Thread: Constant popups/slow pc - Virtumonde infection
View Single Post
Old 01-23-2008, 02:28 AM   #14 (permalink)
Angelfire777
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Constant popups/slow pc - Virtumonde infection
Hi,

Quote:
Well, I am happy to announce that i have not seen a popup for many days now. System speed has returned to normal, and all seems well. I have updated Java as per your suggestion. So all and all, it seems like it is back to my normal and stable system. I am not seeing any anomalous network activity sourcing from or destined to my machine. You deserve a BIG THANK YOU!
You're welcome!
Quote:
I still wish I knew how this thing got infected. Being a comp security professional myself (more on the networking and IDS side) I think I have it pinned down... Two things: My wife & MySpace, specifically a MySpace theme generator. I'm just not sure what app/plugin was exploited. Thanks for helping me on the system side!
MySpace is really dubious when it comes to security...Too many exploits in my opinion..I can't say for sure though..


Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

This line is legit but it isn't the right file. A similar O4 entry would be created the next time quicktime starts.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
______

Congratulations! Your log looks clean!

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.


Here are some free programs I recommend that could help you improve your pc's security.

MVPS Hosts File
~You can download it from here
~I highly recommend this hosts file. You can learn more about this here

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

Install WinPatrol
~You can download it from here
~You can get some information about how WinPatrol works here

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!

Note: Please reply to this thread one last time so I could close it.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline