Oh, crap, not another malware virus....

Mark42

Fleet Admiral
Joined
Oct 8, 2003
Messages
9,334
Well, thats what I get for trying to download an old dos game from a foreign website. I got a bum game that didn't work, and a nice case of VIRTUMONDE. This sweet little malware pops up new windows mostly of anti-spyware/virus providers, and adult web sites about every 20 seconds. It also downloads every known tracking cookie known to man, and reproduces itsself under different names on your PC so its darn near impossable to remove.

The problem is that neither Spybot SD or Mcafee stopped it from being downloaded. Spybot found if on a manual search, but even after numerous tries to elimintate it, it was still there. I downloaded and ran various programs specifically claiming to remove it, but they all failed. Even the forums from Spybot gave specific directions, but they did not work either. Everytime I re-booted, it was right back again.

Took me two days, but I finally found Malwarebyte's Anti-Malware. One simple download and run and the virus was gone. No booting in safe mode, no special manipulation of registry entries, etc. It just worked. Find this one and bookmark the site. Its free and you may need it someday.

Beware of VIRTUMONDE!!!!! Its one tough malware to eliminate.
 

Mark42

Fleet Admiral
Joined
Oct 8, 2003
Messages
9,334
Re: Oh, crap, not another malware virus....

Still running AVG?

I didn't put AVG on this laptop because its from the office and has the corporate build. It has Mcafee, and I added Spybot. Two other desktop PC's are running AVG and have no issues.
 

ThumbPkr

Petty Officer 1st Class
Joined
Aug 17, 2007
Messages
371
Re: Oh, crap, not another malware virus....

I run AVG and like it but it will not catch everything.That AntiVirus XP Pro is one example that was written to appear transparent to AVG and others can also get past it.
I have removed some of these manually from computers but that Malwarebytes program makes it easy.I will not be without it again.It is possible that the enterprise version of AVG might catch it but I cannot comment on that as I do not know.AVG is the virus program of choice for me on anything that I maintain.Ron G
 

gonefishie

Commander
Joined
Jul 28, 2004
Messages
2,624
Re: Oh, crap, not another malware virus....

I have found that some of these persistent ones that keep coming back after removal by taking advantage of the System restore point. Uncheck the create restore point, remove the junks, reboot and re-check the create restore point. Also, lot of these things now have code written to recognizes known removal tools and effectively hide from them during scanning. It's not a bad idea to change the given name of the tools to something else.
 

captquest

Petty Officer 2nd Class
Joined
Jul 1, 2008
Messages
120
Re: Oh, crap, not another malware virus....

I have found that some of these persistent ones that keep coming back after removal by taking advantage of the System restore point. Uncheck the create restore point, remove the junks, reboot and re-check the create restore point. Also, lot of these things now have code written to recognizes known removal tools and effectively hide from them during scanning. It's not a bad idea to change the given name of the tools to something else.

good advise
 

Mark42

Fleet Admiral
Joined
Oct 8, 2003
Messages
9,334
Re: 北京货运公司

Re: 北京货运公司

北京货运公司 于1999年经工商、交通等部门批准成立的。集运输、仓储、配送、包装于一体的综合服务型物流企业。目前在全国100多个大中城市设立分支机构与运营网点,自北京始发大中城市24-48小时直达目的地。北京物流公司备有大中小型大封闭货车及高栏车、挂车托盘特种车实行对客户需求的快速反应和门到门的服务。并特备有危险品专用车,对特种气体和危险品实行专业运输、货物实行专业包装、送货上门、运费到收、保险保价,北京物流公司将根据情况预先交给你们风险抵押金,本公司由中国太平洋保险公司承包最大程度上降低了运输风险使您放心。北京物流公司将科学的管理模式,灵活的经营方式与现代网络技术相结合,以服务创新为理念,以高效的信息管理手段、合理的运价、良好的信誉、优质的服务而深受客户的欢迎。?安全、专业、快捷?是我们对每一位客户的承诺, 北京货运公司 的每一位员工,都期待与您携手合作,共创美好的明天。

I'm so glad you posted in Chinese. It is the universal language now.

You Dumbass.
 

mthieme

Captain
Joined
Oct 6, 2007
Messages
3,270
Re: Oh, crap, not another malware virus....

I have found that some of these persistent ones that keep coming back after removal by taking advantage of the System restore point. Uncheck the create restore point, remove the junks, reboot and re-check the create restore point. Also, lot of these things now have code written to recognizes known removal tools and effectively hide from them during scanning. It's not a bad idea to change the given name of the tools to something else.

It is not uncommon for procedures to mandate turning off the Startup & Recovery feature in My Computer System Properties.
 

Bob_VT

Moderator & Unofficial iBoats Historian
Staff member
Joined
May 19, 2001
Messages
26,019
Re: Oh, crap, not another malware virus....

