virtumonde

[tampaguy]

Hello everyone,

I am operating a Dell Precision M90, have Spy Sweeper and Mc Afee, still managed to get a virtumonde. Spy sweeper catches virtumonde and troj/bho-hg on sweeps but aparently it can't get rid of them. As I start the computer I get a message that LAMAZUNA.dll is not a valid file. The computer boots up and runs kind of slow when I use my CAD program, but the minute i get on explorer it starts with the pop-up windows and antivirus deals. Downloaded microsoft malware but it dosn't seem to do anything. Tried the recovery route, it gives me dates to restore to but after the recovery ends it messages that is not able to complete the recover. Any help will be greatly apreciated. Thanks.
Tampaguy

[CBMatt]

Start here: http://www.computerhope.com/forum/index.php/topic,46313.0.html

[tampaguy]

CBMatt,

Thanks very much for your propmt reply and help. Here are the logs.


[attachment deleted by admin]

[CBMatt]

It's my pleasure, tampaguy.  Your log doesn't look too bad, but go ahead and do the following...

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[tampaguy]

Here are the logs.

Once again thanks for your help & happy holidays!!



[attachment deleted by admin]

[CBMatt]

Happy holidays and I apologize for the delayed response.  I was spending time with my family and my wife's family; I'm sure you understand.  In any case, your logs look pretty clean now.  How are things running on your computer?

[tampaguy]

The computer is runing very nicely, my CAD programs are much faster and the popups are gone. Your help was a perfect christmas present. Thanks again.

[CBMatt]

You're very welcome; I'm glad that things are working out.  Before you go, I've got a few more things for you...

Since you no longer need ComboFix, go ahead and uninstall it.  Go to Start > Run and type combofix /u (note the space between combofix and /u) and click OK.

If that doesn't work, then download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it yourself.

Then you'll want to clean out your System Restore.  This is to remove any infected files that have been backed up by Windows.  Please follow these steps...

1.  Go to Start > Programs > Accessories > System Tools > System Restore
2.  Click on System Restore Settings.
3.  Check Turn off System Restore and click OK.
4.  Restart your computer.
5.  Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK.
6.  Create a new restore point and close the program.

System Restore will now be active again.  If you would like to learn more about System Restore, go here.


Also, you don't appear to have a decent active firewall.  You're vulnerable without one, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!  Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.