• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

I sure could use some help with a computer virus

jmig

jmig

SOH-CM-2025
I have a virus that is kicking my butt. I have tried for two days to remove it but it is buried so deep nothing seems to work. I sure could use some help.

It is called Virtumonde. I was setting up a new computer and loading programs on to it. I connected to the net to upgrade some of the programs and just left it running for several hours...with out loading AVG. I usually do that at the end and have it do a clean sweep.

Well all of a sudden I had twenty pop up windows open. I loaded SpyBot Search and Destroy and it keeps finding Virtumonde.dll and an infected file called imkr802.dll, which cannot find this file in the System32 folder, where SB says it is located.

I have run SpyBot several times and AVG. They remove the infected files but they keep coming back when I reboot. I ran them in safe mode and still, when I reboot the crap is there trying to change registry items.

The funny part is I downloaded a couple of free programs one called Vundofix and the other VirtumondoBeGone. Both claim to search and destroy the virus. Neither sees it. I ran the Vundofix in Safe mode also. The VirtumondoBeGone won't run in Safe mode.

I am willing to buy a program to clean the system. I really don't want to nuke and sanitize the drive and then start over. However, I want any program I purchase to actually work. The two listed above have high praises sung on their sites, but they didn't help me.
 
Yikes John! Sounds like you got wham'ed with a nasty one! Hope you can eradicate it without too much trouble...althought it seems you have jumped through many hoops already...

Hopefully someone can help you?

Good Luck!

http://www.glitter-graphics.com
 
JMIG,
Hopefully the powers that be won't mind me posting this, but when I got that same virus a couple of years ago, the only solutions that I could find that worked came from this site, they appear to be very good at helping us normal type folks in getting rid of this sort of thing. Follow their instructions to the letter; hopefully they will be able to help you out as they did me.

Joe
 
be sure to shut down system restore before running the removal programs.
sometimes these bad guys hide in the restore files.
 
John, I have found out from the past that a virus will always stay on your hard drive no matter what program you use or buy. These programs either hide it or disable it. The only true way to remove any infection is to format the HD and don't us Windows to do it. Windows leaves way to much crap on the drive. Your best bet it to go into your registry and do a manual remove of the problem.
 
Trans_23 said:
Found some things to try even though you have probably done the same already.

http://www.fasterpccleanclean.com/remove-virtumonde-dll-2

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

A forum thread...

http://virtumonde.net/virtumonderemoval/Virtumonde.dll_Removal.html

These are just links I pulled up from a google search so you have probably tried some. I have a lot of luck with Malwarebytes so you may want to give it a try also.
Click to expand...


Meshman said:
Something to look at; http://www.norman.com/support/support_tools/malware_cleaner/

Used this a good while back. Very effective at getting down and dirty. YMMV...
Click to expand...


Thanks, I will check it out, too.



hey_moe said:
John, I have found out from the past that a virus will always stay on your hard drive no matter what program you use or buy. These programs either hide it or disable it. The only true way to remove any infection is to format the HD and don't us Windows to do it. Windows leaves way to much crap on the drive. Your best bet it to go into your registry and do a manual remove of the problem.
Click to expand...

Please Moe! Say it isn't SO! I really, really don't want to start all over again.

I don't care if the code is still on the dive, so long as it is dead, dead, dead. Heck, I still test positive for TB. Never had the disease. Just came in contact with the bacteria while in the USAF.


Thanks, That is the program I have tried. It can't find the virus??? I will look into this Malwarebytes.
 
A while back my PC got pretty corrupted and I found this place called newbie.org. It's like an SOH for 'puter geeks (no offense intended) . Anyways they have a PC cleanup page in the forum which saved my butt. They even have a page with tips to clean out your system before you post a problem (http://www.newbie.org/help/index.php?showtopic=11) . I've actually used that page a couple of times.
 
I LOVE reinstalling my OS. I got on a fling with several LInux OS's and sometimes would load more than one in a day's time. There is no more sure way to kill anything and everything than a complete wipe/format/restart. I know that's NOT what you want to hear, I"m sure! But if all else fails it will do.

You say it's a new computer? You made the backup disk first thing, yes? This is exactly what that disk is good for. It will return you to factory settings and you can start fresh.

Might I suggest you get yourself a hardware firewall? I've not run ANY A/v for several years now and I've had no issues. I'm behind my router, that's it. NO viruses in years.
 
flaminghotsauce said:
I LOVE reinstalling my OS. I got on a fling with several LInux OS's and sometimes would load more than one in a day's time. There is no more sure way to kill anything and everything than a complete wipe/format/restart. I know that's NOT what you want to hear, I"m sure! But if all else fails it will do.

You say it's a new computer? You made the backup disk first thing, yes? This is exactly what that disk is good for. It will return you to factory settings and you can start fresh.

Might I suggest you get yourself a hardware firewall? I've not run ANY A/v for several years now and I've had no issues. I'm behind my router, that's it. NO viruses in years.
Click to expand...

That is what is strange. The wireless router has a firewall. However, I was connected to oneof the hardwire ports. Will that make a difference?

I am running the Norman scan right now.
 
jmig said:
That is what is strange. The wireless router has a firewall. However, I was connected to oneof the hardwire ports. Will that make a difference?

I am running the Norman scan right now.
Click to expand...

That is how I'm running. Are you going to known safe sites only?
 
JoeW said:
OK .......... How do get rid of this sucker? I downloaded and ran it and now can't find it to uninstall now can I delete the downloaded file.
Click to expand...

IIRC (and three cups of coffee haven't really helped so far this morning!), there isn't an uninstaller, per se. It installs to a folder and you can just remove the folder. If you can find the folder you installed it to. That's why I always specify where I want things to go. I have a \Utilities folder on drive C: and all programs like this get directed to this folder for install. If it won't let me and it wants to plant itself in \Program Files, I cancel the install.
 
JMIG,
Did you go to the BleepingComputer site that I suggested in my earlier post and start a ticket on it with them, they really are very good and have pulled my bacon from the fire on several occasions.
CAD
 
CADFather said:
JMIG,
Did you go to the BleepingComputer site that I suggested in my earlier post and start a ticket on it with them, they really are very good and have pulled my bacon from the fire on several occasions.
CAD
Click to expand...

Yes, I did. Thanks a bunch! They also talked about malwarebyte. I downloaded and the Norton program. The malware program seemed to work. I am retesting with SpyBot as I type. If it is clean, I will buy the Malwarebyte program.

*fingers crossed*
 
You must log in or register to reply here.
Back
Top