Guest xxsassxx31 Posted October 1, 2008 Posted October 1, 2008 Hello! I appreciate this forum and the help you provide and hopefully you guys can help me with this annoying problem. I am running a Windows Vista on an HP 32-bit laptop system. I somehow acquired that "Windows Antivirus 2009" on my system and I have the following security software on my computer (I disable some of them sometimes which I maybe should not have done): McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender, the paid online version of PandaSecurity anti-virus scan (which is usually very good!), and UniBlue spyeraser. I ran these various programs multiple times and before I ran these scans, my computer was absolutely horrendous as windows were popping up etc and my typing was much slower and it was driving me crazy. All of my Spyware seemed to be destroyed except Virtumonde.prx won't remove! I run the Spybot Search & Destroy and it "locates" this file and I click on remove but I run the scan again and it is still there! I run Windows Defender and it find the trojan and says "it removed it" but the file is still there every time I run a scan! I am just going crazy and I am scared that it can take my passwords so it is holding me back from my work! The Panda scan which is the most useful product I have ever used can't even locate these files! Again, thanks so much for all your diligence and help and please let me know what I can potentially do to fix this problem. To avoid using internet explorer, I am using my AOL as it seems to be separate from the Windows internet explorer. Thanks again! -- xxsassxx31 Quote
Guest Malke Posted October 1, 2008 Posted October 1, 2008 xxsassxx31 wrote: <span style="color:blue"> > > Hello! I appreciate this forum and the help you provide and hopefully > you guys can help me with this annoying problem. I am running a Windows > Vista on an HP 32-bit laptop system. > > I somehow acquired that "Windows Antivirus 2009" on my system and I > have the following security software on my computer (I disable some of > them sometimes which I maybe should not have done): > > McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender, > the paid online version of PandaSecurity anti-virus scan (which is > usually very good!), and UniBlue spyeraser. > > I ran these various programs multiple times and before I ran these > scans, my computer was absolutely horrendous as windows were popping up > etc and my typing was much slower and it was driving me crazy. > </span> (snippage) Your computer is still infected and there is probably a guardian rootkit. At this point, either get guided help at one of the specialty forums below OR back up your data and do a clean install of Windows. It is your choice. If you are unsure how to back up your data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.org/downloads/hijackthis.zip http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest Mick Murphy Posted October 2, 2008 Posted October 2, 2008 Download, install and update Malwarebytes. Then go into Safe Mode, and scan your System with Malwarebytes,then Spybot search & destroy, and then your Anti-virus. Info on getting into Safe Mode below. http://www.malwarebytes.org/mbam.php Malwarebytes is as the name says, a Malware Remover! For the Free version scroll down their page to either download from Download.com, or Major Geeks.com Download, install, and update. Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER. RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode. -- Mad Mike "xxsassxx31" wrote: <span style="color:blue"> > > Hello! I appreciate this forum and the help you provide and hopefully > you guys can help me with this annoying problem. I am running a Windows > Vista on an HP 32-bit laptop system. > > I somehow acquired that "Windows Antivirus 2009" on my system and I > have the following security software on my computer (I disable some of > them sometimes which I maybe should not have done): > > McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender, > the paid online version of PandaSecurity anti-virus scan (which is > usually very good!), and UniBlue spyeraser. > > I ran these various programs multiple times and before I ran these > scans, my computer was absolutely horrendous as windows were popping up > etc and my typing was much slower and it was driving me crazy. > > All of my Spyware seemed to be destroyed except Virtumonde.prx won't > remove! I run the Spybot Search & Destroy and it "locates" this file and > I click on remove but I run the scan again and it is still there! I run > Windows Defender and it find the trojan and says "it removed it" but the > file is still there every time I run a scan! I am just going crazy and I > am scared that it can take my passwords so it is holding me back from my > work! The Panda scan which is the most useful product I have ever used > can't even locate these files! > > Again, thanks so much for all your diligence and help and please let me > know what I can potentially do to fix this problem. To avoid using > internet explorer, I am using my AOL as it seems to be separate from the > Windows internet explorer. Thanks again! > > > -- > xxsassxx31 > </span> Quote
