Computer & Virus Problem

[eduardo]

I have had problems with my desktop over the last couple of days and after running several scans I have found that it is infected with both the Virtumonde and Win32.Trojan.Killproc viruses.

I have scanned it with Norton Anti Virus 2007 which doesn't even detect either. However Ad-Aware Se Personal 2007 does find them both although even though I try to remove them with that it isn't successful.

I have included the log file from Ad-Aware at the bottom of this post with the locations of the viruses.

For the Virtumonde I have also tried the removal tools on the page I listed above as well as the the Symantec one here but none of these actually removes them or quarantines them.

They are located in the registry and I can locate to that manually by clicking start>run and typing regedit and locating to those files so should I delete them manually?

Should I back up the registry first although is there much point in doing that if there are infections in that registry?

Should I do all this in safe mode?

Any advice would be welcomed.

As for the Win32.Trojan.Killproc then this looks to be a particularly nasty (and new) virus. It is located in my Systems Information Folder and I can access that folder here by following those instructions.

Should I delete this virus file manually by locating it in Windows Explorer?

Again should I do this in safe mode?

Any help as always would be greatly appreciated by anyone who can help.

If it helps then I am running Windows XP SP2 Home with Norton Internet Security 2007 with Ad-Aware Se Personal Free. I have also manually turned off System Restore before I did the scans and tried removing them that way.

Lastly the Ad-Aware Log File is below:-

763 Virtumonde Malware 10
[300016104] Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
[300016204] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\shellexecutehooks Value: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
[300034732] Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
[300034734] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\shellexecutehooks Value: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}



1518 Win32.Trojan.KillProc Malware 10
[87891] File: C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP320\A0087406.exe

[Lizard]

Before you do anything Ed, do you know when your machine was infected, because if you can pinpoint a date you can do a system restore prior to being infected, then turn of system restore for a while and do a complete scan preferably with spybot and see if your systems clean.

[eduardo]

Thanks for your post Mr Lizard.

I think it was Sunday mate.

I tried doing a systems restore but that failed and I have tried doing that before and it failed then so I believe that the systems restore doesn't work on this desktop.

Why I'd have no idea.

I haven't used Spybot because when I installed Norton 2007 it removed Spybot first as it said it was incompatible with that program.

[Jacques]

Try a scan with

You need to use the IE browser

[keithphillips]

When my computor was infected it stopped the systems restore from working. It may be that.

Keith

[eduardo]

Ok thanks Jaques for the Bit Defender link.

I ran that this evening and it didn't show up the Virtumonde infection. Nor does it show up when I run Norton AntiVirus but they are in the Registry. The only Virus/Spyware application that shows it up is Ad-Aware.

I think what I'll do is back up the Registry tomorrow and remove the files manually and see what happens there.

The Bit Defender did find something else though which all the others haven't which was a Trojan.Peed.Gen which was in my C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache59065.tmp and it has removed that so thanks for again for the link.

Keith as for the Systems Restore then that hasn't worked for over a year and the Win32.Trojan.Killproc has only showed up recently. It could be that although I'm thinking it might be something else causing it not to work.

Anyway I've managed to get rid of the Win32.Trojan.Killproc virus.

Many thanks to Lizard, Jaques and Keith for replying which was greatly appreciated as always.

[Snake Diamond]

I'm not sure what Firewall you use, but get a powerful 1 SOON, as well as DROP Norton Anti-Virus, biggest piece of shit, same as McAffee.

Goto & grab yourself a copy of AVG, there are 3 diff versions available, I use the Free version, almost daily updates, & it is shit-hot on catching even the newest virus's. I've only had 3 infections in the last 2 years, & even then they didn't do anything, cause AVG killed them before they finished downloading to my pc.

[Sam Slater]

Hey Snake, have a good Christmas?

[Snake Diamond]

Hiyas Sam, no, not really, lol.

Xmas was boring, & over the xmas period my HDD E: Drive died (300Gb). Various people/company's I spoke to wanted anywhere tween 30.00 - 150.00 per hour, just to take a look at it & see if they could repair it. Well, after spending days searching online, I managed to find a piece of software for free that could do the job, which it did. It managed to fix it, & got most of the data back.

When I think I'm finally back to normal, my other HDD D: Drive takes a shit (80Gb), it royally screwed up. It's taken me the last few days to get that little sod back up n running, but I have permanently lost just over 30Gb of data from that disk, including ALL of my Registration/Login/Password Information to literally hundreds of websites & the various software programs that I regularly use.

So yeah, xmas/new year has been challenging for me, lol.

Anyway, how was your xmas/new year ?

[Trumpton]

I have installed Steganos 2007 AVP. It's very good. It has detected and neutralised a number of trojans from gaining access to my computer. It also has a twice, or sometimes thrice, daily security signatures.