Bleah -- Viruses Suck
Dec. 27th, 2008 10:26 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
miko2I was running google searches for various images and suddenly Windows told me that I was unprotected and should turn on my firewall now. Normally it only does that when AVG is out of date.
Long story short... I have a Vundo / Virtumonde virus infection. It seems to be an especially nasty virus that is very difficult to get rid of.
I ran Spybot Search & Destroy, which found some stuff and deleted it. While I was doing this a bunch of registry files tried to change themselves, but I denied all of them via Spybot -- except the last one which grayed out the "deny" button, so I didn't respond to that flag at all. I tried to update Spybot to the new version afterwards but it failed to install properly.
I ran Adaware and it found more virtumonde stuff to delete.
I ran AVG, and it found a trojan to delete too.
Then I rebooted... problems weren't gone, and Spybot failed to load and wouldn't run. I tried installing the new version again and this time it seemed to work. I scanned again and found more stuff to delete.
I updated Adaware and ran a scan... it found nothing.
I ran Vundofix... it found nothing. This is specifically designed to destroy this virus, but apparently a new version of the virus is immune to vundofix and it will tell you that your computer isn't infected.
Windows update is turned off. Or rather, it says it's turned off at one point, but in another place it says it's turned on... basically the virus is screwing with it and I can't actually turn it back on at the moment.
I'm running AVG again now. After that I'll reboot. Spybot is supposed to run on startup, I said it could, but we'll see what we'll see when I try that.
In the meantime I'm reading about other people who've fought to get rid of this program and I'm wondering if it's really worth it... maybe I should just save all my files and then reinstall Windows...
So far it doesn't seem to be infecting my other computers on the same network.
This is a virus that attacked me through Firefox. It works with Explorer of course, and Opera too I think. Dunno about Chrome or Safari, but it attacks through Sun java. Really sucky, I use Firefox and I have AVG and Spybot Search & Destroy protecting me and it still got through.
*Edit* AVG found nothing important... on reboot, Spybot started it's automatic search. It's finding more virtumonde stuff. So far so good, but I really have trouble believing that this program can be stopped just by Spybot/Adaware/AVG.
*Edit* Ok, moving on... based on recommendations found here I have done the following: flushed my temp folders with ATF Cleaner; created a system restore point with SysRestorePoint; made a registry backup with Erunt; and run Malwarebytes' Anti-Malware which found and deleted more virtumode stuff, and then asked me to reboot, and apparently killed something else on reboot (Spybot asked if this was ok). Now I'm going to run my Spybot/Adaware/AVG scans again, which takes almost an hour to get through. Isn't this fun?
I'm posting all of this from my gaming machine, so as not to open Firefox on the infected computer at all.
And... on the last two bootups Automatic Windows updates was turned off but I was able to turn it back on both times, for what that's worth.
Spybot found nothing.
I'm wondering if I use Safari (and/or use it to download Chrome) if that would make for safe web browsing without immediately reactivating this stupid virus?
Long story short... I have a Vundo / Virtumonde virus infection. It seems to be an especially nasty virus that is very difficult to get rid of.
I ran Spybot Search & Destroy, which found some stuff and deleted it. While I was doing this a bunch of registry files tried to change themselves, but I denied all of them via Spybot -- except the last one which grayed out the "deny" button, so I didn't respond to that flag at all. I tried to update Spybot to the new version afterwards but it failed to install properly.
I ran Adaware and it found more virtumonde stuff to delete.
I ran AVG, and it found a trojan to delete too.
Then I rebooted... problems weren't gone, and Spybot failed to load and wouldn't run. I tried installing the new version again and this time it seemed to work. I scanned again and found more stuff to delete.
I updated Adaware and ran a scan... it found nothing.
I ran Vundofix... it found nothing. This is specifically designed to destroy this virus, but apparently a new version of the virus is immune to vundofix and it will tell you that your computer isn't infected.
Windows update is turned off. Or rather, it says it's turned off at one point, but in another place it says it's turned on... basically the virus is screwing with it and I can't actually turn it back on at the moment.
I'm running AVG again now. After that I'll reboot. Spybot is supposed to run on startup, I said it could, but we'll see what we'll see when I try that.
In the meantime I'm reading about other people who've fought to get rid of this program and I'm wondering if it's really worth it... maybe I should just save all my files and then reinstall Windows...
So far it doesn't seem to be infecting my other computers on the same network.
This is a virus that attacked me through Firefox. It works with Explorer of course, and Opera too I think. Dunno about Chrome or Safari, but it attacks through Sun java. Really sucky, I use Firefox and I have AVG and Spybot Search & Destroy protecting me and it still got through.
*Edit* AVG found nothing important... on reboot, Spybot started it's automatic search. It's finding more virtumonde stuff. So far so good, but I really have trouble believing that this program can be stopped just by Spybot/Adaware/AVG.
*Edit* Ok, moving on... based on recommendations found here I have done the following: flushed my temp folders with ATF Cleaner; created a system restore point with SysRestorePoint; made a registry backup with Erunt; and run Malwarebytes' Anti-Malware which found and deleted more virtumode stuff, and then asked me to reboot, and apparently killed something else on reboot (Spybot asked if this was ok). Now I'm going to run my Spybot/Adaware/AVG scans again, which takes almost an hour to get through. Isn't this fun?
I'm posting all of this from my gaming machine, so as not to open Firefox on the infected computer at all.
And... on the last two bootups Automatic Windows updates was turned off but I was able to turn it back on both times, for what that's worth.
Spybot found nothing.
I'm wondering if I use Safari (and/or use it to download Chrome) if that would make for safe web browsing without immediately reactivating this stupid virus?