Guest Medpegasus Posted December 4, 2008 Posted December 4, 2008 I tried all these steps and I still have the same spyware in my system. Can't delete Virtumonde.prx for some reason? Any other solutions? -- Medpegasus ------------------------------------------------------------------------ Medpegasus's Profile: http://forums.techarena.in/members/medpegasus.htm View this thread: http://forums.techarena.in/vista-security/1047727.htm http://forums.techarena.in Quote
Guest Gordon Posted December 4, 2008 Posted December 4, 2008 "Medpegasus" <Medpegasus.3jwjrb@DoNotSpam.com> wrote in message news:Medpegasus.3jwjrb@DoNotSpam.com...<span style="color:blue"> > > I tried all these steps and I still have the same spyware in my system. > Can't delete Virtumonde.prx for some reason? > > Any other solutions?</span> To whom are you talking and about what? The "forum" that you are posting in leaches off the Microsoft News servers in order to make it look far busier than it really is. Everyone who uses the MS News servers sees your post on it's own - we have NO IDEA what you are talking about and to whom you are talking. If you MUST continue to post in this "forum" then please at least quote the post you are replying to, and do NOT change the subject line. You would be far better off however, using a news reader and subscribing to these news groups direct. Setting up Outlook Express/Windows Mail to access Microsoft newsgroups http://www.michaelstevenstech.com/outlooke...ssnewreader.htm Accessing the MS newsgroups in Outlook Express/Windows Mail Newsreader http://www.microsoft.com/windowsxp/expertz...groupsetup.mspx Thank you -- Asking a question? Please tell us your OS, Service Pack level and the FULL contents of any error message(s) Quote
Guest Medpegasus Posted December 4, 2008 Posted December 4, 2008 What kind of response is that? I did not change the subject and replied my comment below the same discussion. I am asking help from everyone who sees this forum and might have an idea how to help. My question is once again how to remove this Virtumonde.prx despite doing all the steps described above? Gordon, you please do not respond! -- Medpegasus ------------------------------------------------------------------------ Medpegasus's Profile: http://forums.techarena.in/members/medpegasus.htm View this thread: http://forums.techarena.in/vista-security/1047727.htm http://forums.techarena.in Quote
Guest Malke Posted December 4, 2008 Posted December 4, 2008 Medpegasus wrote: <span style="color:blue"> > > What kind of response is that? I did not change the subject and replied > my comment below the same discussion. I am asking help from everyone who > sees this forum and might have an idea how to help. > > My question is once again how to remove this Virtumonde.prx despite > doing all the steps described above?</span> The problem is that none of us who help in these newsgroups can see the "forum" that you do because it isn't a real forum. It's just a web interface that leeches Usenet newsgroup posts. So I have no idea what the "steps described above" entail because there is no above here. A better way to access newsgroups is by using a real newsreader. This is very easy to set up and I'll give you information about that at the end of this post. If you would still prefer to use a forum, then www.computerhaven.info is a warm and friendly place and it is a real forum. For the malware infection, because I have no idea what you've already tried (because remember there's no "above" here), I'll give you the full answer. Probably at this point you should go directly to getting guided help, but that's your choice. A. Malware removal Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions You can also check to see if there are targeted removal steps for your malware here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html Or here: Malwarebytes malware removal guides - http://tinyurl.com/5xrpft When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. B. Usenet newsgroups Since you are using a web interface, you may not realize that this is really a newsgroup. You will get far more out of this resource if you learn to use a newsreader. There are many good newsreaders for Windows, but you can use Outlook