possible virtumonde virus

View previous topic View next topic Go down

possible virtumonde virus

Post by wjesse on Sun 22 Aug 2010, 2:51 pm

I cannot send the OTL report as I'm redirected to a "not connected" message. Frequently while searching for something I'm redirected to ads. I appear to be locked out of windows update all together

[Mod Removed]


Last edited by Sneakyone on Mon 23 Aug 2010, 12:37 pm; edited 2 times in total (Reason for editing : Removed E-mail)

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Mon 23 Aug 2010, 12:38 pm

Hi, Welcome to GeekPolice.net!

Could you please split the OTL log into multiple posts?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: possible virtumonde virus

Post by wjesse on Mon 23 Aug 2010, 12:50 pm

I tried to cut it in half..no go. Zpping probabily wouldn' work either as I'd have to use that as an attachment.


Last edited by wjesse on Mon 23 Aug 2010, 1:01 pm; edited 1 time in total (Reason for editing : better wording)

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Mon 23 Aug 2010, 1:33 pm

Hi.

Could you please zip it up and attach it, and please keep all post in this thread.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

probabily virtumonde

Post by wjesse on Mon 23 Aug 2010, 11:02 pm

got it..I guess I need to send zips separtly..here is extra

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon 23 Aug 2010, 11:05 pm

extra

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon 23 Aug 2010, 11:07 pm

awkard posting

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon 23 Aug 2010, 11:08 pm

still trying

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Tue 24 Aug 2010, 8:51 am

Hi.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O20 - AppInit_DLLs: (2.dll) - File not found

    :Files
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\kmfvtyvxg



    :commands
    [emptytemp]
    [resethosts]
    [reboot]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: possible virtumonde virus

Post by wjesse on Tue 24 Aug 2010, 1:44 pm

I cannot find a way to disable either Microsoft Security Essentials, or AVG.

wjesse

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-01-26
Operating System : win xp

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Wed 25 Aug 2010, 1:48 pm

Hi.

Remove one or the other, having 2 Avs is not good on your computer.

Not sure on MSE, but to disable AVG just click on Real-Time Protection and turn it off.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: possible virtumonde virus

Post by Sponsored content Today at 11:31 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum