I have a virus that is kicking my butt. I have tried for two days to remove it but it is buried so deep nothing seems to work. I sure could use some help.

It is called Virtumonde. I was setting up a new computer and loading programs on to it. I connected to the net to upgrade some of the programs and just left it running for several hours...with out loading AVG. I usually do that at the end and have it do a clean sweep.

Well all of a sudden I had twenty pop up windows open. I loaded SpyBot Search and Destroy and it keeps finding Virtumonde.dll and an infected file called imkr802.dll, which cannot find this file in the System32 folder, where SB says it is located.

I have run SpyBot several times and AVG. They remove the infected files but they keep coming back when I reboot. I ran them in safe mode and still, when I reboot the crap is there trying to change registry items.

The funny part is I downloaded a couple of free programs one called Vundofix and the other VirtumondoBeGone. Both claim to search and destroy the virus. Neither sees it. I ran the Vundofix in Safe mode also. The VirtumondoBeGone won't run in Safe mode.

I am willing to buy a program to clean the system. I really don't want to nuke and sanitize the drive and then start over. However, I want any program I purchase to actually work. The two listed above have high praises sung on their sites, but they didn't help me.

Yikes John! Sounds like you got wham'ed with a nasty one! Hope you can eradicate it without too much trouble...althought it seems you have jumped through many hoops already...

Hopefully someone can help you?

Good Luck!

http://dl6.glitter-graphics.net/pub/1038/1038326rbnzmcz1pf.gif (http://www.glitter-graphics.com)

JMIG,
Hopefully the powers that be won't mind me posting this, but when I got that same virus a couple of years ago, the only solutions that I could find that worked came from this site (http://www.bleepingcomputer.com/forums/), they appear to be very good at helping us normal type folks in getting rid of this sort of thing. Follow their instructions to the letter; hopefully they will be able to help you out as they did me.

Joe

Found some things to try even though you have probably done the same already.

http://www.fasterpccleanclean.com/remove-virtumonde-dll-2

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

A forum thread...

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

These are just links I pulled up from a google search so you have probably tried some. I have a lot of luck with Malwarebytes so you may want to give it a try also.

be sure to shut down system restore before running the removal programs.
sometimes these bad guys hide in the restore files.

Something to look at; http://www.norman.com/support/support_tools/malware_cleaner/

Used this a good while back. Very effective at getting down and dirty. YMMV...

I've never hear of this particular virus/trojan, but I would recommend that you try the free version of Malwarebytes http://www.malwarebytes.org/

John, I have found out from the past that a virus will always stay on your hard drive no matter what program you use or buy. These programs either hide it or disable it. The only true way to remove any infection is to format the HD and don't us Windows to do it. Windows leaves way to much crap on the drive. Your best bet it to go into your registry and do a manual remove of the problem.

Found some things to try even though you have probably done the same already.

http://www.fasterpccleanclean.com/remove-virtumonde-dll-2

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

A forum thread...

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

These are just links I pulled up from a google search so you have probably tried some. I have a lot of luck with Malwarebytes so you may want to give it a try also.



Something to look at; http://www.norman.com/support/support_tools/malware_cleaner/

Used this a good while back. Very effective at getting down and dirty. YMMV...


Thanks, I will check it out, too.




John, I have found out from the past that a virus will always stay on your hard drive no matter what program you use or buy. These programs either hide it or disable it. The only true way to remove any infection is to format the HD and don't us Windows to do it. Windows leaves way to much crap on the drive. Your best bet it to go into your registry and do a manual remove of the problem.

Please Moe! Say it isn't SO! I really, really don't want to start all over again.

I don't care if the code is still on the dive, so long as it is dead, dead, dead. Heck, I still test positive for TB. Never had the disease. Just came in contact with the bacteria while in the USAF.


Thanks, That is the program I have tried. It can't find the virus??? I will look into this Malwarebytes.

be sure to shut down system restore before running the removal programs.
sometimes these bad guys hide in the restore files.

This caca has corrupted the system restore. It has shut it down. :(


Something to look at; http://www.norman.com/support/support_tools/malware_cleaner/

Used this a good while back. Very effective at getting down and dirty. YMMV...

Will go there and look it up. Thanks!

A while back my PC got pretty corrupted and I found this place called newbie.org. It's like an SOH for 'puter geeks (no offense intended) . Anyways they have a PC cleanup page in the forum which saved my butt. They even have a page with tips to clean out your system before you post a problem (http://www.newbie.org/help/index.php?showtopic=11) . I've actually used that page a couple of times.

rayrey10~ Great link! I just saved it in my favorites. Thank you!

I LOVE reinstalling my OS. I got on a fling with several LInux OS's and sometimes would load more than one in a day's time. There is no more sure way to kill anything and everything than a complete wipe/format/restart. I know that's NOT what you want to hear, I"m sure! But if all else fails it will do.

You say it's a new computer? You made the backup disk first thing, yes? This is exactly what that disk is good for. It will return you to factory settings and you can start fresh.

Might I suggest you get yourself a hardware firewall? I've not run ANY A/v for several years now and I've had no issues. I'm behind my router, that's it. NO viruses in years.

I LOVE reinstalling my OS. I got on a fling with several LInux OS's and sometimes would load more than one in a day's time. There is no more sure way to kill anything and everything than a complete wipe/format/restart. I know that's NOT what you want to hear, I"m sure! But if all else fails it will do.

You say it's a new computer? You made the backup disk first thing, yes? This is exactly what that disk is good for. It will return you to factory settings and you can start fresh.

Might I suggest you get yourself a hardware firewall? I've not run ANY A/v for several years now and I've had no issues. I'm behind my router, that's it. NO viruses in years.

That is what is strange. The wireless router has a firewall. However, I was connected to oneof the hardwire ports. Will that make a difference?

I am running the Norman scan right now.

Something to look at; http://www.norman.com/support/support_tools/malware_cleaner/

Used this a good while back. Very effective at getting down and dirty. YMMV...

OK .......... How do get rid of this sucker? I downloaded and ran it and now can't find it to uninstall now can I delete the downloaded file.

That is what is strange. The wireless router has a firewall. However, I was connected to oneof the hardwire ports. Will that make a difference?

I am running the Norman scan right now.

That is how I'm running. Are you going to known safe sites only?

OK .......... How do get rid of this sucker? I downloaded and ran it and now can't find it to uninstall now can I delete the downloaded file.

IIRC (and three cups of coffee haven't really helped so far this morning!), there isn't an uninstaller, per se. It installs to a folder and you can just remove the folder. If you can find the folder you installed it to. That's why I always specify where I want things to go. I have a \Utilities folder on drive C: and all programs like this get directed to this folder for install. If it won't let me and it wants to plant itself in \Program Files, I cancel the install.

JMIG,
Did you go to the BleepingComputer site that I suggested in my earlier post and start a ticket on it with them, they really are very good and have pulled my bacon from the fire on several occasions.
CAD

JMIG,
Did you go to the BleepingComputer site that I suggested in my earlier post and start a ticket on it with them, they really are very good and have pulled my bacon from the fire on several occasions.
CAD

Yes, I did. Thanks a bunch! They also talked about malwarebyte. I downloaded and the Norton program. The malware program seemed to work. I am retesting with SpyBot as I type. If it is clean, I will buy the Malwarebyte program.

*fingers crossed*

rayrey10~ Great link! I just saved it in my favorites. Thank you!
Same here rayey10. You can never have enough bookmarks to good information. :wavey:

Told ya, John!


;) :d

I really hope you're now in the clear with this virus, John, but Wikipedia says it attacks the Malwarebytes program, too.

http://en.wikipedia.org/wiki/Vundo

I "think" I have it removed. I downloaded a free copy of a program called "SpyWare Doctor" by PC Tools. This sucker told me I had 192 malware items and for only $49 bucks, it would remove them.

That chapped my backside royally. It says I have this problem and it can remove it for a fee. Funny, ran four other similar programs and they aren't finding 192 items. I am HIGHLY suspicious that this program is THAT much better than the others.

John, be cafeful about those programs that promise to remove viruses and stuff for a fee. Quite a few of them are snake oil and the only thing they're designed to remove is money from your wallet.

Combofix, bleepingcomputer.com (If you have a 32bit OS)
MBAM, get it at download.com
Spybot

Run them in safe mode with networking and you should be able to get rid of it. Use a program like CCleaner to get rid of all of the excess files, also found at Download.Com

After you are done with that, run a regular scan with your Antivirus and clean up anything left.

I still have it. I ran Combofix and something called GMER. GMER shows something in one of he sectors. Everything shows clean except for the SpyBot sweep. It keeps showing the Virtumonde.dll being present. However, it must be hidden. I can't find it in the location shown by SB. SB will delete it, but the next time you boot, it is back.

At least the registry seems to be fixed, I think am getting closer.