1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

malware infection!

Discussion in 'Computer Security' started by twizzle, Mar 23, 2008.

  1. twizzle

    twizzle Gigabyte Poster

    1,838
    33
    104
    hey fellas need some help.

    Turns out my pc has no become infected with some malware.Unsure where it came from, and even how it managed to get on my pc considering that i have Spybot s&D, Ad-Aware and NOD32 running. Anyway its called Vitumonde.dll and i'm having problems removing it.
    I'v run all 3 above, Trends Housecall, Ewido AVG, Kaperskys online checker, stinger and i've done what i can in safe mode (deleted the infected iles and removed some registry entries etc) every check says reved or fixed, until i reboot the pc and it becomes re-infected.
    I have tried to google this one nd just cannot seem to find a good bit f advice on how to get rid of this apart from what i have done. So any suggestions? have i missed something??

    Its getting really annoying as it runs another instance of IE when i run IE, sending me to pages of Ads. I want tmake sure i have tried everything before the last resort of reformatting and re-installing all (wont use system restore as i know this gets infected too)
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  2. MrNerdy

    MrNerdy Megabyte Poster

    544
    4
    0
    By googling your problem i found THIS
    Or try THIS
    It may just be a case of working through the list until you find something that works!
     
    Certifications: ECDL, CiscoIT1 & A+
    WIP: Girlfriend & Network+
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Actually system restore should be the first you try in safe mode. I know many people say this wont work but if you can pick a restore point from a point in time before the machine got infected then that might be all you need to do. It is possible that some of the restore points may have the malware included though.

    When you reboot is your PC connected to the internet? Either the malware is downloading itself again or being recreated from a start-up process.

    Few things you can try:
    *System restore in safe mode
    *Run all the spyware checks in safe mode again
    *Log on as a different user account
    *Run Filemon as this will tell you exactly what is running in the background. Delete the malware files as needed.
    http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx
    *Icesword is useful as well, also deletes files that are in use.
    http://www.softpedia.com/get/System/System-Info/IceSword.shtml
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    ComboFix may be worth a look also - I haven't researched your particular problem, but I've used it on a few computers and it always does well.

    Linky
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  5. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152
    Twizzle, you can try counterspy and see if it works it is what mary and I use. They have a 15 day free trial. Adware, counter spy, just don't keep their stuff up todate well enough anymore.
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  6. twizzle

    twizzle Gigabyte Poster

    1,838
    33
    104
    Mr Nerdy, thanks for the googles but i've already tried the first one and that didnt work. Hijackthis listed some processes that i removed but to no avail.
    Derkit, tired Combofix but now my pc wont boot either to safe mode or normal windows, and at the mo i cant even find my xp disk!!

    Bugger it all, will have to formt and start again! ( well there goes the bathroom tilling this weekend and i was so looking forward to doing that!!! ;) )
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  7. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I've had some pretty bad malware last week called virusheat and no anti-spyware/malware helped except for this app.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  8. twizzle

    twizzle Gigabyte Poster

    1,838
    33
    104
    Well just spent the last hour or so re-installing windows. Had to wipe the exisiting install but fortunatley not teh whole drive. Now i'm just running the Profs app to see if that finds anything.
    What surprises me is that NOD didnt remove it and thats sposed to be one of the best, neither did Trend or AVG.
    malware and Viruses are just getting too good these days!
     
    Certifications: Comptia A+, N+, MS 70-271, 70-272
    WIP: Being a BILB,
  9. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    The reason that NOD and AVG and other similar programs didnt remove it is that it's not a virus as such. it is addware, something that you have infected your computer with by using Internet Explorer and have most likely inadvertantly, agreed to the installation thereof.

    Foor goodly sake, now your PC is clean again, the best protection against these nasties is to not use IE.. Use Fx or Opera for your usual day to day browsing. It is the Active X controls built into IE, mainly for the purposes of Windows update that these malware writers exploit in order to get their crap into your system. Only use IE on sites you need to and *trust*, ie some banks and Microsoft etc.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...