Put the AVG free version on the corporate laptop.... it will not hurt it. You can run it along side another AV


geez..... that porn surfing will catch you every time!! :D
 

MikDee

Banned
Joined
Jun 6, 2007
Messages
4,745
Re: Oh, crap, not another malware virus....

Well, it looks like I'm infected as well! :( It must have gotten right past Avast, & Spybot! Also, running spybot manually didn't pick it up, the only way I knew, was I saw the words Vitrumonde in the tray as Spybot was searching thru it's files, but it didn't pick it up at all :eek:

Man this thing looks difficult to get rid of from what I'm reading, it's probably past my computing ability, Help!, How can I get rid of it :confused:
 

ThumbPkr

Petty Officer 1st Class
Joined
Aug 17, 2007
Messages
371
Re: Oh, crap, not another malware virus....

I have never had to deal with Vitrumonde in the past but I did Google it and there are several solutions available it appears.
I did see that the latest version of the LavaSoft ad-aware program says that it will deal with it.It is free if you do not have it.Most users of SpyBot also run ad-aware in my experience.Ron G
 

MikDee

Banned
Joined
Jun 6, 2007
Messages
4,745
Re: Oh, crap, not another malware virus....

Thanks Ron, I've had Avast, & Spybot running on my computer for protection for quite awhile now and they didn't stop any of these from infecting it. I tried Malwarebyte's Anti-Malware, and it didn't work! Virtumonde, Smitfraud, Zolob, and a bunch of others are still showing on a manual scan by Spybot, and it keeps scanning through them, without hestating,, or removing them! :eek:
I switched to AVG last night, and ran a scan, and it picked up a bunch of things, but I still don't know if it got the right ones? If not, I'll have to try ad-aware.
 

Mark42

Fleet Admiral
Joined
Oct 8, 2003
Messages
9,334
Re: Oh, crap, not another malware virus....

Thanks Ron, I've had Avast, & Spybot running on my computer for protection for quite awhile now and they didn't stop any of these from infecting it. I tried Malwarebyte's Anti-Malware, and it didn't work! Virtumonde, Smitfraud, Zolob, and a bunch of others are still showing on a manual scan by Spybot, and it keeps scanning through them, without hestating,, or removing them! :eek:
I switched to AVG last night, and ran a scan, and it picked up a bunch of things, but I still don't know if it got the right ones? If not, I'll have to try ad-aware.

What are the symptoms of the infection? Do you have browser windows opening for ads? Is your internet blocked, or home page changed?

What do you mean by "Virtumonde, Smitfraud, Zolob, and a bunch of others are still showing on a manual scan by Spybot, and it keeps scanning through them, without hestating,, or removing them!". I ask because these malware are listed in the status bar during the scan, but that does not mean your computer has the infection. Only if it actually lists them in the report are you infected.
 

MikDee

Banned
Joined
Jun 6, 2007
Messages
4,745
Re: Oh, crap, not another malware virus....

What are the symptoms of the infection? Do you have browser windows opening for ads? Is your internet blocked, or home page changed?

What do you mean by "Virtumonde, Smitfraud, Zolob, and a bunch of others are still showing on a manual scan by Spybot, and it keeps scanning through them, without hestating,, or removing them!". I ask because these malware are listed in the status bar during the scan, but that does not mean your computer has the infection. Only if it actually lists them in the report are you infected.

Mark, My computers been running awful slow lately, plus when surfing, I've had bouts of a flurry of popups at times, and occasional XXX site popups, also every so often I get a warning my computers infected, and a scan starts automatically, regardless of what button I hit to stop, or cancel it! :eek:
I usually just quickly hit CTRL, ALT, & DEL, to End that program. This has been going on occasionally for quite awhile, I figured there was a bug in my machine somewhere? and never gave this a second thought, But after hearing the issues you had, plus your mention of the word Virtumonde, and those other words showing up in my Spybot scan, I figure I'm infected.
 

ThumbPkr

Petty Officer 1st Class
Joined
Aug 17, 2007
Messages
371
Re: Oh, crap, not another malware virus....

As SpyBot scans it does call out the names of the infections it is scanning for which can be alarming but as was pointed out,if it does not show in the results at the end of the scan you are not infected.
I would run Ad-Aware and maybe the Malwarebytes again for good measure.The symptoms of that AntiVirus XP 2008 are just as you describe,the scan starts no matter what you do.
When that happens just close the browser as you have been doing.
AVG is a good choice for virus protection,I would not arbitrarily start loading virus programs willy nilly as you might have more problems than you do now.Ron G
 

gonefishie

Commander
Joined
Jul 28, 2004
Messages
2,624
Re: Oh, crap, not another malware virus....

OK Mike! search for a program called Hijackthis, it's widely available from many different security sites. Download it (latest version available), install and run it. At the end of the scan it will generate a log in notepad format. Save it as something and somewhere easy to remember, i.e desktop. Copy and paste that log on here and we will help you get rid of everything.
 
Top