Help! Everything Goes Away Except Virtumonde.prx

Hello! I appreciate this forum and the help you provide and hopefully
you guys can help me with this annoying problem. I am running a Windows
Vista on an HP 32-bit laptop system.

I somehow acquired that "Windows Antivirus 2009" on my system and I
have the following security software on my computer (I disable some of
them sometimes which I maybe should not have done):

McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender,
the paid online version of PandaSecurity anti-virus scan (which is
usually very good!), and UniBlue spyeraser.

I ran these various programs multiple times and before I ran these
scans, my computer was absolutely horrendous as windows were popping up
etc and my typing was much slower and it was driving me crazy.

All of my Spyware seemed to be destroyed except Virtumonde.prx won't
remove! I run the Spybot Search & Destroy and it "locates" this file and
I click on remove but I run the scan again and it is still there! I run
Windows Defender and it find the trojan and says "it removed it" but the
file is still there every time I run a scan! I am just going crazy and I
am scared that it can take my passwords so it is holding me back from my
work! The Panda scan which is the most useful product I have ever used
can't even locate these files!

Again, thanks so much for all your diligence and help and please let me
know what I can potentially do to fix this problem. To avoid using
internet explorer, I am using my AOL as it seems to be separate from the
Windows internet explorer. Thanks again!


--
xxsassxx31

xxsassxx31 wrote:

>
> Hello! I appreciate this forum and the help you provide and hopefully
> you guys can help me with this annoying problem. I am running a Windows
> Vista on an HP 32-bit laptop system.
>
> I somehow acquired that "Windows Antivirus 2009" on my system and I
> have the following security software on my computer (I disable some of
> them sometimes which I maybe should not have done):
>
> McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender,
> the paid online version of PandaSecurity anti-virus scan (which is
> usually very good!), and UniBlue spyeraser.
>
> I ran these various programs multiple times and before I ran these
> scans, my computer was absolutely horrendous as windows were popping up
> etc and my typing was much slower and it was driving me crazy.
>

(snippage)

Your computer is still infected and there is probably a guardian rootkit. At
this point, either get guided help at one of the specialty forums below OR
back up your data and do a clean install of Windows. It is your choice. If
you are unsure how to back up your data or how to do a clean install, you
can take your machine to a local computer professional. I don't recommend
using BigComputerStore/GeekSquad types of places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

Download, install and update Malwarebytes.
Then go into Safe Mode, and scan your System with Malwarebytes,then Spybot
search & destroy, and then your Anti-virus.

Info on getting into Safe Mode below.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

--
Mad Mike


"xxsassxx31" wrote:

>
> Hello! I appreciate this forum and the help you provide and hopefully
> you guys can help me with this annoying problem. I am running a Windows
> Vista on an HP 32-bit laptop system.
>
> I somehow acquired that "Windows Antivirus 2009" on my system and I
> have the following security software on my computer (I disable some of
> them sometimes which I maybe should not have done):
>
> McAfee, Spybot Search & Destroy, Combofix, Vundofix, Windows Defender,
> the paid online version of PandaSecurity anti-virus scan (which is
> usually very good!), and UniBlue spyeraser.
>
> I ran these various programs multiple times and before I ran these
> scans, my computer was absolutely horrendous as windows were popping up
> etc and my typing was much slower and it was driving me crazy.
>
> All of my Spyware seemed to be destroyed except Virtumonde.prx won't
> remove! I run the Spybot Search & Destroy and it "locates" this file and
> I click on remove but I run the scan again and it is still there! I run
> Windows Defender and it find the trojan and says "it removed it" but the
> file is still there every time I run a scan! I am just going crazy and I
> am scared that it can take my passwords so it is holding me back from my
> work! The Panda scan which is the most useful product I have ever used
> can't even locate these files!
>
> Again, thanks so much for all your diligence and help and please let me
> know what I can potentially do to fix this problem. To avoid using
> internet explorer, I am using my AOL as it seems to be separate from the
> Windows internet explorer. Thanks again!
>
>
> --
> xxsassxx31
>

I tried all these steps and I still have the same spyware in my system.
Can't delete Virtumonde.prx for some reason?

Any other solutions?


--
Medpegasus
------------------------------------------------------------------------
Medpegasus's Profile: http://forums.techarena.in/members/medpegasus.htm
View this thread: http://forums.techarena.in/vista-security/1047727.htm

http://forums.techarena.in

"Medpegasus" <Medpegasus.3jwjrb@DoNotSpam.com> wrote in message
news:Medpegasus.3jwjrb@DoNotSpam.com...
>
> I tried all these steps and I still have the same spyware in my system.
> Can't delete Virtumonde.prx for some reason?
>
> Any other solutions?


To whom are you talking and about what?
The "forum" that you are posting in leaches off the Microsoft News servers
in order to make it look far busier than it really is. Everyone who uses the
MS News servers sees your post on it's own - we have NO IDEA what you are
talking about and to whom you are talking.

If you MUST continue to post in this "forum" then please at least quote the
post you are replying to, and do NOT change the subject line.

You would be far better off however, using a news reader and subscribing to
these news groups direct.

