It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Virus, Spyware.. Need Help? Here it is
page: 6share:
Hi all.. Just to add to the list...
A web site ran an update for Java early yesterday. I did the normal. Then after the update the applet on the web page loaded, wasn't what I was after so left the page.
I had spent a bit more time on the net and eventually thought I'd do my usual sweep and clean and reboot.
Everything was fine until about 5 minutes after reboot. Any applications I had running on the desktop would stay open, but all the desktop icons and the 'Start' button at bottom of screen would all disappear.
Cannot use right click on desktop to do 'refresh'.
Minimise any running programme and you can't restore it.
If you want to get to progs running then move the prog windows around until you can click on ones behind to bring to front.
Had to press reset button to force reboot.
Upon login I ran a-squared... nothing found.
I ran anti virus...nothing found.
I ran spybot... 3 problems found.
Name of the nasty little critter was "Virtumonde".
Tried to use spybot to remove the prog. Cleaned up my system, did a reboot. Problem still existed. Ran spybot again, same problem but different file names in registry.
Did a net search for virtumonde... oh, what a nasty little thing it is.. sneaky or what!!
Vundo or Virtumonde
So, I was left with a few possibilities upon further searches.
I tried what was suggested, Paretologic antispyware..completely useless. It found two files that had no relevance to my problem.
Killbox at least was able to stop the programme, but didn't help to fix all.
adaware could not even find the problem, let alone fix it.
This lot didn't help either...
Looked like I was going to have to dive into registry and maybe kill my system seeing as Virtumonde appears to have so many different names and can rename itself. It would be like trying to fin a pin on the moon using binocular\s from Earth.
Then I found this... FREEFIXER Very helpful little tool.
I have now completely removed Virtumonde from my system.
How?
Far easier than it would seem. Just took me nearly 12 hours to work it out
Run spybot. Let it find the problem, but don't use it to fix the files.
Once found run Freefixer.
Now go to control panel/internet options/programmes/manage add-ons and dis-able the Browser helper object that you find listed in spybot.
Now, back in spybot, below the browser helper file, there may/will be more files. Select one so it is highlighted, then right click it and choose 'more details' and then 'jump to location.
Regedit will now open. Delete that highlighted file from the registry editor.
Do the same with all other files in spybot that are below the browser helper file.
Now go back to Freefixer and select ALL the browser helper files you find that are in the same section as the BHF you have found in spybot.
DELETE the lot... Freefixer will remove them upon reboot.
With a bit of luck, that should have fixed the problem..it's fixed mine..but seeing as virtumonde seems to be adapting over time, I'm sure this might change in the future.
A web site ran an update for Java early yesterday. I did the normal. Then after the update the applet on the web page loaded, wasn't what I was after so left the page.
I had spent a bit more time on the net and eventually thought I'd do my usual sweep and clean and reboot.
Everything was fine until about 5 minutes after reboot. Any applications I had running on the desktop would stay open, but all the desktop icons and the 'Start' button at bottom of screen would all disappear.
Cannot use right click on desktop to do 'refresh'.
Minimise any running programme and you can't restore it.
If you want to get to progs running then move the prog windows around until you can click on ones behind to bring to front.
Had to press reset button to force reboot.
Upon login I ran a-squared... nothing found.
I ran anti virus...nothing found.
I ran spybot... 3 problems found.
Name of the nasty little critter was "Virtumonde".
Tried to use spybot to remove the prog. Cleaned up my system, did a reboot. Problem still existed. Ran spybot again, same problem but different file names in registry.
Did a net search for virtumonde... oh, what a nasty little thing it is.. sneaky or what!!
Vundo or Virtumonde
So, I was left with a few possibilities upon further searches.
I tried what was suggested, Paretologic antispyware..completely useless. It found two files that had no relevance to my problem.
Killbox at least was able to stop the programme, but didn't help to fix all.
adaware could not even find the problem, let alone fix it.
This lot didn't help either...
Looked like I was going to have to dive into registry and maybe kill my system seeing as Virtumonde appears to have so many different names and can rename itself. It would be like trying to fin a pin on the moon using binocular\s from Earth.
Then I found this... FREEFIXER Very helpful little tool.
I have now completely removed Virtumonde from my system.
How?
Far easier than it would seem. Just took me nearly 12 hours to work it out
Run spybot. Let it find the problem, but don't use it to fix the files.
Once found run Freefixer.
Now go to control panel/internet options/programmes/manage add-ons and dis-able the Browser helper object that you find listed in spybot.
Now, back in spybot, below the browser helper file, there may/will be more files. Select one so it is highlighted, then right click it and choose 'more details' and then 'jump to location.
Regedit will now open. Delete that highlighted file from the registry editor.
Do the same with all other files in spybot that are below the browser helper file.
Now go back to Freefixer and select ALL the browser helper files you find that are in the same section as the BHF you have found in spybot.
DELETE the lot... Freefixer will remove them upon reboot.
With a bit of luck, that should have fixed the problem..it's fixed mine..but seeing as virtumonde seems to be adapting over time, I'm sure this might change in the future.
reply to post by Tuebor
I did try vundofix..but it didn't help.
Vundo/virtumonde looks like it's being constantly worked on and adapted.
From what I've read, it's been around for at least 5 yeas and, to date, nobody has managed to create a viable programme to stop it or remove it.
I did try vundofix..but it didn't help.
Vundo/virtumonde looks like it's being constantly worked on and adapted.
From what I've read, it's been around for at least 5 yeas and, to date, nobody has managed to create a viable programme to stop it or remove it.
I have used avast for months now and it managed to block some trojans
Excellent resource, this thread.
Thanks for all the ideas and free downloads to work with to help us keep our pc clean!
Some of these things that attach themselves can literally take days to work out, the better *tools* the quicker the fix.
I truly appreciate the layman terms used so that those of us who are pretty illiterate with computers can still understand the "how to's"
Thanks for all the ideas and free downloads to work with to help us keep our pc clean!
Some of these things that attach themselves can literally take days to work out, the better *tools* the quicker the fix.
I truly appreciate the layman terms used so that those of us who are pretty illiterate with computers can still understand the "how to's"
reply to post by Merger
I would suggest AVG Free Edition for a antivirus solution.
They incorporate antivirus and antispyware in 1 solution.
They also have a site advisor feature that works very good.
You can get it from. free.grisoft.com...
Also Spybot and Ad-aware are good to have but also install spywareblaster as a preventive solution.
If you use the blocking feature of Spybot it does the same thing but more effectively.
I am a professional, I've been in the field for over 10 years, and the best defense is being more informed of what your doing and downloading.
If you need to download any of the above software please use www.majorgeeks.com
They check every download on their site and tell you if the software is freeware, adware, shareware, or whatever it may be.
I would suggest AVG Free Edition for a antivirus solution.
They incorporate antivirus and antispyware in 1 solution.
They also have a site advisor feature that works very good.
You can get it from. free.grisoft.com...
Also Spybot and Ad-aware are good to have but also install spywareblaster as a preventive solution.
If you use the blocking feature of Spybot it does the same thing but more effectively.
I am a professional, I've been in the field for over 10 years, and the best defense is being more informed of what your doing and downloading.
If you need to download any of the above software please use www.majorgeeks.com
They check every download on their site and tell you if the software is freeware, adware, shareware, or whatever it may be.
I'm currently running Windows XP Home
I have
free zonealarm (i don't run more than one firewall at a time)
Ad-aware
Spy-bot
Noads
Windows Defender
AVG (paid)8.0 edt.
Recently I've had prob's starting I.E. so I removed Zonealarm and went with free XP firewall. it seems to work ok now. however i've now got a new prob. my AVG files get corrupted. when running diskcheck i saw Ad-aware files being restored. as an attempt to do something i removed Ad-aware. now my probs are gone.
Are there issues with Ad-aware that might be giving me problems?
I have
free zonealarm (i don't run more than one firewall at a time)
Ad-aware
Spy-bot
Noads
Windows Defender
AVG (paid)8.0 edt.
Recently I've had prob's starting I.E. so I removed Zonealarm and went with free XP firewall. it seems to work ok now. however i've now got a new prob. my AVG files get corrupted. when running diskcheck i saw Ad-aware files being restored. as an attempt to do something i removed Ad-aware. now my probs are gone.
Are there issues with Ad-aware that might be giving me problems?
Originally posted by juiellineau
I'm currently running Windows XP Home
I have
free zonealarm (i don't run more than one firewall at a time)
Ad-aware
Spy-bot
Noads
Windows Defender
AVG (paid)8.0 edt.
Recently I've had prob's starting I.E. so I removed Zonealarm and went with free XP firewall. it seems to work ok now. however i've now got a new prob. my AVG files get corrupted. when running diskcheck i saw Ad-aware files being restored. as an attempt to do something i removed Ad-aware. now my probs are gone.
Are there issues with Ad-aware that might be giving me problems?
Ad-aware is crap. Don't use it. There are better free anti-malware programs.
AVG is good but not the best. As a matter of fact, there is no best anti-virus program. AVG Free also installs some trojan crap, like the LinkChecker.
The Windows XP firewall is not that great. Use ZoneAlarm if possible.
To keep my computer nice and fast, and virus free. I life to use
Advanced SystemCare
IOBIT Security360(beta)
Avast!
SpyBot S&D
SpywareBlaster
I HIGHLY recommend Advanced SystemCare. I have used that since the first beta. And the program they had before that one. Advanced Windos Care i think it was called.
As for Web Browsers. My favorite has always been Opera. I love Opera. I tried FireFox, didnt really like it. I tried Safari for Windows. Didnt like it. I tried, and till have the first and only 3D Web Browser. Called Space Time. Right now, im using Google Chrome. Its the fastest. It doesnt have the cool add-ons like other browsers, but it is fast and simple. I suggest you use it, step away from the Firefox and try something new. And dont use IE. I have IE8, it is slow.
[edit on 27-6-2009 by ShadowLife]
Advanced SystemCare
IOBIT Security360(beta)
Avast!
SpyBot S&D
SpywareBlaster
I HIGHLY recommend Advanced SystemCare. I have used that since the first beta. And the program they had before that one. Advanced Windos Care i think it was called.
As for Web Browsers. My favorite has always been Opera. I love Opera. I tried FireFox, didnt really like it. I tried Safari for Windows. Didnt like it. I tried, and till have the first and only 3D Web Browser. Called Space Time. Right now, im using Google Chrome. Its the fastest. It doesnt have the cool add-ons like other browsers, but it is fast and simple. I suggest you use it, step away from the Firefox and try something new. And dont use IE. I have IE8, it is slow.
[edit on 27-6-2009 by ShadowLife]
I need some help to remove a nasty little hijacker that has somehow managed to infect my PC.
It lives here: C:\WINDOWS\system32\tdlwsp.dll
and is called Agent_r.OT
AVG removes it, but it respawns.
IObitsecurity360, same thing.
Won't allow boot up in safe mode (any of them)
Won't allow system restore.
Any help appreciated
It lives here: C:\WINDOWS\system32\tdlwsp.dll
and is called Agent_r.OT
AVG removes it, but it respawns.
IObitsecurity360, same thing.
Won't allow boot up in safe mode (any of them)
Won't allow system restore.
Any help appreciated
reply to post by budski
Try Malwarebytes
You may have to either rename it after downloading.
Or
Try it in safe mode.
I googled your virus, seems others are infected with it and I couldn't find a sure answer of how to get rid of it.
Malwarebytes is a good tool, hopefully it will work for you.
Try Malwarebytes
You may have to either rename it after downloading.
Or
Try it in safe mode.
I googled your virus, seems others are infected with it and I couldn't find a sure answer of how to get rid of it.
Malwarebytes is a good tool, hopefully it will work for you.
reply to post by elevatedone
No joy there either.
Now tried malwarebytes, spybotS&D, IObit360 plus my usual AVG
can't get into safe mode.
Think I'll have to wait for the techies at AVG to immunise, or just keep looking for a fix
Thanks anyway
Unless anyone has any other idea's?
No joy there either.
Now tried malwarebytes, spybotS&D, IObit360 plus my usual AVG
can't get into safe mode.
Think I'll have to wait for the techies at AVG to immunise, or just keep looking for a fix
Thanks anyway
Unless anyone has any other idea's?
googled the name of it, then found a couple of tech forums which recommended combofix
A bit of a pain to use, but sorted out the virus and rootkit and removed it.
Then went into safemode with networking (couldn't get in until virus removed) and ran avg.
PC now fine and dandy - recommend ComboFix for any problems that other utilities can't sort out.
A bit of a pain to use, but sorted out the virus and rootkit and removed it.
Then went into safemode with networking (couldn't get in until virus removed) and ran avg.
PC now fine and dandy - recommend ComboFix for any problems that other utilities can't sort out.
Just stop by the lower parts to ask you guys.
Is there a good and bad website I can download google earth from?
Anybody know a good one?
[edit on 4-3-2010 by randyvs]
Is there a good and bad website I can download google earth from?
Anybody know a good one?
[edit on 4-3-2010 by randyvs]
If you're going to pay for antivirus use NOD 32, if you want freeware, may I suggest MSE (microsoft security essentials, MUST have GENUINE Windows)
Or, if you don't, go for Avira free (its great, you get a popup a day asking you to buy, I ignore it) And also you can use Malwarebytes anti-malware
in conjunction with that
Kaspersky Internet Security and Bit Guard Internet Security the best Internet security prograns.
Kaspersky is the Best Antivirus program out there, it searches in the background 24/7 for virus's Trojans and such.
Kaspersky is the Best Antivirus program out there, it searches in the background 24/7 for virus's Trojans and such.
new topics
-
America's Greatest Ally
General Chit Chat: 8 minutes ago -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 5 hours ago -
Maestro Benedetto
Literature: 6 hours ago -
Is AI Better Than the Hollywood Elite?
Movies: 6 hours ago -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 10 hours ago -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 11 hours ago -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 11 hours ago
top topics
-
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 5 hours ago, 26 flags -
Krystalnacht on today's most elite Universities?
Social Issues and Civil Unrest: 16 hours ago, 9 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 11 hours ago, 8 flags -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics: 16 hours ago, 8 flags -
Weinstein's conviction overturned
Mainstream News: 14 hours ago, 8 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 13 hours ago, 7 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 10 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 13 hours ago, 5 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 11 hours ago, 4 flags -
Is AI Better Than the Hollywood Elite?
Movies: 6 hours ago, 3 flags
active topics
-
Is AI Better Than the Hollywood Elite?
Movies • 15 • : 5thHead -
America's Greatest Ally
General Chit Chat • 0 • : 19Bones79 -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies • 17 • : BingoMcGoof -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues • 29 • : 19Bones79 -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics • 90 • : Lumenari -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs • 12 • : KrustyKrab -
SHORT STORY WRITERS CONTEST -- April 2024 -- TIME -- TIME2024
Short Stories • 23 • : DontTreadOnMe -
Truth Social goes public, be careful not to lose your money
Mainstream News • 130 • : Astyanax -
Hate makes for strange bedfellows
US Political Madness • 47 • : 19Bones79 -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 689 • : daskakik