Sign in to follow this  
Followers 0
isamke

How to remove Virtumonde.prx / Trojan.Vundo.H?

9 posts in this topic

Hello, I've found a trojan on my PC which cant be removed with Avira AntiVir or malwarebytes. :(

Following this forum and other forums individal action seem to be necessay. I'm not an excert with computers thus I need help. Thank U in advance.

Here is my HijackThis

Share this post


Link to post
Share on other sites

Hi,

It is mainly your Teatimer which is interfering here.

I suggest you to disable Teatimer because it can interfere with the changes you'll make on your system, because in this case, it restores again what MBAM deleted.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

Then, rescan with malwarebytes and post the log in your next reply, together with a new Hijackthislog

Share this post


Link to post
Share on other sites
Hi,

It is mainly your Teatimer which is interfering here.

I suggest you to disable Teatimer because it can interfere with the changes you'll make on your system, because in this case, it restores again what MBAM deleted.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

Then, rescan with malwarebytes and post the log in your next reply, together with a new Hijackthislog

Hi miekiemoes,

The action seems to have been successful. Spybot S&D didn't ask me to confirm disabling the teatimer. But I ran now 3 times Malwarebytes and

Vundo isn't found anymore.

Please have a view on my logs.

Thank you!!!

Malwarebytes' Anti-Malware 1.34

Datenbank Version: 1880

Windows 5.1.2600 Service Pack 2

22.03.2009 15:44:26

mbam-log-2009-03-22 (15-44-26).txt

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 82793

Laufzeit: 7 minute(s), 40 second(s)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschl

Share this post


Link to post
Share on other sites

Hi,

This entry needs to go as well:

O4 - HKLM\..\Run: [_winadm] C:\WINDOWS\system32\winadm.exe

It's only a leftover in the registry. :(

Let me know in your next reply how things are now.

Share this post


Link to post
Share on other sites

Hi miekiemoes,

thanks a lot!!! :(

Unfortunately I don't know how to delete the entry:

O4 - HKLM\..\Run: [_winadm] C:\WINDOWS\system32\winadm.exe

Regards,

isamke

Share this post


Link to post
Share on other sites

Oops, forgot to tell you to do this in HijackThis, so open HijackThis and click scan.

There, you'll see the list with that entry present

Check it and click the Fix checked button below :(

Share this post


Link to post
Share on other sites

Now it's gone.

Thanks a lot Mieke. I struggled with this trojan alreday for month.

This was the last attempt before setting up the system from scratch.

:(:)

:-)

Have a nice evening!

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.