Setting up Outlook Express/Windows Mail to access Microsoft newsgroups
http://www.michaelstevenstech.com/ou...snewreader.htm

Accessing the MS newsgroups in Outlook Express/Windows Mail Newsreader
http://www.microsoft.com/windowsxp/e...roupsetup.mspx


Thank you


--
Asking a question?
Please tell us your OS, Service Pack level
and the FULL contents of any error message(s)

What kind of response is that? I did not change the subject and replied
my comment below the same discussion. I am asking help from everyone who
sees this forum and might have an idea how to help.

My question is once again how to remove this Virtumonde.prx despite
doing all the steps described above?

Gordon, you please do not respond!


--
Medpegasus
------------------------------------------------------------------------
Medpegasus's Profile: http://forums.techarena.in/members/medpegasus.htm
View this thread: http://forums.techarena.in/vista-security/1047727.htm

http://forums.techarena.in

Medpegasus wrote:

>
> What kind of response is that? I did not change the subject and replied
> my comment below the same discussion. I am asking help from everyone who
> sees this forum and might have an idea how to help.
>
> My question is once again how to remove this Virtumonde.prx despite
> doing all the steps described above?

The problem is that none of us who help in these newsgroups can see the
"forum" that you do because it isn't a real forum. It's just a web
interface that leeches Usenet newsgroup posts. So I have no idea what the
"steps described above" entail because there *is* no above here. A better
way to access newsgroups is by using a real newsreader. This is very easy
to set up and I'll give you information about that at the end of this post.
If you would still prefer to use a forum, then www.computerhaven.info is a
warm and friendly place and it is a *real* forum.

For the malware infection, because I have no idea what you've already tried
(because remember there's no "above" here), I'll give you the full answer.
Probably at this point you should go directly to getting guided help, but
that's your choice.

A. Malware removal

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html
Or here: Malwarebytes malware removal guides - http://tinyurl.com/5xrpft

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

B. Usenet newsgroups

Since you are using a web interface, you may not realize that this is really
a newsgroup. You will get far more out of this resource if you learn to use
a newsreader. There are many good newsreaders for Windows, but you can use
Outlook Express (XP) or Windows Mail (Vista) since you already have it.
Here are some links to information about newsgroups:

About Usenet:
http://en.wikipedia.org/wiki/Usenet
http://www.faqs.org/faqs/ - Usenet FAQs from the Internet FAQ Archives
http://www.usenetmonster.com/infocenter/
http://www.elephantboycomputers.com/page2.html#Usenet - a brief explanation
of newsgroups

Outlook Express/Windows Mail as Newsreader:
http://michaelstevenstech.com/outloo...snewreader.htm
http://rickrogers.org/setupoe.htm
http://vistasupport.mvps.org/accessi...ndows_mail.htm

How to Post:
http://www.elephantboycomputers.com/page2.html#Usenet
http://support.microsoft.com/default.aspx/kb/555375 - How to Ask a Question
http://users.tpg.com.au/bzyhjr/liszt.htm - How Not to Get Technical Help on
Usenet
http://www.catb.org/~esr/faqs/smart-questions.html

http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is working
properly
http://www3.telus.net/dandemar/munad.htm - how to munge email address
http://en.wikipedia.org/wiki/Crossposting - crossposting
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting

Other Newsreaders for Windows:
http://www.forteinc.com/main/homepage.php - Forte
http://www.mozilla.org - Thunderbird

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

"Medpegasus" <Medpegasus.3jwxna@DoNotSpam.com> wrote in message
news:Medpegasus.3jwxna@DoNotSpam.com...
>
> What kind of response is that? I did not change the subject and replied
> my comment below the same discussion. I am asking help from everyone who
> sees this forum and might have an idea how to help.
>
> My question is once again how to remove this Virtumonde.prx despite
> doing all the steps described above?
>
> Gordon, you please do not respond!

The answer is in the post two posts below this one, pay particular
attention to the parts highlighted in RED.

On Thu, 4 Dec 2008 22:10:12 -0500, "FromTheRafters"
<erratic@nomail.afraid.org> wrote:

> The answer is in the post two posts below this one, pay particular
> attention to the parts highlighted in RED.


Let me point out that what *you* see as two posts below this one is
not what everyone sees. Not everyone sorts posts the same way you do,
not everyone has all the same posts visible that you do, and what
posts are in any newsgroup depends on when you view that newsgroup.

--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup

"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in message
news:2ugij4p73ejcoj8258th9speprp2r7djvl@4ax.com...
> On Thu, 4 Dec 2008 22:10:12 -0500, "FromTheRafters"
> <erratic@nomail.afraid.org> wrote:
>
>> The answer is in the post two posts below this one, pay particular
>> attention to the parts highlighted in RED.
>
>
> Let me point out that what *you* see as two posts below this one is
> not what everyone sees. Not everyone sorts posts the same way you do,
> not everyone has all the same posts visible that you do, and what
> posts are in any newsgroup depends on when you view that newsgroup.

Exactly - it was intended as a demonstration to the OP that one can't
be sure that what one refers to can be seen by the reader.

Quote relevant material rather than just say "..me too, and I did just what
was described above...". Especially when using web-to-usenet gateways
pretending to be lively "forums".