If you need urgent support, call 999 or go to your nearest A&E. To contact our Crisis Messenger (open 24/7) text THEMIX to 85258.
Options
AHH HELP! I have a TROJAN called Virtumonde?!
Former Member
Posts: 1,876,323 The Mix Honorary Guru
in General Chat
And it's slowly taking over my computer!
It's stopping me from EVEN typing properly, I've tried every scan on Spybot, AVG Center, AdAware all online and offline, too and I keep getting shite like this in the pics I attached.
OH MY SHITTING CHRIST, IT WOULDN'T EVEN LET ME UPLOAD THE SECOND PIC UNTIL I TOOK OUT THE WORD 'VIRUS'
I brought this poxy virus on myself, AVG Center told me not to go into a a website for a crack I was trying to get for Music Rescue and I downloaded a virus instead.
WOE.
Please please help my beautiful PC!! It's been completely reformated not even two days ago by a kind gentleman fr £25, but I don't have another £25 at the moment! Can you help? oh please say y'caaan!
I need some Tech savvy chaps advice.
I am sort of intermediate(ish) in computer literacy! Be gentle!
It's stopping me from EVEN typing properly, I've tried every scan on Spybot, AVG Center, AdAware all online and offline, too and I keep getting shite like this in the pics I attached.
OH MY SHITTING CHRIST, IT WOULDN'T EVEN LET ME UPLOAD THE SECOND PIC UNTIL I TOOK OUT THE WORD 'VIRUS'
I brought this poxy virus on myself, AVG Center told me not to go into a a website for a crack I was trying to get for Music Rescue and I downloaded a virus instead.
WOE.
Please please help my beautiful PC!! It's been completely reformated not even two days ago by a kind gentleman fr £25, but I don't have another £25 at the moment! Can you help? oh please say y'caaan!
I need some Tech savvy chaps advice.
I am sort of intermediate(ish) in computer literacy! Be gentle!
0
Comments
In future, don't visit 'warez' sites. I learnt the hard way back in 1999. If you want to do illegal stuff, then I hear good things about "torrents". Dunno which torrent programs are highly rated though.
Haven't tried it myself, but I saw it mentioned in a few usually reliable places. Scroll down for instructions.
Thanks so much for attempting a bash! I know, I tried to cut a major corner. Lesson well and truly learnt, let me tell you. I can't type, my wireless keyboard is missing so many letters out despite new batteries! Friggin hell.
I'm stil waiting for that Major Geeks website to load, It's currently at a white screen with the green blocks letting me know it's slowly loading.
To keep me company waiting, I am getting a plethora of full screen popups such as Viral Videos, PaddyPower, Live Sex Cam in Stevenage with a Latina Lady and 4 Free O2 Sim Cards from Free Exchange.
Sigh.
Yeah I tried that, it says it can't find any errors. Spybot found 5 of them and deleted them after I 'healed' them whilst disconnected to the internet and I rebooted.
Bit of a long one! This means nothing to me, BTW :nervous:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:51, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {28dce750-e66b-d61a-e184-ff3a7d2ddc84} - {48cdd2d7-a3ff-481e-a16d-b66e057ecd82} -
C:\WINDOWS\system32\aqpsky.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {DE6EBD0B-49EF-4B79-A57F-2E96FBDC8CA3} - C:\WINDOWS\system32\fccyaARi.dll (file
missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [24ccd607] rundll32.exe "C:\WINDOWS\system32\iijtdvvp.dll",b
O4 - HKLM\..\Run: [BM27ffe59b] Rundll32.exe "C:\WINDOWS\system32\jvwwcqst.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217169536990&h=4bec2
b95a97360e5dc293b2820ac7c1c/&filename=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program
Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6570 bytes
O4 - HKLM\..\Run: [24ccd607] rundll32.exe "C:\WINDOWS\system32\iijtdvvp.dll",b
O4 - HKLM\..\Run: [BM27ffe59b] Rundll32.exe "C:\WINDOWS\system32\jvwwcqst.dll",s
Have you tried the second tool on here - VirtumondoBegone?
programs>accessories>system tools>system restore
I tried so much! I tried SDFix, VirtumondeBeGone, VirtuFix and nothing worked!
Spybot kept saying it was trying to delete the few files it found of Virtumonde, but my net was slow and the typing was still out of control.
I went here http://forums.afterdawn.com/thread_view.cfm/521858 and tried the SUPERAntiSpyware which FINALLY got rid of it.
I have lost a few .dll files from when I reboot, two popup windows show saying that they can't run? I looked at the thread from where I got the idea to get the SuperAntiSpyware, and the user said he lost a .dll file too? I think it's related to whatever was on my PC.
I did a System Restore there, but the .dll popups after a reboot still appear. I will take a screenshot of it later but apart from that no popups, nor slow internet, nor threats showing on AVG!
Cheers for the replies so far, chaps.
Post a screen shot soon!
Yup - always served me well, especially when drunk at 3 am I actually clicked on some bullshit 'click here to protect your computer from spyware' pop-up... or as it should have been called 'click here to brainfuck your computer with a million bloody trojans...'
I had AVG tell me a Trojan EQ? was still on my PC, earlier with a 'threat detected popup' but my Superantisyware thingy couldn't find it.
Help?
Go to start... run... type in "CMD" and press enter.
In the command prompt (black window) type in "sfc /scannow" (without the quotes). Press enter.
(more info)
If the user wants to navigate to a nasty website, The browers must do as they are instructed!
That doesn't work with this particular virus.
Run anti v in safe mode and disconected from the net.
Being disconected is important.
Do an indepth scan.
Also run any anti spy ware ...spy bot etc kind of stuff you have.
When you restart the comp make sure you cannot connect to the net.
Being disconected is all important.
I got it again a few weeks ago and got rid a lot easier this time.
Virtumonde replicates itself and will be all over the place ...including in your
system restore.
It connects constantly to malicious sites in the background...inviting all manner of other bad stuff in.
This is why it is essential you disconect and don't auto reconnect when you restart.
When you restart ...it is worth doing the scans again ...and then resterting again and connecting manualy.
It took me avbout four hours ...........
But then there antivirus and firewall should fall into place.
It's pretty simple to knock up some undetectable malware and hook into a program the firewall is configured to allow access.
I too have now moved over to firefox.
Much safer.
I have discovered a thing called UBUNTU.
Google it.
Download to your desktop.Copy to disc.
Bios set to boot from disc.
You can physicaly remove the hard drive ...and still come on here or anywhere else.
You can play the games that come with it.
Chess card games that Chinese tile thing and more.
When on the net without a hard drive your limited in what you can do of course but
youi can copy and paste as normal. send and recieve emails.And it's fast.
It's handy to have on disc
should your puter be knackered and you still wanna come here or whatever.