Need some information dealing with Virtumonde.

Hello all.

First time here and hope I'm posting this in the appropriate section.

Well, my brother's system is currently infected with Virtumonde. McAfee was utterly useless in preventing this in the first place. I have Spysweeper and installed it on his system, but it was unsuccessful in getting rid of this (even in safe mode). I know Eset is useless with it (reading posts about it). Tried looking into AVG, but the install always failed. Only option I am now looking at is 'nuking' the drive. It's becoming really problematic and time consuming.

Unfortunately, he doesn't have a recent backup. So we got a 1 TB drive and will be using it to do a backup of important files, etc.

I plan to do the following:
1) strip the hdd from his system and put it into an enclosure and hook it up as an external hdd on my system.
2) backup all important data onto the 1 TB drive.
3) format the external hdd, then put it back in his system for a clean system install.

Now my concern is Virtumonde. Can it infect my system if I attempt to do this?

I have the following security on my system:
Online Armor (paid version)
Spysweeper
Eset Nod32 AV v3
Spyware Blaster
Security Task Manager

CCLeaner and EasyCleaner

Any info provided will be greatly appreciated.

Thanks in advance.

 

I think SuperAntispyware free and Malwarebytes' Anti-Malware free can help you remove most of the vundo viruses, if not all.

 

+1 to this

try first malwarebyte's antimalware (www.malwarebytes.org), install, update and do a "QUICK SCAN". This should take most of the infection out.

After that, SAS (www.superantispyware.com) should take care of anything left.

Good luck!

 

Thanks for all your suggestions.

Some interesting things happened:

1) Dr. Web CureIt! and McAfee Stinger both failed to run on my bro's system. Both crashed with an error report dialogue.
2) Malwarebytes Anti-Malware Free worked in ridding 'most' of the infection.
3) SUPERAntiSpyware Free seems to have gotten rid of the rest.

When I rebooted, everything seemed fine (no hint of the infection - usually Online Armor picks it up immediately upon boot with all the .dll hooks). Just to be sure, I ran a full complete scan on the system.
1) Spysweeper reported clean - no infections.
2) Malwarebytes Anti-Malware Free reported clean - no infections (BUT in the middle of the scan, ESET popped up with red warnings of Virtumonde and immediately quarantined it).

It seems when Malwarebytes went through the system recovery files, it somehow 'activated' the file that most likely contained the culprit and ESET intercepted it. I don't know, but it seems the infection refuses to be purged.

My brother's fed up and decided to just 'nuke' both drives (I forgot he has RAID setup for mirror). He's backing up his data now and will proceed on after that.

Again, I thank you all for the suggestions.

I will actually install Malwarebytes and SAS on my own system on top of what I currently have. Both going to be used as on-demand file scanning. I am also considering AVG as well for on-demand scanning as well.

Happy holidays!

 

We're dealing with tons of those infections.....they've skyrocketed over the past 6 months.

The trojan that drives this has new variants that come out sometimes several times a day! So....if you cleaned a machine yesterday, chances are the infection you deal with on another PC today may not be the same, or whatever tool you used yesterday may not clean the one today.

We've turned to a shotgun approach using several tools...

First, if you can, remove the hard drive, slave it to a healthy PC..and run all the utilitities on it. Some of the newer variants are using rootkits, so it's best to scan and remove outside of windows (such as slaving to another PC)

If have to do the removal on the bad PC...on your USB thumb drive...carry the following..
AntiVir
MalwareBytes
SuperAntispyware
Spybot S&D
CCleaner
TCP/Winsock repair utility
SDFix.exe

On the suspect PC, first disable system restore
Install the above tools...reboot into safe mode w/networking support
Run CCleaner
Run the tools

AntiVir recently released a tool they update almost daily...a bootable CD which runs their product. The CD becomes stale/outdated after a few days, so download and burn new CDs frequently as part of your took kit.

 

I have to admit, everytime I read a post like this and see how MBAM and SAS kick some you know what and how It makes most other scanners look pathetic,I just have to shake me head of discused for other scanner type products.congrats once more to MBAM and SAS.