virtumonde infecting my computer

[evilfantasy]

OK that's what I needed.


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

How is the computer running now?

.

[sanmil0963]

Now when I restart my computer I keep getting a messages "Windows Genuine Advantage Notification" Should I worry about that and how do I remove it off my startup?

[evilfantasy]

This should take care of that.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
c:\windows\Tasks\WGASetup.job
c:\windows\system32\KB905474\wgasetup.exe

:Commands
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

The notification should be gone now.

Anything else going wrong?

[sanmil0963]

I just ran spybot again and it is still detecting adware. Will this clear up?

[evilfantasy]

Where is it saying it is finding the adware?

[sanmil0963]

I didn't pay any attention. It was 7 problems, so I just hit fixed.

[evilfantasy]

It might just be cookies which are harmless.

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[sanmil0963]

Thank you for all the help. My computer is clean. 

[evilfantasy]

Your welcome.

Safe surfing...

[sanmil0963]

IT'S BACK 
In addition, it has put an Administration password on my computer and now I am locked out. Please help.

[evilfantasy]

I don't know how to help with that other than reformat and reinstall.

[sanmil0963]

Does this means I am going to lose everything?   

I kinda thought that. That's why I pulled out the cd's

[sanmil0963]

Is Mozy any good? Is it safe?

[evilfantasy]

Are you blocked from logging on due to the Admin password?

[sanmil0963]

Yes. I never set a password and hitting enter doesn't work, nor does trying to bypass it through safemode.