Karl`s PC Help Forums

not-a-virus
grayles - 19-12-2007 at 19:26

Zonealarms virus checker is reporting it has found
"not-a-virus.Adware.Win32.Virtumonde.bxc"
on my computer.

But it is not able to treat it.

I assume that it really is a virus and so how do I get rid of it.

Thanks,

Graham


Daz - 19-12-2007 at 21:45

F-Secure's Removal Tool Here

Norton's Info/Removal

AdAware 2007 claims to be able to sort it as well. I've not had much luck running AdAware 2007 though.....

Pancake will no doubt pop in with advice though, so wait for the expert's opinion....

He might well want a Hijack This log too though...


grayles - 19-12-2007 at 21:52

Hi, thanks Daz but I think that hopefully I have sorted it by running VundoFix6.7.0.7

Guess I should have waited for the advise I sought but sometimes its just hard not to try and fix it yourself, just hoping now that I have done the right thing.

Running a new scan now and will post if it worked.

Thanks,

Graham.


Pancake - 19-12-2007 at 22:50

This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Pancake - 19-12-2007 at 22:51

This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Pancake - 19-12-2007 at 22:54

This will locate it so we can remove it...



Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


grayles - 19-12-2007 at 23:10

Ok thanks Pancake, I am doing that now. As I replied to Daz I have since tried Vundofix. I was in a middle of a scan with Zonealarm when you posted and it had already found two infections, although it turned out that both were in temp folders, not where it was originally.

Once I have the scanner running I will have to get to bed, as I need to get up for work at 4:30am and its past 11 now, and will hopefully post the results in the morning (I am assuming it will take a while for the scan to complete)

Thanks for your help,

Graham


grayles - 20-12-2007 at 19:49

I did not have time to post this morning, but here is my scan report from last night.


Thanks again,

Graham


Pancake - 20-12-2007 at 21:48

Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:Documents and SettingsLesLocal SettingsTempvtstt.dll
C:Documents and SettingsGuestLocal SettingsTemppmnlm.dll



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================

Ok.What you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

=============================

Open Internet Explorer and click on the "Tools" menu.


In the "Tools" menu, click on "Internet Options".


In "Internet Options", go to the "General" Tab. There are two buttons located in the middle. One is "Delete Files" and the other is "Delete Cookies".


Click "Delete Files" to delete temporary internet files. You may have to wait for the hourglass.
Tip: You may want to check the box that says "Delete Offline Content" to delete your offline web pages.


Click the "OK" button when you receive the confirmation box.


Next, click the "Delete Cookies" button. This removes your internet cookie files.


Click "OK" on this confirmation box as well.

Note:


grayles - 20-12-2007 at 22:51

Ok thanks, Ive done all that now. But should I also delete all the internet files and cookies from all other users as well?

Graham


Pancake - 20-12-2007 at 22:55

Cookie you can leave.Its no problem...


grayles - 20-12-2007 at 23:08

Ok all done, thanks for your help. I'll do some scans overnight to make sure all is clear.

Graham


Bur-q-ua12 - 31-12-2007 at 10:49

Hi Grayles.

What on earth is "VundoFix6.7.0.7"?

When I searched for it on Altavista I hardly get any hits at all, except a link back to this forum.

/
B12

Quote:
Originally posted by grayles
Hi, thanks Daz but I think that hopefully I have sorted it by running VundoFix6.7.0.7

Guess I should have waited for the advise I sought but sometimes its just hard not to try and fix it yourself, just hoping now that I have done the right thing.

Running a new scan now and will post if it worked.

Thanks,

Graham.


LSemmens - 31-12-2007 at 11:31

Google gives you this: http://www.google.com.au/search?q=vundofix&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

For some reason BBcode wouldn't accept that so you'll have to c&p the entire link into your search bar.


grayles - 1-1-2008 at 14:31

VundoFix.exe is a removal tool developed to remove Virtumonde infections, or so the description said. Try searching for just VundoFix the numbers were just the version, I guess I should have put a space between them.

It didn't work fully anyway, I guess next time I will just wait for the expert advise from here, but at the time I wanted to get it fixed fast. I have a new computer now, given to us by the fostering network, which I am using for the kids but will act as a nice back up if I have problems with this one again.

Graham.