|
Posted by Buck Rogers on November 9, 2007, 12:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Buck Rogers wrote:
>> Hello,
>>
>> A client's computer is infected with Virtumonde.generic (identified by
>> Spybot S & D). This manifests itself with two icons on the desktop
>> that point to htepo.com.
>>
>> Googling htepo.com generates 411 hits and through the dialogue, I
>> downloaded a couple of programs (Vundofix by Atribune and FXVMonde
>> from Symantec).
>>
>> I ran Adaware, Spybot S &D, Vundofix and FXVMonde. Spybot and
>> Vundofix were the only ones to identify the problem. Adaware and
>> Symantec's FXVMonde didn't find it. This was done in Safe Mode and in
>> Normal Mode.
>>
>> I also ran the current version of Stinger and did a complete scan with
>> an updated Norton AV. Again this was done in Safe and Normal Mode.
>>
>> It appeared the Malware was deleted by Spybot and Vundofix (by reading
>> the logs and noting the icons were delted). After cleaning, I went on
>> line with no problems and the popups stopped manifesting themselves.
>> However, after returning the computer, the client was re-infected the
>> moment he went on line.
>>
>> The computer is up to date (XP Home), XP Firewall turned on, and
>> Norton is up to date and working correctly.
>>
>> The only reason I have to explain the re-infection is either the
>> initial clean only deleted the .dll file and not the real culprit or
>> the client is not connected to the internet properly......he is
>> plugged directly into the DSL modem with no router inbetween.
>>
>> Does anyone have any suggestions on how to clean this junk properly?
>> This is the first time in many moons I've been stumped on cleaning a
>> computer.
>>
>> I'll provide any further info you might need to help me with this
>> problem.
>
>See targeted removal steps here:
>http://www.bleepingcomputer.com/forums/forum55.html
>
>It's probably time for you to post a HijackThis log in one of the
>specialty forums below (not here, please):
>
>http://aumha.org/downloads/hijackthis.zip
>http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
>http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
>another tutorial
>http://aumha.net/ - Click on the HijackThis forum. Read the announcement
>and the stickies *first*.
>http://www.atribune.org/forums/index.php?showforum=9
>http://aumha.net/viewforum.php?f=30
>http://www.bleepingcomputer.com/forums/forum22.html
>http://castlecops.com/forum67.html
>http://www.dslreports.com/forum/cleanup
>http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>http://gladiator-antivirus.com/forum/index.php?showforum=170
>http://spywarewarrior.com/viewforum.php?f=5
>
>
>Malke
Malke,
Thanks for the quick response. I didn't mention it in my post but I
ran Hijackthis and cleaned up some stuff. I downloaded spyware doctor
and stopzilla from links at bleepingcomputer and will try them out.
I'll post back my results.
Thanks again,
Buck
| 
XML site map