The Warring States of NPF  

Go Back   The Warring States of NPF > Dead threads
User Name
Password
Mark Forums Read
FAQ Members List Calendar Search Today's Posts Join Chat

 
View First Unread View First Unread   Click to unhide all tags.Click to hide all tags.  
Thread Tools Display Modes
Unread 11-30-2008, 02:58 AM   #1
Solid Snake
Erotic Esquire
 
Solid Snake's Avatar
 
Join Date: Nov 2003
Posts: 5,563
Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way.
Send a message via AIM to Solid Snake
Default I've got a Virtumonde Problem

So there's apparently a nasty gadget called Virtumonde that's attached itself to my computer. Here's the strange thing; absolutely no anti-adware program I've used -- and I have five on my computer -- has proven effective at ridding it. Every one of them identifies some Virtumonde files and (presumably) rids of the problem. But every time I restart the computer the same pop-up ads have bombarded. I'm not sure how Virtumonde has managed to pull this off, but it's mildly distressing to say the least.

Here's what I have working on my computer:

Paid Versions

Trend Micro PC-cillin
Spyware Doctor by PCTools

Free Versions

Ad-Aware
Malwarebtyes' Anti-Malware
Spybot - Search and Destroy

I've also run a program called Vundo Removal that supposedly would help rid of this but it didn't even identify a single corrupt file or registry, let alone eliminate anything. Most the others at least eliminate dozens of "corrupted" information every time, but the same files and registries keep magically reappearing.

...any ideas how to fix this piece of junk?
__________________
WARNING: Snek's all up in this thread. Be prepared to read massive walls of text.
Solid Snake is offline Add to Solid Snake's Reputation  
Unread 11-30-2008, 03:32 AM   #2
Krylo
The Straightest Shota
 
Krylo's Avatar
 
Join Date: Nov 2003
Location: It's a secret to everybody.
Posts: 17,789
Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat].
Default

Wikipedia has the answer.

Basically, those programs aren't removing it because the DLL component boots up on winlogon, which means that they can't delete it. It then recreates all the other files at boot.

To fix it you have to find the proper .dll, and rename it with no extension, then start up in safe mode and run your virus removal programs AND manually delete the .dll file (which is no longer a .dll).

Alternatively: get a better browser that isn't susceptible to it.
__________________
Krylo is offline Add to Krylo's Reputation  
Unread 11-30-2008, 03:50 AM   #3
Solid Snake
Erotic Esquire
 
Solid Snake's Avatar
 
Join Date: Nov 2003
Posts: 5,563
Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way.
Send a message via AIM to Solid Snake
Default

How exactly do I identify the "proper .dll" though? The file names appear to be randomized.

EDIT: Found a system32 .dll file listed under "Virtumonde" with Spybot, but when I look under my hidden files in my C drive, the eight-letter file in question is...nowhere to be found. Heh.
__________________
WARNING: Snek's all up in this thread. Be prepared to read massive walls of text.

Last edited by Solid Snake; 11-30-2008 at 05:00 AM.
Solid Snake is offline Add to Solid Snake's Reputation  
Unread 11-30-2008, 05:01 AM   #4
Krylo
The Straightest Shota
 
Krylo's Avatar
 
Join Date: Nov 2003
Location: It's a secret to everybody.
Posts: 17,789
Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat].
Default

MAGIC!

Quote:
Originally Posted by wiki
Infected DLLs (with randomized names such as "__c00369AB.dat") will be present in the Windows/System32 folder and references to the DLLs will be found in the user's start up (viewable in MSConfig), registry, and as browser add ons in Internet Explorer.
Alternatively, you could try reading more closely.
__________________
Krylo is offline Add to Krylo's Reputation  
Unread 11-30-2008, 05:03 AM   #5
Solid Snake
Erotic Esquire
 
Solid Snake's Avatar
 
Join Date: Nov 2003
Posts: 5,563
Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way.
Send a message via AIM to Solid Snake
Default

So when I click "Manage Add Ons" and happen to see an eight-letter .dll file among the standards, it's a pretty good guess that's the one, eh?

EDIT: Nope, apparently not. Still can't find the folder with that .dll name in Windows \ System32.
__________________
WARNING: Snek's all up in this thread. Be prepared to read massive walls of text.

Last edited by Solid Snake; 11-30-2008 at 05:08 AM.
Solid Snake is offline Add to Solid Snake's Reputation  
Unread 11-30-2008, 05:04 AM   #6
Kim
adorable
 
Kim's Avatar
 
Join Date: Sep 2007
Posts: 12,950
Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them. Kim will strap all reputation givers to balloons and kidnap them.
Default

Fuck that! Use magnets to pull the infected files! Viruses are magnetic, so if you use strong enough magnets, you should be able to just yank them out.

SCIENCE bests MAGIC once again...
__________________
this post is about how to successfully H the Kimmy
Kim is offline Add to Kim's Reputation  
Unread 11-30-2008, 05:08 AM   #7
Krylo
The Straightest Shota
 
Krylo's Avatar
 
Join Date: Nov 2003
Location: It's a secret to everybody.
Posts: 17,789
Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat]. Krylo is [censored for Unusual use of a goat].
Default

Oh shit, I totally forgot to suggest that.

Damnit, I'm slipping.
__________________
Krylo is offline Add to Krylo's Reputation  
Unread 11-30-2008, 01:46 PM   #8
Solid Snake
Erotic Esquire
 
Solid Snake's Avatar
 
Join Date: Nov 2003
Posts: 5,563
Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way. Solid Snake didn't even know you could use a corkscrew in that way.
Send a message via AIM to Solid Snake
Default

Well, I did everything the Wikipedia article recommended -- renamed the DLL file and got rid of the DLL suffix, went into safe mode, deleted the registries...
...yup. Nothing worked.

EDIT: I've downloaded the newest version of Firefox, which has gotten rid of the popups for IE. But even if I get rid of IE (is it even possible for a computer using Windows to delete IE?), the Virtumonde program is still running every time I reboot my computer, and I'm afraid it's going to chew through a lot of my available memory.
__________________
WARNING: Snek's all up in this thread. Be prepared to read massive walls of text.

Last edited by Solid Snake; 11-30-2008 at 02:01 PM.
Solid Snake is offline Add to Solid Snake's Reputation  
Unread 11-30-2008, 05:31 PM   #9
Dauntasa
Goddamn Commie
 
Dauntasa's Avatar
 
Join Date: Jul 2007
Location: Riding the Midnight Express to Slate City
Posts: 492
Dauntasa is reputed to be..repu..tational. Yes.
Default

There is a program called Vundofix which is designed to get of Virtumonde. It's freeware, so you can just google it and then download it.
Dauntasa is offline Add to Dauntasa's Reputation  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:28 AM.
The server time is now 09:28:26 AM.


Powered by: vBulletin Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.