As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Help with Virtumonde

TM2 RampageTM2 Rampage Registered User
I've been trying to use this guide http://bbayles.googlepages.com/antivundo.html to get rid of it, and I've identified the offending dlls and such by running the ListDlls program on that page, but when I navigate to my System32 folder, I can't find the dlls! They are listed in HijackThis and stuff, though...

TM2 Rampage on

Posts

  • TM2 RampageTM2 Rampage Registered User
    edited November 2008
    Anyway, I've been thinking of just getting a new hard drive (need one anyway), doing a fresh install of Windows on it, and then moving my images, videos, etc. onto it and then formatting my old hard drive.

    The thing is that I'm planning on making my old hard drive a slave drive to the new one in order to transfer my files. Is there a chance that the virus can just leap onto the new hard drive, even if I'm not copying files that are infected with the virus? The virus's files seem to be only in the System32 folder...??

    TM2 Rampage on
  • TM2 RampageTM2 Rampage Registered User
    edited November 2008
    You know what...

    Even when I run a scan with Malwarebytes' Anti-Malware, it lists infected stuff like C:\WINDOWS\SYSTEM32\
    ebokuwed.ini but I cannot find it when I go to the actual folder. I do have "show hidden files and folders" checkmarked.

    EDIT: Ohhh, there's another option for "hide protected operating system files" ...

    TM2 Rampage on
  • TM2 RampageTM2 Rampage Registered User
    edited November 2008
    I think I may have actually gotten rid of it.


    I followed the instructions on the page, renaming everything that I found on the ListDLL thing and on Malwarebyte's Anti-Malware. There were some grayed out operating system files that had names very similar to the dlls that I deleted, so I renamed those as well. During that, there were some new files that sprang up, so I renamed those as well. There was also one called "jufadoje" (no extension) that kept springing back up after I renamed it.

    Anyway I had em all renamed (As EVIL.1, EVIL.2, and so on... arbitrary names) then rebooted. I had my cable modem turned off, as well. Then I went back to my System32 folder and looked to see if there were any new files that sprang up. "Jufadofe" was there again, so I renamed it. I deleted all the files I had renamed, then looked again... "jufadofe" didn't come back.

    Then I ran Malwarbytes' Anti-Malware to get rid of the registry keys left behind, and used HijackThis to delete the things that were found to be related to Virtumonde. Luckily this time HijackThis was able to delete them, instead of having them still be there after another scan.

    TM2 Rampage on
Sign In or Register to comment.