Trojan Help Needed

tanuj_chadha · Dec 18, 2008

Hi All,

My System seems to be infected with a Trojan Virtumonde virus :cry:

. As per Trojan Remover. It states as the file is hidden. I have tried to find the file manually but was unable to find it. I have run scan using Mcafee, Malware Antibytes, Super Antispyware. But still the system is slow & Trojan remover reports the same infection again & again. Can anyone please give me any last minute idea's before I re-install the operating system.

P.S.: Data is safe on other hard drive partitions.

Neverhavemoney · Dec 18, 2008

tanuj_chadha,
DONT REINSTALL YET! WAIT A LITTLE LONGER SINCE ALL YOUR DATA IS SAFE!
Post this in our Security Team Forum and we will be happy to help you. Just post there!
Ben

Barman58 · Dec 18, 2008

Hi Tanuj,

Have you tried the Malwarebytes scan in safe mode, most up to date info I have suggests that that should remove this pest, of course it's so adaptable that you could be unlucky enough to have a new variant which is evading everything :cry:

if that's the case then a re-install or re-image might be the most time efficient solution

Airbot · Dec 18, 2008

Have you ran Microsoft Windows Malicious Software removal tool yet?
http://www.vistax64.com/tutorials/173861-malicious-software-removal-tool.html

Try running virtumonde fix as well.
Virtumonde Removal

tanuj_chadha · Dec 18, 2008

I have tried to run malware removal tool in safemode it found approx 35 infections. Removed all of them. Then ran super antispyware & it also removed a trojan from the system. After that ran a scan through trojan remover got the same infection again. What I don't understand is that it states that it has found an infection & the file is hidden. But I am unable to find that file. I have also run the virtumonde fix & rouge fix.

I have not yet run Microsoft Windows Malicious Software removal tool. I would run when I get back home.

Airbot · Dec 18, 2008

tanuj_chadha said:
I have tried to run malware removal tool in safemode it found approx 35 infections. Removed all of them. Then ran super antispyware & it also removed a trojan from the system. After that ran a scan through trojan remover got the same infection again. What I don't understand is that it states that it has found an infection & the file is hidden. But I am unable to find that file. I have also run the virtumonde fix & rouge fix.

I have not yet run Microsoft Windows Malicious Software removal tool. I would run when I get back home.

Virtumonde/vundo is notoriously hard to get rid of. It likes to replicate itself over and over and stay in the memory. Run MSRT and check your startup services/programs for any traces.

Joan Archer · Dec 18, 2008

Did you try a System Restore to just before you got the infection ?

johngalt · Dec 19, 2008

Malwarebytes.org

That will help get rid of it for the most part - after that you can concentrate on backing up your data for the eventual re-install.

Neverhavemoney · Dec 19, 2008

Yep sounds like you need to do a system restore for a while back.

tanuj_chadha · Dec 19, 2008

I have a great mind. Before I got the infection i had cleaned my system using mcafee & also removed system restore points (accidentally).

Neverhavemoney · Dec 19, 2008

Ouch. That stink. So what type of system are you running?
If its a dell, then this will be very easy!

tanuj_chadha · Dec 19, 2008

Sorry, but I don't have a dell system. I have a custom made system. Working on windows vista.

But just out of curiosity, what would be the option if was using a Dell system.

Neverhavemoney · Dec 19, 2008

Here is most likely the best solution for your problem
To use PC Restore: This will reset you computer to its original state you had it when it first came out of the box. Your HDD with be wiped out and restored with the exact things as when you first got your computer.

1 Turn on the computer.

2 Immediately press <Ctrl><F11>.

If you do not press <Ctrl><F11> in time, let the computer finish restarting, and then restart the computer again.

Everything will be pretty much self explanitory after this.

You will be all set after you do this. Once again though I am only familiar with Dell systems using this method. Make sure you back up all files you want to keep though.

Let me know,
Ben

tanuj_chadha · Dec 19, 2008

Thanks for the info Ben. My friend is using a dell system with windows xp on it. Guess this would be useful for him. I am trying to search more to find if anything else can be done. As installing all the software's back after re-install would be a pain in the neck
:sa:. Which I am not in a mood for after a long weeks work.

Neverhavemoney · Dec 19, 2008

understandable

Barman58 · Dec 19, 2008

Hi all,

The only thing I would like to add is ...

because of the design of system restore (it only operates on windows system files not user data files), although a restore to a point before the virus became visible would reset windows system files to a good state, (non infected), the actual dropper file for the infection is likely to be in a non system file and so may re-infect the system.

It is highly advisable that as soon as the system restore is completed appropriate steps are taken to fully eradicate the Malware from the system.

tanuj_chadha · Dec 19, 2008

Update: I ran the Malacious Software Removal Software. It Picked up no infections in the quick scan. Running a through scan now. And as usual cpu usage is 100% again.
Please help before my weekend goes down the drain in installing the software.

Barman58 · Dec 19, 2008

Hi Tanuj

This entry in of all places - Wikipedea - seems to mention the Hidden portions of the trojan, Plus it provides links to a few free applications which have been successful in the past, it may be worth you having a look at the links ...

Vundo - Wikipedia, the free encyclopedia

dinesh · Dec 19, 2008

tanuj_chadha said:
Hi All,

My System seems to be infected with a Trojan Virtumonde virus . As per Trojan Remover. It states as the file is hidden. I have tried to find the file manually but was unable to find it. I have run scan using Mcafee, Malware Antibytes, Super Antispyware. But still the system is slow & Trojan remover reports the same infection again & again. Can anyone please give me any last minute idea's before I re-install the operating system.

P.S.: Data is safe on other hard drive partitions.

Also try smitfraudfix.
Download link: http://www.bleepingcomputer.com/resources/link243.html

Neverhavemoney · Dec 19, 2008

My uncle, is the head security expert at his corporation.
He said these recent viruses and Trojans are very very hard to get rid of and are almost immpossible to get ride of. He is actually working on a solution to get rid of these in his spare time.
Hopefully it is soon because these are starting to get very redicilous.

Trojan Help Needed

Devil

My Computer

My Computer

My Computers

---------------

My Computer

Devil

My Computer

---------------

My Computer

Cross Stitch Queen

My Computer

Antidisestablishmentarianist

My Computers

My Computer

Devil

My Computer

My Computer

Devil

My Computer

My Computer

Devil

My Computer

My Computer

My Computers

Devil

My Computer

My Computers

Vista Expert

My Computer

My Computer