Virtumonde.prx keeps coming back, can't turn auto windows updates on

[tetonbob]

Wait to install the updates until we're done. Which should be soon, just not yet.

Regarding the IE link/address issue, how long has this been going on? From what I've been reading, this seems like it results from having IE6 and IE7 installed side by side.

http://kb.mozillazine.org/Addresses_...pen_in_Firefox


Next....

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

Next....

From where did you download these files?

C:\iPod Access\IPod Access 2.9.2\ IPod Access 2.9.2\IPac\IPODACCESS_SETUP.EXE
C:\iPod Access\iPod Access for Windows\iPod Access.exe

They're identified by Kaspersky as trojan downloaders. That may be because of the nature of the files, since I imagine their intent is to help you download music.

[DominoHolster]

Here's the text:

7-Zip 4.42
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 7.0.5
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Avi2Dvd 0.4.4 beta
AviSynth 2.5
BufferChm
C3100
c3100_Help
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Customer Experience Enhancement
dBpoweramp Music Converter
Destinations
DivX
DocProc
DocProcQFolder
DVD Audio Extractor 4.2.1
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Exact Audio Copy 0.99pb3
Fax_CDA
FLAC Installer 1.1.3b (remove only)
Free Internet Eraser 2.30
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HP Solution Center 7.0
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
iPod Access for Windows v2.9.2
iPod for Windows User Guide
iPod for Windows User Guide
iPod System Software Updater 2.1
iPod System Software Updater 2.1
iPod Video Converter 3
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.113.1
LiveUpdate 3.0 (Symantec Corporation)
LucasArts' Monkey 4
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Nero 7 Ultra Edition
Network Play System (Patching)
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OptionalContentQFolder
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Plato Video To iPod PSP 3GP 3.18
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Reason 3.0
Scan
ScannerCopy
ScummVM 0.7.1
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shareaza version 2.2.5.0
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
Symantec KB-DocID:2003093015493306
The Sims 2
The Sims 2 Pets
The Weather Channel Desktop 6
Toolbox
Total Recorder 6.0
TrayApp
UHS Reader (Version 6.01)
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VideoLAN VLC media player 0.8.6a
VobSub v2.23 (Remove Only)
Weather Services
WebFldrs XP
WebReg
WinAce Archiver
WinAVI MP4 Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Yahoo! Messenger



Regarding iPod Access, I think I got it from Demonoid.com or maybe MiniNova... It's a program to get my music off my iPod and onto my computer. It has nothing to do with downloading files. Should I get rid of it?

And the IE problem has been happening only since I installed FireFox, about a week and a half ago. I'll read that article, though and see if it helps.

[DominoHolster]

You still with me tetonbob?

[tetonbob]

Yes. I was waiting to hear back from you regarding the Firefox/IE issue. You were reading the article.

[DominoHolster]

Oh, sorry. I didn't know you wanted me to try and fix that before we finished everything else...

[tetonbob]

Well, that's really the only issue remaining that I can see.

About this:

Quote:

Regarding iPod Access, I think I got it from Demonoid.com or maybe MiniNova... It's a program to get my music off my iPod and onto my computer. It has nothing to do with downloading files. Should I get rid of it?

I treat anything from torrent sites as suspect. Were it me, I'd uninstall it, and delete associated folders/installers from the machine.

[DominoHolster]

OK, I'll get rid of iPod access, since I only needed it when I first got the computer anyway.
I unistalled and then reinstalled Internet Explorer 7. When I first opened it, I entered a web address and it said something like "cannot find address ('null). Make sure you typed it correctly." Then I opened FireFox, it asked if I wanted it to be the default browser. I said yes and now Intenet Explorer is again opening everything through FireFox. I don't think I have Internet Explorer 6 installed, it's not on my list of add/remove programs. Is this happening just because I have FireFox set as my default browser?

[tetonbob]

Shouldn't be. Firefox is my default browser, and I can enter anything I want in IE, and it stays in IE.

This is getting out of my area of expertise. You may be better off asking in the Firefox or IE sections of the forum.

Before doing that, check the proxy settings for IE.

Internet Options > Connections tab > LAN settings > See if anything is listed in the Proxy server section.

A workaround test would be to make IE the default browser, and see if that helps.

Internet Options > Programs tab > Under "Default Web Browser" select Make default.

[DominoHolster]

Alright, I've got Internet Explorer working by deleting the HKEY_CLASSES_ROOT\CLSID\ {c90250f3-4d7d-4991-9b69-a5c5bc1c2ae6} registry entry. Now, it's opening pages, but in a new window. The window that opens when I launch Internet Explorer has no tabs or tab options, or a google search bar embedded at the top. But the window that opens if I enter an address has tabs and the google search bar. I'm thinking I'll just have to mess around with preferences to get this figured out, but I can ask in the other forum if I can't figure it out.
What else needs to be done?

[DominoHolster]

OK, I got Internet Explorer all figured out and it seems to be working fine. The link I had on my desktop was opening Microsoft Internet Explorer, and I wanted to be in Windows Internet Explorer.
I haven't had any pop-ups yet just doing some normal browsing.

[tetonbob]

Good job, glad you got it figured out. Mind sharing exactly what you ended up tweaking besides that reg entry?

As far as the malware removal, we're all but done.

Since you no longer have Norton AntiVirus installed, you can delete this folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus

Other than that, your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[DominoHolster]

To fix the browser issue all I did was find the Internet Explorer link through Windows Explorer and replaced that link with the one that was on my desktop. The one that was on the desktop was opening "Microsoft Internet Exlporer" and the one in the program files directory open "Windows Internet Explorer." When I opened the program through Windows Explorer it had me do a first-time setup, which the old link on my desktop hadn't allowed me to do.

The only other thing I can say is THANK YOU! I appreciate your help so much!

Am I OK to get rid of BootCheck and ResetTeaTimer?

Thanks again for all your help. You're doing a great thing here.

[tetonbob]

Thanks, that's a nice solution.

You're welcome for the help. Glad all is well again.

Quote:

Am I OK to get rid of BootCheck and ResetTeaTimer?

Yes, and any other logfiles left behind.

Anything else?

[DominoHolster]

I think that covers it.
Thanks again. You were a life-saver.
Domino

[tetonbob]

You're welcome, Domino!

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.