Author Topic: need help (Read 572 times)

CAP1 · « **on:** February 02, 2009, 10:08:26 PM »

ok.........i thought i beat whatever was in my puter yesterday.

whatever it is, it's trying to change my registry. spybot search and destroy is blocking anything from being changed, and when i have it search, it finds virtumondo something or other. it won't remove it, although it takes me to the registry to remove it myself. only problem is that when i reboot, it's still there. i've done this a dozen times, and still the same thing. right now, if i minimize this window, i'll have an entire monitor covered with spybots alerts telling me that it;s blocked these things.
one of them is denying a change of "bootexecute". there's one blocking a change to "excludeknowndlls"

and there's one for denying a change to "ac966f10".

i'm pretty lost right now, and don;t think i still have the original windows cd laying around anymore. this is the machine i fly on, and it kinda sucks right now.

any one of you got more of a clue than i do?

i'm running windows xp service pack 2.

thanks!!

john

almost forgot.....i tried to do a system restore, but i don't have any restore points before yesterday for some reason.

drdeathx · « **Reply #1 on:** February 02, 2009, 11:07:05 PM »

Quote from: CAP1 on February 02, 2009, 10:08:26 PM

ok.........i thought i beat whatever was in my puter yesterday.

whatever it is, it's trying to change my registry. spybot search and destroy is blocking anything from being changed, and when i have it search, it finds virtumondo something or other. it won't remove it, although it takes me to the registry to remove it myself. only problem is that when i reboot, it's still there. i've done this a dozen times, and still the same thing. right now, if i minimize this window, i'll have an entire monitor covered with spybots alerts telling me that it;s blocked these things.
one of them is denying a change of "bootexecute". there's one blocking a change to "excludeknowndlls"

and there's one for denying a change to "ac966f10".

i'm pretty lost right now, and don;t think i still have the original windows cd laying around anymore. this is the machine i fly on, and it kinda sucks right now.

any one of you got more of a clue than i do?

i'm running windows xp service pack 2.

thanks!!

john

almost forgot.....i tried to do a system restore, but i don't have any restore points before yesterday for some reason.

Download vundofix:

VundoFix description

A useful application that will clean Virtumonde viruses from your computer

VundoFix.exe is a removal tool developed to remove Virtumonde infections.

If you are infected, you will be bombarded with popups for WinFixer, Amaena, WinAntiVirus, ErrorSafe, SystemDoctor and DriveCleaner.

Downloading and running these Fraudware applications will result in a fake scan telling you that you are infected with malware then telling you that you need to buy their program to remove the malware that it found. DO NOT BUY THESE PROGRAMS. They are scams and will not remove anything but could possibly make your infection worse.

A slowdown in PC performance may also be noticed when Vundo is running as well as the possibility of random BSOD's.

After you run vundofix rerun your spyware. I would think your updated anti virus would pick this up and quit surfing those nasty websites!

CAP1 · « **Reply #2 on:** February 02, 2009, 11:37:50 PM »

Quote from: drdeathx on February 02, 2009, 11:07:05 PM

Download vundofix:

VundoFix description

A useful application that will clean Virtumonde viruses from your computer

VundoFix.exe is a removal tool developed to remove Virtumonde infections.

If you are infected, you will be bombarded with popups for WinFixer, Amaena, WinAntiVirus, ErrorSafe, SystemDoctor and DriveCleaner.

Downloading and running these Fraudware applications will result in a fake scan telling you that you are infected with malware then telling you that you need to buy their program to remove the malware that it found. DO NOT BUY THESE PROGRAMS. They are scams and will not remove anything but could possibly make your infection worse.

A slowdown in PC performance may also be noticed when Vundo is running as well as the possibility of random BSOD's.

After you run vundofix rerun your spyware. I would think your updated anti virus would pick this up and quit surfing those nasty websites!

thanks dude......gonna go search for vundofix now.......i have avg8 running for the last 1.5 hours, and it found 2 trojans so far......i did a search for rundll's, and found a few that were only made in the last 2 days, so deleted thewm also.

Getback · « **Reply #3 on:** February 03, 2009, 12:06:00 AM »

I got a virus for the first time in years yesterday. The computer seemed to acting okay but I thought well something didn't seem right. I can't put my finger on it. So I ran Avast and sure enough it was a Trojan virus. I then ran it on the other computer to see what was there. It found two issues. I had to reboot it after the scan to get rid of them. Avast will scan prior to loading windows. Nice feature.

CAP1 · « **Reply #4 on:** February 03, 2009, 08:07:36 AM »

i think i'm screwed. i ran AVG8 last night, and after 2.5 hours(deep scanning) it found 5 different trojans, and quarinteened them in the virus vault. i deleted them from there. re-booted, and same thing....constant alerta from spybot that something was trying to change my registry.
i ran the vundofix, and it found nothing. the only thing i can think of that i might've done wrong, is that i never turned off system restore while i was scanning. right now, i have it booted in safemode, and spybot scanning while i'm at work. hoping that when i get home tonight, that i can delete the registry lines that this thing created, and maybe it'll work, since the puters in safemode.

other than that, i'll be doing a new puter i think...........

BaldEagl · « **Reply #5 on:** February 03, 2009, 09:08:28 AM »

You might try Bazooka. It's worked well for me and others that I know in the past. Freeware at download.com.

VonMessa · « **Reply #6 on:** February 03, 2009, 09:17:52 AM »

Backup personal and important files (I bet you do it on a regular basis, right?

)

Reinstall OS.

Easy fix, and it runs faster. Can't argue with a clean slate.

or

Keep 1 computer just for d/l's and crap you don't trust and quarantine it from your network.

Denholm · « **Reply #7 on:** February 03, 2009, 03:44:00 PM »

Have you tried the free trial of ESET NOD32? Not guaranteeing it will find it, just something else to try.

I fought this same pesky bug on a neighbor's computer. And ironically I fought it twice (neighbor downloaded the same junk all over again). This thing is smart and finds ways to destroy your computer.

maddafinga · « **Reply #8 on:** February 03, 2009, 09:34:32 PM »

It also helps a lot to run your scans in safe mode, that way nothing can write itself to different parts of your computer so as to avoid being totally removed.

MrRiplEy[H] · « **Reply #9 on:** February 06, 2009, 10:59:05 AM »

There's a free online scan option also with Nod32, http://www.eset.com/onlinescan/

requires IE to work.

Aces High Bulletin Board

Author Topic: need help (Read 572 times)

CAP1

need help

drdeathx

Re: need help

CAP1

Re: need help

Getback

Re: need help

CAP1

Re: need help

BaldEagl

Re: need help

VonMessa

Re: need help

Denholm

Re: need help

maddafinga

Re: need help

MrRiplEy[H]

Re: need help