Vista - Virtumonde VIRUS.. More than a Pop-Up

Hey Guys. My brothers computer has this... Not sure what the crap he does wrong. but this is the second Virus he's got in the last 6 months. It's probably myspace's fault.

Anyways. I looked up all the info about the Virtumonde virus/trojan and everywhere I read said it's a virus that's more of a popup.. it's an ad crapper.. sends you hundreds of ad's and stuff of that sort. and that it can attach to IE and record your keystrokes and all that. but my brother doesn't have this problem.

My brothers problem with this Virtumonde virus. It's starting WITH Windows and completely locks him out of the system.

During Boot, it's all fine, enters password. and see's background picture. then it covers the screen saying Virus detected and says what it is. and can't do ANYTHING. nothing works from there. I've tried cntl, alt, del. I've started in Safe Mode. only for it to stop with safe mode written in all 4 corners and do nothing.

I'm not the smartest person on virus's and stuff of this sort. I'm a gamer, and a builder, and Overclocker. not a Tech that can fix viruses.

Any help or idea's would be great.. Preferably for free.. if I have to I'll just reinstall windows on his system. (XP) He doesn't have anything really he'd miss on that hard drive. just a few programs, Ventrillo and such.

Let me know what you all think. Thanks!

Save yourself the time and effort and just reformat, this time making sure he has adequate antivirus and malware protection

The symptoms you describe gives me a sense of Deju Vu of a virus I had to deal with several months ago. It's one of those "fake" antivirus trojans that integrate themselves into everything, and try to bait you into buying it, and causes havoc if you do nothing.
I agree with z3r010 on this one. Reformat the system.

Ya thats what I think I'll do. Simple and just a startover.

Nice and easy..

Also he uses what I use.. and think is one of the BEST.. Eset NOD32.. I love it. We have the best they have to offer. but he said his wife turned it off because she said she closed the Icon down by the "Time" as she didn't know what the "EYE" was.. thats there Icon.. haha

Thats a VERY VERY Big no-no. and I'll make sure I tell him and his wife to leave that SHIZZZ alone!

Big mistake on her part. as I think thats what caused this. I love my NOD32.

thanks for the thought guys. I'll just reformat!

Believe me when I say this, but I don't usually recommend a reformat as my first advice. If you just blindly reformat, you rob yourself of the opportunity to learn something new. Reformatting is always the absolute LAST resort.

But I'm familiar with this particular virus (or something similar to it, anyway), and even if you somehow do manage to get rid of it and "stabilize" the system, you're going to end up reformatting anyway, because you whould not have fully gotten rid of the virus and it'll just keep coming back, no matter what you do. It's a tenacious bugger.

Thanks for the heads up on this guntherc and Dzomlija. Not that I've come across it, touch wood, but it helps to know what to do!

I would take out the HDD, put it in another computer and boot from a different HDD and then do a virus scan of the infected HDD. It wont necessarily fix your problem but you will be able to see how many files are infected.

More of a learning thing because in the end you will have to format anyway.

I had it. After a week of fighting with it. I backed up my data and reinstalled. I used 10 different programs. It could not remove every component of Virtumonde. It was easier to backup the data and reinstall.

Yeah good choice. On my old computer i got the ad version of Virtumonde however i did not have the internet so every 15-30 minutes a message would come up asking me whether or not i would like to go into Offline Mode (yes in those days i didn't know Firefox existed.) Spybot fixed my problem but in the end (several weeks later) the stupid software DEP locked me out (wouldn't let me get to the login screen) so i had to format anway.