Virus that im trying to remove from my clients pc. Been at it for hours and i have gotten off all other 12,238 problems except this one so far.
Its Virtumonde.C.
PITA.
Boot from another OS.
oooo, my Dad's comp is plagued by that one, cant get the POS off...
12,238?!!?
Dump your "local settings/temp" and "local settings/Temporary Internet Files" in safe mode, then run ComboFix, if it prompts a restart, make sure you restart into safe mode.
VSMIT.
That is where a BartPE disk comes in handy...
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) via GreaseMonkey (http://greasemonkey.mozdev.org/)
Quote from: Steeveeo on September 14, 2008, 08:26:14 PM
oooo, my Dad's comp is plagued by that one, cant get the POS off...
12,238?!!?
Yep. All counted my hand and eyes. Also AVG command line scanner keeps finding 3 and cant remove them i may have to try to remove them manually in safe mode.
Quote from: VSMIT on September 14, 2008, 08:33:43 PM
Dump your "local settings/temp" and "local settings/Temporary Internet Files" in safe mode, then run ComboFix, if it prompts a restart, make sure you restart into safe mode.
VSMIT.
Im a little scared to run combofix with the warnings and all. Just dont want the os to fail... Does it actually do the job? :|
Quote from: OvermindDL1 on September 14, 2008, 11:11:00 PM
That is where a BartPE disk comes in handy...
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) via GreaseMonkey (http://greasemonkey.mozdev.org/)
BartPE huh? How do i use that?
Quote
BartPE huh? How do i use that?
http://www.google.com/ (http://www.google.com/) .
-- GSH
Could not have said it better myself. :)
Although, I would have just hit ctrl+space, then typed: g bartpe
I like the Ubiquity Firefox extension. :)
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) via GreaseMonkey (http://greasemonkey.mozdev.org/)
Quote from: GENERAL MANSON* on September 15, 2008, 03:51:44 PM
Im a little scared to run combofix with the warnings and all. Just dont want the os to fail... Does it actually do the job? :|
Yeah. My dad is a computer consultant and he uses it when he needs to take care of a big infestation. There is a 1 in 100 chance that it will brick your computer, so make sure you back up your important files before you run it.
VSMIT.
Quote from: GENERAL MANSON* on September 15, 2008, 03:51:44 PM
Yep. All counted my hand and eyes. Also AVG command line scanner keeps finding 3 and cant remove them i may have to try to remove them manually in safe mode.
Im a little scared to run combofix with the warnings and all. Just dont want the os to fail... Does it actually do the job? :|
Yeah, combofix will work most of the time. If you're talking about the warning inside of the program itself, those are just there as disclaimers, AKA: "dont complain to us if the tool brick your computer", required legal mumbo jumbo. Most of the time, it won't do any harm to your computer whatsoever
Some spyware is very sophisticated, and many automated removal tools cant remove things that start up with the windows logon screen, -- that's when you gotta get all hardcore. I prefer using hijackthis to find out everything that starts up with the system, and for the winlogon notifiers, I use a linux liveCD to remove the files that start up as logon notifiers (since you often cannot do so while windows is running). Be warned that theres a bit of a learning curve when it comes to that, if you've never used hijackthis before, then the chances you might mess up a manual removal are rather high unless you're already pretty 'l33t' with computers, or have someone who knows what they're doing walk you through the steps.
Part of learning how to do this on your own involves a lot of Googling, making some mistakes, and the possibility that you might make a mistake which requires you to reinstall Windows.