can't get rid of virtumonde
Jun 24, 2006 | 06:28 PM
#1
Thread Starter
Contributing Member
Joined: Jan 2005
Posts: 1,206
Likes: 1
can't get rid of virtumonde
Thanks in advance for any suggestions. I'm not real good with computers so please bear with me, as I have little idea what I'm talking about.
I noticed some pop ups the other day (also slow computer). I did not download anything, wife CLAIMS she didn't, lol. Anyhow, I figured I had some adware/spyware.
I use ad-aware all the time and ran it. Had something called virtumonde come up. I quarantined it and deleted it. Ran it again later, same thing. And again, same thing. I can't rid of this stupid thing.
I have a Dell Inspiron 1150 if that makes any difference, and I have downloaded the latest update to ad-aware.
I also ran ad-aware, then crap cleaner, shut down, restart and its still there.
Thanks.
I noticed some pop ups the other day (also slow computer). I did not download anything, wife CLAIMS she didn't, lol. Anyhow, I figured I had some adware/spyware.
I use ad-aware all the time and ran it. Had something called virtumonde come up. I quarantined it and deleted it. Ran it again later, same thing. And again, same thing. I can't rid of this stupid thing.
I have a Dell Inspiron 1150 if that makes any difference, and I have downloaded the latest update to ad-aware.
I also ran ad-aware, then crap cleaner, shut down, restart and its still there.
Thanks.
Jun 24, 2006 | 07:11 PM
#2
Co-Founder/Administrator
iTrader: (1)
Joined: May 2002
Posts: 32,242
Likes: 21
From: Auburn, Washington
I pasted the word into Firefox and it came up with this from Norton.
http://www.symantec.com/avcenter/ven...irtumonde.html
It says the values that need to be deleted from your Reg file.
But...if you have not edited the Registry before, it can be scary.
http://www.symantec.com/avcenter/ven...irtumonde.html
It says the values that need to be deleted from your Reg file.
But...if you have not edited the Registry before, it can be scary.
3. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry.
1. Click Start > Run.
2. Type regedit
Then click OK.
Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
3. Navigate to the subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
4. In the right pane, delete the value:
"WindowsUpd" = "[ADWARE FILENAME]"
5. Navigate to the subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
6. In the right pane, delete the value:
"SysUpd" = "[ADWARE FILENAME]"
7. Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA21E6F A-41D9-4F05-9650-8B3FBE72124D}scan
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEPl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA21E6FA-41D9-4F05-9650-8B3FBE72124D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tdev
HKEY_USERS\S-1-5-21-1887652994-1477516851-2064603551-500\Software\Microsoft
\Windows\CurrentVersion\Ext\Stats\{CA21E6FA-41D9-4F05-9650-8B3FBE72124D}
HKEY_LOCAL_MACHINE\SOFTWARE\TargetSoft
HKEY_CLASSES_ROOT\CLSID\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
HKEY_CLASSES_ROOT\DosSpecFolder.DosSpecFolder
HKEY_CLASSES_ROOT\DosSpecFolder.DosSpecFolder.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats
\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
8. Exit the Registry Editor.
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document: How to make a backup of the Windows registry.
1. Click Start > Run.
2. Type regedit
Then click OK.
Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
3. Navigate to the subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
4. In the right pane, delete the value:
"WindowsUpd" = "[ADWARE FILENAME]"
5. Navigate to the subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
6. In the right pane, delete the value:
"SysUpd" = "[ADWARE FILENAME]"
7. Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA21E6F A-41D9-4F05-9650-8B3FBE72124D}scan
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEpl.IEPl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA21E6FA-41D9-4F05-9650-8B3FBE72124D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tdev
HKEY_USERS\S-1-5-21-1887652994-1477516851-2064603551-500\Software\Microsoft
\Windows\CurrentVersion\Ext\Stats\{CA21E6FA-41D9-4F05-9650-8B3FBE72124D}
HKEY_LOCAL_MACHINE\SOFTWARE\TargetSoft
HKEY_CLASSES_ROOT\CLSID\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
HKEY_CLASSES_ROOT\DosSpecFolder.DosSpecFolder
HKEY_CLASSES_ROOT\DosSpecFolder.DosSpecFolder.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats
\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67}
8. Exit the Registry Editor.
Jun 24, 2006 | 07:47 PM
#4
Co-Founder/Administrator
iTrader: (1)
Joined: May 2002
Posts: 32,242
Likes: 21
From: Auburn, Washington
It is pretty simple to work in the reg.
But do make a backup file of it first.
I never do anymore, as I am always tweaking it in there and comfortable with it.
Search here on how to back it up and restore if you need too.
If the info is not here, you can Google how to backup the reg and restore is need be.
But do make a backup file of it first.
I never do anymore, as I am always tweaking it in there and comfortable with it.
Search here on how to back it up and restore if you need too.
If the info is not here, you can Google how to backup the reg and restore is need be.
Jun 24, 2006 | 07:55 PM
#5
Thread Starter
Contributing Member
Joined: Jan 2005
Posts: 1,206
Likes: 1
well I did some more searching and came across a tool to hopefully remove it
http://antivirus.bradley.edu/alerts/3.29.2006.shtml
We'll see, if not then I MIGHT think about messing with the registry, but stuff like that and I always end up on the phone with someone in the Phillipines trying to get my computer to run again.
Thanks again.
http://antivirus.bradley.edu/alerts/3.29.2006.shtml
We'll see, if not then I MIGHT think about messing with the registry, but stuff like that and I always end up on the phone with someone in the Phillipines trying to get my computer to run again.
Thanks again.
Jun 25, 2006 | 06:35 PM
#7
Thread Starter
Contributing Member
Joined: Jan 2005
Posts: 1,206
Likes: 1
http://www.symantec.com/avcenter/ven...oval.tool.html
New tool, appears to have worked in the short term
New tool, appears to have worked in the short term
Trending Topics
Jun 25, 2006 | 06:50 PM
#8
Contributing Member
Joined: Apr 2006
Posts: 988
Likes: 0
From: Vacaville,California
Good job finding the fix.
Dont be afraid of the Reg. If you have a good laid out direction to go its hard to mess it up. If you go in blind and guess you will end up with problems.
Worst case you have to scrub the drive and reload windows.
I learned the hard way a while back about external hard drives and the value of the info back up.
Now anything i think is remotely important is stored off of my main drive(C: ), ie music,videos, pics, imp docs.
its a good practice.
When we go in and set up simple networks for my customers i always spec a removable drive to back up to.
I have two of these now, looks like i will go get a third or fourth for this price
link
I think i am up to z in my computer.
Just a thought, remember the next one may not be as easy to get rid of.
Dont be afraid of the Reg. If you have a good laid out direction to go its hard to mess it up. If you go in blind and guess you will end up with problems.
Worst case you have to scrub the drive and reload windows.
I learned the hard way a while back about external hard drives and the value of the info back up.
Now anything i think is remotely important is stored off of my main drive(C: ), ie music,videos, pics, imp docs.
its a good practice.
When we go in and set up simple networks for my customers i always spec a removable drive to back up to.
I have two of these now, looks like i will go get a third or fourth for this price
link
I think i am up to z in my computer.
Just a thought, remember the next one may not be as easy to get rid of.
Last edited by reggie 00; Jun 25, 2006 at 06:53 PM.
Jun 25, 2006 | 07:39 PM
#9
Registered User
Joined: Jan 2003
Posts: 4,087
Likes: 1
From: Hattiesburg, MS
If you still haven't axed it, check this out:
http://theflyingpenguin.com/spyware-removal.shtml
Follow word for word.
http://theflyingpenguin.com/spyware-removal.shtml
Follow word for word.
Thread
Thread Starter
Forum
Replies
Last Post
live4soccer7
84-85 Trucks & 4Runners
3
May 11, 2016 06:52 PM
gyroscope7
General Vehicle Related Topics (Non Year Related)
7
Sep 27, 2015 08:39 PM
93runner223
86-95 Trucks & 4Runners (Build-Up Section)
3
Aug 31, 2015 07:14 PM
jfoltz
General Vehicle Related Topics (Non Year Related)
1
Aug 30, 2015 08:46 PM
