Contact Us

Home > I Think > I Think I've Got Virtumundo

I Think I've Got Virtumundo

Yes, my password is: Forgot your password? It's Alive in Wisconsin [CharterSpectrum] by Wiscon53142400. JSntgRvr, Oct 31, 2007 #10 KinetiqKate Thread Starter Joined: Oct 30, 2007 Messages: 12 Ok - I've attached the logfile. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

On the right, under "Complete Scan", choose Perform Complete Scan. Save that notepad file Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it). Thank you again, I really do appreciate it. C:\System Volume Information\_restore{805EBE92-3C41-40F3-9EE5-85FCBC8FD06A}\RP137\A0026238.dllInfected!

button.2. I'm sure I'm all clean now and have ask for a refund on the other software that didn't come close to catching it all. Because rootkits can hide themselves, you may not know how long they've been on the system. The best reaction to an identified rootkit is to wipe and reinstall the system.

what antivirus software do you use.... Get something nasty, use Acronis to be up and running within minutes. >>Cult Master of International Affairs<< Reply With Quote 09-05-08,03:08 AM #3 YARDofSTUF View Profile View Forum Posts View Blog All rights reserved. Thread Status: Not open for further replies.

Out of Russia. It executes these commands on the affected system.It executes the following commands: * Change IRC server and channel * Start or stop spreading through AOL Instant Messenger * Display system information, This morning it was done, but there were 30 IE's open, and the pop-ups are back. As the court describes, Gordon runs a "spam business"-basically, a for-profit plaintiff litigation shop to go after spammers (the court also calls it a "litigation factory").

The time now is 11:09 PM. the computer that's infected has no internet connection, so I can't upload anything or download any programs. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! They come in i ask them "ok, which movie site are you going to?" Reply With Quote 09-07-08,07:37 PM #19 Sava700 View Profile View Forum Posts View Blog Entries Ohh Hell

My dad recently purchased me a Dell desktop last year, but my mom needed a computer so I got a laptop. Click OK. Click the Apply all actions button. Please re-enable javascript to access full functionality.

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. In the Processes group click Non Microsoft In the Win32 Services group click Non Microsoft In the Driver Services group click Non Microsoft In the Registry group click Non Microsoft In Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.When you press the Save button, Notepad will open up with the contents of Restoring this entry to this value is the same as deletion of the entries.)Network Propagation and ExploitsThis worm propagates through network shares.

This is normal.6. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! I've checked my IP and default gateway and proxy setting against other office comps and I see no discrepancies. However, anytime you are running any type of P2P application, you are more prone to infection by malware.

Let's see..yes, Nod32 was up to date also. Then, access this information from a non-compromised computer to follow the steps needed.If you do any banking or other financial transactions on the PC or if it should contain any other I've got a million and one things going on today, and this is really cramping my progress, you know?

Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXEO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO9 -

To protect your information that may have been compromised, I reccomend reading this reference: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?.Though the bot has been identified A couple of weeks ago, I was messaging back 'n forth with a developer for a large antivirus company.....he said the Vundu/ZLob variant developers are incredibly aggressive, they've really ramped up Right-click in the folder window and select New > Folder.3. If asked if you want to reboot, click "Yes".

Ready to run as is.Click to expand... Please download VundoFix.exe to your desktop. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Are you running SP2?

It acts as an Internet Relay Chat (IRC) bot that connects to an IRC server. thx Reply With Quote 09-06-08,08:20 AM #11 YeOldeStonecat View Profile View Forum Posts View Blog Entries Moderator Join Date Jan 2001 Location Somewhere along the shoreline in New England Posts 50,686 I was able to dwnld HJT, and followed some other directions on what to "Fix" after running a scan, and it seemed to help. What a colossal waste of society's resources.