Thread: Virtumonde Virus Infection
Results 1 to 13 of 13
-
12th Jan 2009, 3:38 PM #1
Virtumonde Virus Infection
I've fallen victim to a virus which won't go away. It seems to exist to make pop ups and other adverts for websites appear, and to direct me to 'rogue' virus cleaner websites.
I believe's it's known as "Virtumonde" and seems to manifest itself by a number of .dll files which have appeared in C:\Windows\System32. These can't be deleted, because they are always locked or in use, even when I start in Safe Mode. Winpatrol constantly asks me if I want to install a series of dll files ("opnomlLC.dl" and "pmnlijkKA.dll", though I think they are randomly named) in the startup routine. This triggered Winpatrol to suggest deleting multiple "suspicious" files from its Active Tasks tab simultaneously, but nothing in there is suspicious or can be killed.
Anyone know something free that can get rid of this? AVG doesn't seem to make it through a scan and once its started, can't be stopped.
Si.
-
12th Jan 2009, 3:49 PM #2
I actually got this the other day. Well, I got something called vundo, but the according to google they seem to be the same thing.
First I would try this http://www.symantec.com/security_res...112210-3747-99
Follow the instructions about shutting down system restore though, don't just run it as it. And also it took about an hour and a half to run on my system so it probably won't be swift.
The thing is, by the time I ran that I think I had already got rid of it with Malwarebyte's Malware removal softwarehttp://www.malwarebytes.org/mbam.php
I ran that a few times first, but when it reebooted it would still be there. Eventually I think I ran the malware tool, and then the vundo removal tool straight after. It reported that it hadn't found anything, but after that I could reboot and it didn't come back.
It still seemed to permentantly bugger up my anti-virus software though, so I had to reinstall that afterwards too. Took quite a few hours for everything to run all-in-all.
To be fair I can't be sure what it was that I did that actually resulted in the removal of the virus. I know I ran the Malwarebyte's software quite a few times, it certainly didn't work first time. I only ran the removal tool twice, but both times it said it didn't actually find anything. But maybe if you use that first, before trying anything else, it will work. I only tried starting in Safe Mode once, but I think by that time it had already gone off my system anyway.
-
12th Jan 2009, 3:52 PM #3
Thanks for that!
Will give it a try.
Si.
-
12th Jan 2009, 4:00 PM #4
I got that Malwarebytes software last year for another similar adware virus. Even the free version seems to do a pretty good job of removing stuff like this (or at least the 2 things like this that I've had).
There's also a bit of software called SmitFraudFix that removes various types of malware and adware, although it might not work for this specific type. Worth a try if nothing else works though.
-
12th Jan 2009, 4:58 PM #5Follow the instructions about shutting down system restore though, don't just run it as it.
Si.
-
12th Jan 2009, 5:05 PM #6
Because if you use the restore point then you are likely to reinstall the virus, as I understand it.
Have you tried using the restore function already, from an earlier point?
-
12th Jan 2009, 5:14 PM #7
Some viruses can hide themselves away in resore points, or in some other way manipulate them in order to find other ways to keep springing back into life. If you have some earlier restore points then you could give one a go first. If that clears up the virus problem then job done, but it won't work for hte majority of them. If you try that and the virus is still there, then those earlier restore points are uselss anyway, so by removing them you give the virus one less place to hide.
Come to think of it, it may have been my removal of them that allowed me to get rid of the virus, becuase it was only after I did that that it stopped coming back on every reboot.
-
12th Jan 2009, 5:23 PM #8
Well I've run the malwarebytes software and it appeared to detect and remove the threat (unlike Windows OneCare live scan, which found it and failed to fix it, or Spyware Doctor, which found it then asked for £40 to fix it). Fingers crossed, it seems all quiet at the moment, though I'm just waiting for that WinPatrol box to pop up, in which case I'll have to try the Vundofix one.
Si.
-
13th Jan 2009, 7:48 PM #9Chanson Guest
http://www.lavasoft.com/products/ad_aware_free.php
(on behalf of someone else)
-
13th Jan 2009, 8:13 PM #10(on behalf of someone else)
Incidentally, neither ad-aware nor CCleaner have picked up the last two viruses I had AT ALL. I wonder if either of them are any good really.
Si.
-
14th Jan 2009, 4:16 PM #11
CCleaner isn't going to detect any virus at all because that's not what it's for, it's just a utility for freeing up disk space by deleting temporary and un-needed files. It offers precisely zero defence against viruses
I agree with you about Ad-aware though, I got rid of that after it proved to be useless.
-
14th Jan 2009, 7:34 PM #12
Incidentally, that Malaware program seems to have gotton rid of the virus and the computer has been fine today (although oddly I ran an AVG scan this afternoon and it found and cleaned up one, despite no visible bad effects... something different?). So thank you very much for your help!
Si.
-
14th Jan 2009, 8:07 PM #13
I'm sure you'll have a few days of "is it really gone" paranoia, but it sounds like it was just a bit of annoying adware to try and get you to buy a product. It's sole purpose was to keep annoying you and be really obvious, so if you've got no symptoms at all it's very likely that it's gone
Similar Threads
-
Virus warning
By Stuart Wallis in forum General ForumReplies: 2Last Post: 18th Dec 2009, 4:51 PM -
Microsoft Update 3: Virus 0
By WhiteCrowNZ in forum Mr Smith, I Need You!Replies: 2Last Post: 12th Sep 2009, 8:18 PM
PSAudios 6.1. Bless You Doctor Who
[/URL] (Click for large version) Doctor Who A thrilling two-part adventure starring Brendan Jones & Paul Monk & Paul Monk Bless You,...
23rd Nov 2020, 3:02 PM