Express (XP) or Windows Mail (Vista) since you already have it. Here are some links to information about newsgroups: About Usenet: http://en.wikipedia.org/wiki/Usenet http://www.faqs.org/faqs/ - Usenet FAQs from the Internet FAQ Archives http://www.usenetmonster.com/infocenter/ http://www.elephantboycomputers.com/page2.html#Usenet - a brief explanation of newsgroups Outlook Express/Windows Mail as Newsreader: http://michaelstevenstech.com/outlookexpressnewreader.htm http://rickrogers.org/setupoe.htm http://vistasupport.mvps.org/accessing_new...indows_mail.htm How to Post: http://www.elephantboycomputers.com/page2.html#Usenet http://support.microsoft.com/default.aspx/kb/555375 - How to Ask a Question http://users.tpg.com.au/bzyhjr/liszt.htm - How Not to Get Technical Help on Usenet http://www.catb.org/~esr/faqs/smart-questions.html http://aumha.org/nntp.htm - list of MS newsgroups microsoft.public.test.here - MS group to test if your newsreader is working properly http://www3.telus.net/dandemar/munad.htm - how to munge email address http://en.wikipedia.org/wiki/Crossposting - crossposting http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting Other Newsreaders for Windows: http://www.forteinc.com/main/homepage.php - Forte http://www.mozilla.org - Thunderbird Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest FromTheRafters Posted December 5, 2008 Posted December 5, 2008 "Medpegasus" <Medpegasus.3jwxna@DoNotSpam.com> wrote in message news:Medpegasus.3jwxna@DoNotSpam.com...<span style="color:blue"> > > What kind of response is that? I did not change the subject and replied > my comment below the same discussion. I am asking help from everyone who > sees this forum and might have an idea how to help. > > My question is once again how to remove this Virtumonde.prx despite > doing all the steps described above? > > Gordon, you please do not respond!</span> The answer is in the post two posts below this one, pay particular attention to the parts highlighted in RED. Quote
Guest FromTheRafters Posted December 5, 2008 Posted December 5, 2008 In case anyone wants to know what was "above" its post. http://forums.techarena.in/vista-security/1047727.htm "Medpegasus" <Medpegasus.3jwxna@DoNotSpam.com> wrote in message news:Medpegasus.3jwxna@DoNotSpam.com...<span style="color:blue"> > > What kind of response is that? I did not change the subject and replied > my comment below the same discussion. I am asking help from everyone who > sees this forum and might have an idea how to help. > > My question is once again how to remove this Virtumonde.prx despite > doing all the steps described above? > > Gordon, you please do not respond! > > > -- > Medpegasus > ------------------------------------------------------------------------ > Medpegasus's Profile: http://forums.techarena.in/members/medpegasus.htm > View this thread: http://forums.techarena.in/vista-security/1047727.htm > > http://forums.techarena.in > </span> Quote
Guest Ken Blake, MVP Posted December 5, 2008 Posted December 5, 2008 On Thu, 4 Dec 2008 22:10:12 -0500, "FromTheRafters" <erratic@nomail.afraid.org> wrote: <span style="color:blue"> > The answer is in the post two posts below this one, pay particular > attention to the parts highlighted in RED. </span> Let me point out that what you see as two posts below this one is not what everyone sees. Not everyone sorts posts the same way you do, not everyone has all the same posts visible that you do, and what posts are in any newsgroup depends on when you view that newsgroup. -- Ken Blake, Microsoft MVP - Windows Desktop Experience Please Reply to the Newsgroup Quote
Guest FromTheRafters Posted December 5, 2008 Posted December 5, 2008 "Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in message news:2ugij4p73ejcoj8258th9speprp2r7djvl@4ax.com...<span style="color:blue"> > On Thu, 4 Dec 2008 22:10:12 -0500, "FromTheRafters" > <erratic@nomail.afraid.org> wrote: ><span style="color:green"> >> The answer is in the post two posts below this one, pay particular >> attention to the parts highlighted in RED.</span> > > > Let me point out that what you see as two posts below this one is > not what everyone sees. Not everyone sorts posts the same way you do, > not everyone has all the same posts visible that you do, and what > posts are in any newsgroup depends on when you view that newsgroup.</span> Exactly - it was intended as a demonstration to the OP that one can't be sure that what one refers to can be seen by the reader. Quote relevant material rather than just say "..me too, and I did just what was described above...". Especially when using web-to-usenet gateways pretending to be lively "forums". Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.