoBeGone.exe but the log said: Quote [09/28/2008, 12:16:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\leon\Desktop\VirtumundoBeGone.exe" ) [09/28/2008, 12:16:55] - Detected System Information: [09/28/2008, 12:16:55] - Windows Version: 5.1.2600, Service Pack 3 [09/28/2008, 12:16:55] - Current Username: leon (Admin) [09/28/2008, 12:16:55] - Windows is in NORMAL mode. [09/28/2008, 12:16:55] - SEARCHING for Browser Helper Objects: [09/28/2008, 12:16:55] - BHO 1: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class) [09/28/2008, 12:16:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [09/28/2008, 12:16:55] - Finished Searching Browser Helper Objects [09/28/2008, 12:16:55] - Finishing up... [09/28/2008, 12:16:55] - Nothing found! Exiting... Next I ran FixVundo.exe which ran a lengthy full scan of my computer. After a while, the window SIMPLY went gray and froze, and I had to forcibly end it. I rebooted my system and tried VirtumundoBegone again but nothing appeared still. -Then, I ran f-vmonde.exe from another source and it simply said no traces were detected either. As of now, the "Automatic Updates" notification no longer appears, but the same webpage problem persists.read this once you've followed those steps- you can post the logs here.Quote from: BC_Programmer on September 28, 2008, 06:54:58 PM read this once you've followed those steps- you can post the logs here. Alright, after doing all that, I ran into a few hitches, but otherwise my system appears TOTALLY normal now (Except one time my firefox crashed, which was a bit worrying, but that was before I finished everything else). When I was running Super Antispyware, it froze the first time as it was completing, so I ran it three more times, the third time completing the entire full scan. Here are all the logs. [Saving space - attachment deleted by admin]Here is the final SUPERAntiSpyware log that I couldn't get in (it only lets me do 4) [Saving space - attachment deleted by admin]Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC and run the tool again to ensure everything has been removed. Delete Nortonremoval tool from your Desktop. . ---------- Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the Desktop. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O20 - Winlogon Notify: mlJApNDw - mlJApNDw.dll (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and run CCleaner. How is everything now?Everything works perfectly (to my knowledge). Thank you very much Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start &GT; Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.** Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Answer»

It all began when I ran an executable called keygen.exe... Yes, I know, stupid. If any of you are familiar with it, it's the sort that comes with crack.exe in the same archive as a text file. If it's pertinent, I'll post the link where I got it. I've done a lot of crap on my system, trying to fix it myself, so I haven't done anything else on the "Before you post" thread in case it'll make my system worse. I'll describe what's wrong with my system, then I'll give a list of the things I did, in the order I did them.

Symptoms:
-Certain sites won't load. Specifically, when I try to search google, or make any other search. Other various forums, including this one, won't load, and I'm actually using my laptop to make this post right now, which is why it's hard to get logs from my PC to here. I tried with the Firefox and Internet Explorer browsers, but the end result is the same - it just hangs while going "Waiting for www.google.com...." or whatever site I'm trying.
-In the beginning, it kept saying my automatic updates were disabled, even though it said it wasn't on the control panel. Despite turning it off and on, every time I started up my comp, it would say that my automatic updates were disabled (in the Security Center).
-The start bar lags on startup as well, you can't see anything but a long blue strip until it finally loads up correctly.

What I did:
-First, I ran a scan with Symantec, and it didn't find any errors.
-Then, I installed Kaspersky (I had to uninstall Symantec to do so) and ran a full system scan, which found a few trojans and other malware, and deleted them, but my symptoms remained the same.
-Next, I installed Spyware Doctor and ran a full scan, which also found some spyware and deleted them, but my computer was still just as bad.
-I then followed these instructions:
Quote

***********
Download [but do *NOT* yet run] FixVundo from
http://securityresponse.symantec.com/avcenter/FixVundo.exe

[we'll have you run it later]
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
********************
Next, download VirtumundoBeGone from:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* SAVE it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"
*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow this tool to run.

Important: Do not launch any new applications while the tool is running!

Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.

I ran VirtumundoBeGone.exe but the log said:
Quote

[09/28/2008, 12:16:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\leon\Desktop\VirtumundoBeGone.exe" )
[09/28/2008, 12:16:55] - Detected System Information:
[09/28/2008, 12:16:55] - Windows Version: 5.1.2600, Service Pack 3
[09/28/2008, 12:16:55] - Current Username: leon (Admin)
[09/28/2008, 12:16:55] - Windows is in NORMAL mode.
[09/28/2008, 12:16:55] - SEARCHING for Browser Helper Objects:
[09/28/2008, 12:16:55] - BHO 1: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
[09/28/2008, 12:16:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/28/2008, 12:16:55] - Finished Searching Browser Helper Objects
[09/28/2008, 12:16:55] - Finishing up...
[09/28/2008, 12:16:55] - Nothing found! Exiting...

Next I ran FixVundo.exe which ran a lengthy full scan of my computer. After a while, the window SIMPLY went gray and froze, and I had to forcibly end it. I rebooted my system and tried VirtumundoBegone again but nothing appeared still.

-Then, I ran f-vmonde.exe from another source and it simply said no traces were detected either.

As of now, the "Automatic Updates" notification no longer appears, but the same webpage problem persists.read this

once you've followed those steps- you can post the logs here.Quote from: BC_Programmer on September 28, 2008, 06:54:58 PM

read this

once you've followed those steps- you can post the logs here.

Alright, after doing all that, I ran into a few hitches, but otherwise my system appears TOTALLY normal now (Except one time my firefox crashed, which was a bit worrying, but that was before I finished everything else). When I was running Super Antispyware, it froze the first time as it was completing, so I ran it three more times, the third time completing the entire full scan. Here are all the logs.

[Saving space - attachment deleted by admin]Here is the final SUPERAntiSpyware log that I couldn't get in (it only lets me do 4)

[Saving space - attachment deleted by admin]Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.

.
----------

Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O20 - Winlogon Notify: mlJApNDw - mlJApNDw.dll (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis and run CCleaner.

How is everything now?Everything works perfectly (to my knowledge). Thank you very much Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start &GT; Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : Suspected Virtumundo?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment