Very bad virus/trojan infection (primarily Vundo), very limited PC functions
I got hit by Vundo/Virtumonde awhile back, about a month ago, and did the research on my own on how to remove it and what the recommended programs were that I use. I was able to get rid of it after tirelessly fighting it for 2 days, but it came back a two weeks later, but I removed it again. Then it came back another 2 weeks later, and I seemingly removed it yet again. Now after just 1 day, it came back and made many different functions of my PC unusable. It is noticably worse this time around over the past 3 infections and made it very difficult to remove.
I made an attempt to scan with SUPERantispyware (free version) on safe mode to run a scan on my windows folder alone and it picked up Several trojans almost immediately, including Vundo. It detected about 133 threats in just 18 minutes, and previously had only found at most 15. It clearly got rid of some of the problem, but not everything. I also ran CCcleaner to clear all recent history/temp files but one file named "fbk.sts" would not stay deleted.
Here are the problems/symtoms I was faced with, some of which were fixed:
1) Cannot access folder options -> Tools on explorer, for the purpose of allowing me to show all hidden files and system contents. Even when trying to access under control panel it says I do not have admin privilages when I do (only user). Problem persists after scan.
2) Was unable to use computer in regular mode. Would blue screen immediately after logging in. Had to start in safe mode just to be able to do anything at all. Running SUPERantisypyware fixed this issue.
3)Was unable to turn off system restore. Vundo has tried to use system restore in the past to restore itself and kept prompting me to turn it back on every time I ran a spyware/virus sweeping program. This time, it didn't let me turn it off at all. Running SUPERantispyware fixed this issue.
4) Unable to use see and use various and almost all virus/spyware scanning programs which I was previously able to use in past infections. However the process is clearly running when I open the Task Manager.
This included Combofix, Malwarebytes Antimalware, Spybot, cwshredder, and possibly more. Running SUPERantispyware fixed this problem.
5) Unable to start Firefox for the purpose of clearing all my private data, to remove all temporary internet files, cookies, and passwords. An error message popped up everytime saying "Firefox.exe - Entry Point Not Found The proceedure entry point SetupDiDestroyDeviceInfoList could not be located in the dynamic link library SETUPAPI.dll". Was however able to open Internet explorer but had no internet connection, and attempted to use the Tools -> Options, but it gave another error message saying "This Operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". Problem still persists.
6) Everytime I restarted, it would say explorer.exe was in use, which has always been a sign of a trojan or virus grabbing a hook onto that process. Problem still persists.
7) Sudden error sounds but no error messages, sometimes in double or triple repititions. Problem still persists and has been a long term symptom from a month ago.
Also, right after the infection occured my retail version of Spysweeper tried to block access to several websites after I had went to a megaupload link. It immediately quarantined a virtumonde/vundo upon detection and claimed to have deleted it, but 30 minutes later I got a blue screen error and thats when it began. I tried to restart normally but got blue screened again. The third time I started in safe mode successfully, and immediately did a windows search for all files created that day inside my windows folder.
I found several randomly named .dll files, which was a previous symptom and sign of a vundo/virtumonde infection, and two others named "TDSSdxcp.dll" and "TDSSnvuo.dll". Furthermore, I used Unlockerassistant to see what running processes the .dll files were affecting, and the three randomly named ones pointed towards all my processes that were set to run on startup. These .dll files were never found and deleted by SUPERantispyware. I also found 3 applications which were made that day named "_MSRSTRT", "~", and "tmpFD". About a week before this I had a similar application named "tmp2.exe", which was removed. Also, I noticed three new startup items after checking MSconfig which I had never seen before and were nothing recognizable or coherent. I was able to uncheck them.
Please tell me what I should do next :4-dontkno. I already have these trojan/virus scanners installed:
Webroot Antivirus (retail)
Spybot
Reanimator RegRun
Ad-Aware
ComboFix
cwshredder
Exterminate it!
FixVundo
Vundofix
HiJackThis
Malwarebytes' Anti-Malware
CCleaner
I would be very grateful for a quick response since this means I cannot use internet, in all senses of the word.
ray:
I got hit by Vundo/Virtumonde awhile back, about a month ago, and did the research on my own on how to remove it and what the recommended programs were that I use. I was able to get rid of it after tirelessly fighting it for 2 days, but it came back a two weeks later, but I removed it again. Then it came back another 2 weeks later, and I seemingly removed it yet again. Now after just 1 day, it came back and made many different functions of my PC unusable. It is noticably worse this time around over the past 3 infections and made it very difficult to remove.
I made an attempt to scan with SUPERantispyware (free version) on safe mode to run a scan on my windows folder alone and it picked up Several trojans almost immediately, including Vundo. It detected about 133 threats in just 18 minutes, and previously had only found at most 15. It clearly got rid of some of the problem, but not everything. I also ran CCcleaner to clear all recent history/temp files but one file named "fbk.sts" would not stay deleted.
Here are the problems/symtoms I was faced with, some of which were fixed:
1) Cannot access folder options -> Tools on explorer, for the purpose of allowing me to show all hidden files and system contents. Even when trying to access under control panel it says I do not have admin privilages when I do (only user). Problem persists after scan.
2) Was unable to use computer in regular mode. Would blue screen immediately after logging in. Had to start in safe mode just to be able to do anything at all. Running SUPERantisypyware fixed this issue.
3)Was unable to turn off system restore. Vundo has tried to use system restore in the past to restore itself and kept prompting me to turn it back on every time I ran a spyware/virus sweeping program. This time, it didn't let me turn it off at all. Running SUPERantispyware fixed this issue.
4) Unable to use see and use various and almost all virus/spyware scanning programs which I was previously able to use in past infections. However the process is clearly running when I open the Task Manager.
This included Combofix, Malwarebytes Antimalware, Spybot, cwshredder, and possibly more. Running SUPERantispyware fixed this problem.
5) Unable to start Firefox for the purpose of clearing all my private data, to remove all temporary internet files, cookies, and passwords. An error message popped up everytime saying "Firefox.exe - Entry Point Not Found The proceedure entry point SetupDiDestroyDeviceInfoList could not be located in the dynamic link library SETUPAPI.dll". Was however able to open Internet explorer but had no internet connection, and attempted to use the Tools -> Options, but it gave another error message saying "This Operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". Problem still persists.
6) Everytime I restarted, it would say explorer.exe was in use, which has always been a sign of a trojan or virus grabbing a hook onto that process. Problem still persists.
7) Sudden error sounds but no error messages, sometimes in double or triple repititions. Problem still persists and has been a long term symptom from a month ago.
Also, right after the infection occured my retail version of Spysweeper tried to block access to several websites after I had went to a megaupload link. It immediately quarantined a virtumonde/vundo upon detection and claimed to have deleted it, but 30 minutes later I got a blue screen error and thats when it began. I tried to restart normally but got blue screened again. The third time I started in safe mode successfully, and immediately did a windows search for all files created that day inside my windows folder.
I found several randomly named .dll files, which was a previous symptom and sign of a vundo/virtumonde infection, and two others named "TDSSdxcp.dll" and "TDSSnvuo.dll". Furthermore, I used Unlockerassistant to see what running processes the .dll files were affecting, and the three randomly named ones pointed towards all my processes that were set to run on startup. These .dll files were never found and deleted by SUPERantispyware. I also found 3 applications which were made that day named "_MSRSTRT", "~", and "tmpFD". About a week before this I had a similar application named "tmp2.exe", which was removed. Also, I noticed three new startup items after checking MSconfig which I had never seen before and were nothing recognizable or coherent. I was able to uncheck them.
Please tell me what I should do next :4-dontkno. I already have these trojan/virus scanners installed:
Webroot Antivirus (retail)
Spybot
Reanimator RegRun
Ad-Aware
ComboFix
cwshredder
Exterminate it!
FixVundo
Vundofix
HiJackThis
Malwarebytes' Anti-Malware
CCleaner
I would be very grateful for a quick response since this means I cannot use internet, in all senses of the word.
ray:
