Tech Support Forum - View Single Post - Help Virtumundo

**Angelfire777** · 05-17-2008, 02:54 AM

Hi,

Some optional uninstalls..

uTorrent
Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this program from your system.

Full Tilt Poker
Poker programs such as this sometimes serve as vectors for malware to enter your system. I suggest you uninstall it especially if you're not using it.

*If you choose to remove those optionals, click start > control panel > add or remove programs > uninstall the optionals.

*Delete these files:

C:\WINDOWS\BMf7cc3dea.xml
C:\WINDOWS\system32\nnnnNGWm.dll.vir

*Delete these folders:

C:\VundoFix Backups

C:\Program Files\Full Tilt Poker <<only if you uninstalled full tilt poker
C:\Program files\utorrent <<only if you uninstalled utorrent
C:\Documents and Settings\user\Application Data\uTorrent <<only if you uninstalled utorrent

*Click start > run > copy and paste:

reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\BMf7cc3dea" /f

press enter.

reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\f4ff0e76" /f

press enter.

*Reboot your machine.

*I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\DCEBoot.exe

Then click submit.

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.

*Clean your Cache and Cookies in IE:

Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

*Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u6, and install it to your computer.

On your next reply, please include a

Fresh HijackThis log.
kaspersky scan log
jotti scan log

05-17-2008, 02:54 AM	#6 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 3,020 OS: XP	Re: Help Virtumundo - VBG and hijackthis logs Hi, Some optional uninstalls.. uTorrent Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this program from your system. Full Tilt Poker Poker programs such as this sometimes serve as vectors for malware to enter your system. I suggest you uninstall it especially if you're not using it. If you choose to remove those optionals, click start > control panel > add or remove programs > uninstall the optionals. Delete these files: C:\WINDOWS\BMf7cc3dea.xml C:\WINDOWS\system32\nnnnNGWm.dll.vir Delete these folders: C:\VundoFix Backups* C:\Program Files\Full Tilt Poker <<only if you uninstalled full tilt poker C:\Program files\utorrent <<only if you uninstalled utorrent C:\Documents and Settings\user\Application Data\uTorrent <<only if you uninstalled utorrent Click start > run > copy and paste: reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\BMf7cc3dea" /f* press enter. reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\f4ff0e76" /f press enter. Reboot your machine. I would like you to scan a file for me. Please go HERE. Copy and paste the following file path in to the box. C:\WINDOWS\DCEBoot.exe Then click submit. Please post the results to your next reply. If Jotti is too busy, you can go HERE and do the same as above. Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Click the "Delete Cookies" button Next to it, Click the "Delete Files" button When prompted, place a check in: "Delete all offline content", click OK Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu on the left side of the Options window. Click the Clear button located to the right of each option (History, Cookies, Cache). Click OK to close the Options window Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. Please do an online scan with Kaspersky WebScanner Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow. You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT* Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. *Your Java is out of date.... Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components. Click Start > Control Panel Click Add/Remove Programs Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove button. Repeat as many times as necessary to remove all versions of Java. Reboot your computer once all Java components are removed. Then download Java Runtime Environment 6u6, and install it to your computer. On your next reply, please include a Fresh HijackThis log. kaspersky scan log jotti scan log __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. Last edited by Angelfire777 : 05-17-2008 at 02:57 AM.