possible virtumonde virus

View previous topic View next topic Go down

possible virtumonde virus

Post by wjesse on Sun Aug 22, 2010 3:51 am

I cannot send the OTL report as I'm redirected to a "not connected" message. Frequently while searching for something I'm redirected to ads. I appear to be locked out of windows update all together

[Mod Removed]


Last edited by Sneakyone on Mon Aug 23, 2010 1:37 am; edited 2 times in total (Reason for editing : Removed E-mail)

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Mon Aug 23, 2010 1:38 am

Hi, Welcome to GeekPolice.net!

Could you please split the OTL log into multiple posts?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by wjesse on Mon Aug 23, 2010 1:50 am

I tried to cut it in half..no go. Zpping probabily wouldn' work either as I'd have to use that as an attachment.


Last edited by wjesse on Mon Aug 23, 2010 2:01 am; edited 1 time in total (Reason for editing : better wording)

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Mon Aug 23, 2010 2:33 am

Hi.

Could you please zip it up and attach it, and please keep all post in this thread.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

probabily virtumonde

Post by wjesse on Mon Aug 23, 2010 12:02 pm

got it..I guess I need to send zips separtly..here is extra

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon Aug 23, 2010 12:05 pm

extra

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon Aug 23, 2010 12:07 pm

awkard posting

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

probable virtumonde

Post by wjesse on Mon Aug 23, 2010 12:08 pm

still trying

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Mon Aug 23, 2010 9:51 pm

Hi.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O20 - AppInit_DLLs: (2.dll) - File not found

    :Files
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\kmfvtyvxg



    :commands
    [emptytemp]
    [resethosts]
    [reboot]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by wjesse on Tue Aug 24, 2010 2:44 am

I cannot find a way to disable either Microsoft Security Essentials, or AVG.

wjesse
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-01-26
OS OS : win xp
Points Points : 25146
# Likes # Likes : 0

View user profile

Back to top Go down

Re: possible virtumonde virus

Post by Sneakyone on Wed Aug 25, 2010 2:48 am

Hi.

Remove one or the other, having 2 Avs is not good on your computer.

Not sure on MSE, but to disable AVG just click on Real-Time Protection and turn it off.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum