×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

virtumonde
4

virtumonde

virtumonde

(OP)
thread760-1473364: Virtumonde - I believe Please confirm.
The above thread was closed some time ago, so I need some help.
I run the 'Spybot' and 'Malwarebytes anti-malware' programmes regularly, and note that they spend a considerable amount of time looking at 'virtumonde' programmes. They both say there are no infections, but I understand that virtumonde is a Trojan. I tried one of the virtumonde removal programmes, only to find that, after it had run (for over an hour) and found over 800 infections! (where the above two had found none), that it would cost me 50 quid to get rid of them. What is the best free way (if indeed there is one) to get rid of this virtumonde? Thanks

RE: virtumonde

from a google search:

http://www.wiki-security.com/wiki/Parasite/Virtumo...

and the comment:
VirtuMonde is known to search for and delete Spybot Search & Destroy and Malwarebytes Antimalware. Likely that it also encourages false reporting.

Running both of those programs on a clean machine against your drive in an external case would probably clear it. The windows defender run from a CD could help.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: virtumonde

Those instruction are SO OLD, try some more modern methods.
Reboot if asked by each application - don't proceed to next step if asked to reboot.
1. Run CCleaner and clean out all temp files that it finds. (for each user on the PC if more than one).
2. Download and run RKILL (iexplore.exe or rkill.scr or rkkll.com)
3. Run TDSSKiller
4. Run MalwareByte's Anti-Malware. You need internet for it to update, so try regular mode then safe mode with networking. If it won't update, run it anyway and see what it can remove. Then reboot and try the update and run MBAM again if it updates.
5. Run Rogue Killer
6. Run Junk Removal Tool
7. If nothing above has worked, let us know.

Clean sources for files:
http://www.filehippo.com/download_ccleaner/
http://www.bleepingcomputer.com/download/rkill/
http://www.bleepingcomputer.com/download/tdsskille...
http://www.majorgeeks.com/mg/getmirror/malwarebyte...
http://www.bleepingcomputer.com/download/roguekill...
http://www.bleepingcomputer.com/download/combofix/
http://www.bleepingcomputer.com/download/junkware-...

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

Quote:

I tried one of the virtumonde removal programmes, only to find that, after it had run (for over an hour) and found over 800 infections! (where the above two had found none), that it would cost me 50 quid to get rid of them

That probably WASN'T a real 'removal' program, more likely it was a "pretend to find losts of crap so some idiot will pay for the 'Pro version' program.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

(OP)
OK many thanks for all of your help, edfair, goombawaho & ChrisHirst.
I've tried the 'old' method (thanks edfair), nojoy.
Then I tried the series of programmes suggested by goombawaho. All seemed to run OK, but although some stuff was deleted, there was no detection of virtumonde files.
Then, when I ran 'spybot search & destroy', most of its scan time was looking at virtumonde files, (.sdn .dll and .sci files), and the programme finally reported no infections! Something tells me my pc is infested with these files.
And why is I can't see these files on my hard disc when doing a windows explorer search?
Any more help, please?

RE: virtumonde

Quote:

And why is I can't see these files on my hard disc when doing a windows explorer search?
They are 'hidden' files, you need to set them 'visible'.

Tools -> Folder Options

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

(OP)
Sorry, ChrisHirst, the option was set on 'visible'.

RE: virtumonde

There is also an option to hide operating system files, this is set to 'hide' by default.

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
That's just perfectly normal Paranoia everyone in the universe has that: Slartibartfast

RE: virtumonde

Don't trust Spybot - it isn't nearly as reliable/effective as the programs I mentioned. I wouldn't even have it on my PC. If you run the other programs I mentioned AGAIN and they report clean, have no worries. The only place I could think some files may be hiding is in System Restore. I would turn system restore OFF. Reboot. Run the programs I listed again and then turn System Restore on. Done.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

Quote:

Don't trust Spybot
Get's my vote as well. It just hasn't been the same since ver2 came out. I stayed with v1.n up until I ditched my last M$ Windows machine earlier this year.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

(OP)
Thanks again, goombawaho, ChrisHirst and sggaunt.
Before I run all of those programs again, and with system restore off, I note that it is only Spybot that appears to pick up these virtumonde files (Malwarebytes doesn't, as do any of the others). If I didn't run Spybot I wouldn't have known, and this could be said for any pc user who doesn't run it!
So do you think I'm infected?

RE: virtumonde

You'll need to post what Spybot is detecting for us to better understand what it's sniffing out. No, I don't believe you're infected as MalwareByte's has been able to remove Virtumonde for years now.

If you're really paranoid and want a final scan, remove your anti-virus software (uninstall) reboot and run combofix.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

Any possibility of attaching the drive to another, fully protected, computer and scanning it there?

"fully protected" is in the eyes of the beholder but generally is pretty safe.

It becomes a trust thing for me when two packages don't agree.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: virtumonde

Here's a good question: WHY are you getting Virtumonde in the first place. That's like five years ago in the malware timetable. It would be like getting measles.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

(OP)
Thanks, all. Before I do any more detecting, I'm waiting for a reply from the Spybot people, just to make sure I'm not missing a trick.

RE: virtumonde

(OP)
OK, here's my enquiry to Spybot and the reply:

"When I run the free version of Spybot on my pc, the program spends, during the scan, a considerable amount of time 'looking' at virtumonde files. Virtumonde is a Trojan virus, apparently. Yet, at the end of the scan, Spybot reports no infections. So what is going on? Is Spybot looking for these files although they might not be there? Or are they actually somewhere on my pc? All other virus detection software says my pc is clean and reveals no instances of virtumonde.
Thanks
Martin"


Reply:
"Hello Martin,

Spybot checks its rules to detect Virtumonde files. These files are not necessarily present on your system. The results of the scan are displayed, everything shown there is present on your system.

--
Regards,
Christian
Team Spybot"


Because Spybot says, after a scan, that my pc is clean, I presume then I'm OK. If you agree, I shall get rid of it (Spybot I mean!).

RE: virtumonde

You can keep it on your PC if you like, but my preference is to run MalwareByte's once a week or every other week just to check on things. You can also run the other programs I mentioned periodically (especially Junk Removal Tool and Rogue Killer) to get second and third opinions on the cleanliness of your computer. No one product ever detects/removes everything.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

Quote:

during the scan, a considerable amount of time 'looking' at virtumonde files

Because "virtumonde" could infect a lot of different files and locations, so when it start scanning for those particular signatures, there is a LOT more 'stuff' to look through.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

(OP)
Thanks, all. So I still don't know for sure whether Spybot is 'looking for' Virtumonde files (and showing them during the scan) or actually detecting them. I suspect the former.
I have now asked my nephew (who is a pc wizard) to take over my pc remotely and have a look. I'll keep you posted. Thanks again.

RE: virtumonde

Ah you jogged my memory, I used to use Spybot SD. (now I run Avast)
What you see scrolling past is Spybot's list of things that it is checking for, not what it actually finds! (as you say it doesn't find anything)
I think this is confusing behavior, but its the way Spybot works, its their way of saying 'look we checked for this' other scanners don't tell you what they checked for.

Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
That's just perfectly normal Paranoia everyone in the universe has that: Slartibartfast

RE: virtumonde

(OP)
Thanks, sggaunt - you've confirmed our suspicions!

RE: virtumonde

I know this thread is starting to get a little old already, but I just now read it. Good thing you didn't need my help. wink

I'd like to comment on a couple of things, and point out another:
  • I agree with Goomba almost 100% on Spybot S&D - I don't generally use it, but occasionally it does okay. I have seen performance issues with that one at times, aside from it just not being as good as the others Goomb mentioned.
  • When you're having apparently as many issues as you had, it's oftentimes best to just count your losses, back up your data if you can by connecting your system drive as an external drive to another machine, and then just wipe and restore/reinstall your system.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

RE: virtumonde

Quote:

restore/reinstall your system.
....

... Using a Linux CD/DVD :)

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

LOL - yeah, I'd like to go all Linux myself, but there are some applications that I use on Windows that I've not found a good replacement for on Linux.
1. Adobe Audition - Audio editing (yes, there is Audacity, but it's not even close)
2. VBA in MS Office - I know you can run some, but with some of the items, I'm afraid to try and convert over. I know it can be re-built using Libre Office or other tools, but I don't really have time to learn the differences enough and also rebuild some tools from top to bottom to make them work.
3. Coupon printers - I've yet to find a workaround for them on any Linux distro - they all require windows (I realize there are some now also on Android / Google Play, but then my wife will have totally relearn some of the things she's done and I'd also need to spend some time helping her there.
4. Occasionally like to play games. I know there is better support there now, but there again - it takes a whole lot more work to get Windows games running on Linux than on Windows. Besides that, the games native to Linux that I've seen are just jokes.

So yes, it depends. If all you're doing is browsing the web, or maybe typing documents/letters/simple spreadsheets, then Linux might be okay. And even then, you have to make sure of hardware compatibility, etc. If you get the latest or near latest version of Windows, as long as your hardware isn't semi-ancient, then you generally don't have compatibility issues.

I have once setup a senior citizen on Linux, and she used OpenOffice instead of MS Office and Eudora (if I remember the name right) as a replacement for Outlook) several years ago. Well, she was doing really fine but ran into hardware issues on her printer (an HP printer at that). Just all of a sudden, Linux wanted to forget everything, and after I had spent hours and hours trying to resolve the crazy issue, I just gave up, and we took her back to Windows.

About 6 or 7 years ago, I tried - I really really tried - to setup a file server at my house using Linux. I was trying to setup a 2TB partition of 5 5TB hard drives using a hardware RAID card. Granted, this wasn't the best card, but at least it worked on Windows. I tried SEVERAL distros, asked questions online, researched, tested, etc, all to no avail. The issues were that either the system saw it as 1TB (losing half my storage) or it didn't see it at all. So I finally gave up that sinking ship as well. On Windows XP, it worked just fine, no fuss.

Bible Study software - the software I prefer to use runs on Windows, so it's using Wine on Linux or else going to a different program.

Basically, in my experience, if you have specific applications you use for specific tasks, then changing operating systems isn't so easy. If you just browse the web, or in general have simple tasks and do not really care about what programs you use, then conversion between OS isn't that difficult.

For me, it'd be like going from Windows to Apple. Yeah, some folks have loved it, but from the few folks I've helped on Apple machines, and what I've seen there, I'd rather just stick with Windows. I'd go Linux before Mac anyway. If I had to change, I'd suck it up, find SOME WAY to make things work, and just go for it.

With Windows 8.1 out, I have had the thought lingering in my mind again, but really... I can still use Windows 7 just fine. I guess eventually, M$ will stop supporting Windows 7 like other previous versions of Windows, at which point I'd have to go to something newer. I only hope that they come out with something better in Windows 9 or 10.

Yes, I did ramble quite a bit. smile

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

RE: virtumonde

M$ will stop supporting Windows 7 like other previous versions of Windows

on extended support until 2020.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

RE: virtumonde

Quote:

on extended support until 2020.
Windows 7 will outlive many users. Never mind that - windows XP will outlive many users!!! 2020 is just a distant thought to most people.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares."

RE: virtumonde

Linux has come a long way in the past few years, it's actually better at identifying hardware and loading drivers better than Windows is. A friend has a HP A3 printer that is about seven years old and it had to be run in "compatibility" mode, Linux just installed it and was able to print instantly.

Rosegarden is the Cubase of the Linux world, and Goldwave or Myriad Harmony are paid solutions.

I have one friend who is a complete technophobe and would ring me up several times a week to solve Windows problems and he has taken to Linux Mint (with KDE) very quickly and with less problems.

The software manager GUIs take care of loading and compiling the software, standby Geek not needed anymore.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

That's great if it can really be the case on some of what you said, Chris. However, I've tried Ubuntu not terribly long ago, and it wasn't as cut and dry as you mention there. I'd imagine Ubuntu to be one of the most consumer-friendly distros on the market. I'd love to have time to go out and try 1,000 different distros to find one better, but I don't.

But maybe, maybe one day I will be able to make Linux work where I need it to. I do think it's gotten better, but not sure it's still quite as good as many say it is (for end users).

If I remember, maybe next winter sometime, I'll have time to take a look at your latest suggestions. Can't say I've seen:

Quote:

Rosegarden is the Cubase of the Linux world, and Goldwave or Myriad Harmony are paid solutions.

Every time I tried to search for audio software, Linux sites mention Audacity as the be all end all in audio software. I've used it on Windows and Linux, and it's not all that great, imho. But we'll see.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

RE: virtumonde

Naah,


Linux Mint or Zorin OS are much more "consumer friendly" than Ubuntu, No disrepect to Ubuntu but it still looks like it was designed c1984 (for those who remember GEM) or by a five year old with a part box of crayons.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: virtumonde

LOL - I know I've looked at Mint, don't think I've even seen Zorin. Yeah, I'll give those a whirl sometime... eventually.... assuming I remember. Thanks again for the recommendations.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close