How Do I Get Rid Of Viruses In My Memory?

Discussion in 'other anti-virus software' started by SEAS, Jul 16, 2007.

Thread Status:
Not open for further replies.
  1. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Hey Forum!

    I was running NOD32 and got this message.

    A variant of Win32/Adware.Virtumonde.FP application found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click “Leave” to continue and subsequently run the cleaning of all disks. System memory infection originated from file C:\WINDOWS
    System32\pmnli.dll


    I also have tried Avast Free and DrWeb... both found viruses in memory and recommended to reboot and then they would fix (or remove) on rebooting, but it seems like I STILL have some in memory (or at least just this one).

    So... any ideas of how to get rid of this?

    Thanks!

    SEAS
     
  2. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    you could try with superantispyware and/or vundofix, they offer good results in removing this.
     
  3. tamdam

    tamdam Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    88
  4. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England
    Hi SEAS (no pun intended)

    What I have read about this malware it looks like you need expert advice from a dedicated spyware removal forum, somewhere like HijackThis - Tom Coyote - Bleeping computer etc.
     
  5. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
  6. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    As I remember Eset have removal tool for that malware. You should contact their support or Macros.

    You can not kill Vundo process from memory with Taskbar because it is often loaded with winlogon.exe process.
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Scan in safe mode. Also between reboots..power down PC complete for a few seconds. Soft reboots allow stuff to still run in RAM.
     
  8. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Even physically pull the power cord for a couple minutes.
     
  9. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Thanks guys for your hellp!

    So far I'm going down the list of recommendations step by step. I'm please to say that SUPERantispyware FREE found another 180 or so that NOD32 didn't. Now it's on to the other fixes that were recommended!

    However after cleaning... I'm getting "Error loading C:\WINDOWS\system32\kfkhydle.dll the specific module cannot be found"

    Is this something I need or what?

    Thanks!

    SEAS

    P.S. I was also going to run Windows XP Pro repair after all of this (to see if there's somethings that got killed acccidently). Is that something that is recommended or not?
     
  10. orthocros2007

    orthocros2007 Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    3
    If you never turn the power off on your computer, ANY data stored in "volitile" memory [memory which holds data only while power is flowing to the motherboard, where physical memory resides, [such as malware and viruses] will remain there.

    So, once viruses and other malware are removed by programs such as NOD32, you MUST TURN THE MACHINE OFF to get them completly "killed." This will remove any residual malware code still stored in volitile memory.

    NOD32 almost always does a cold boot [that is, all power to the machine is turned OFF, and the machine reboots freshly] after any malware removal operations. If it doesn't, you must configure NOD32 to either ask for a manual cold boot, or do an automatic cold boot.

    If the virus returns after a cold reboot, it was obviously NOT completely sanitized by your AV product.

    Removing an electronic virus is much like removing a virus from one's body. If he/she leaves a single virus in his/her body, or one goes back into an environment heavily-laden with the virus after it is removed from the body , even though the illness caused by the virus is in complete remission, it will eventually return, and usually returns in a more virulent state.

    Sometimes, the best solution is to re-partition and format your drives, and reinstall your OS, making sure you do this using OS installation media which cannot be rewritten [don't use copies of OS installation media!!!] Then start using safe surfing habits [stay away from P2Ps, Porn sites, and "warez" sites] CONSISTENTLY!!!. Also stay away from sites which originate from the former Soviet Union, and NEVER click on links from unknown senders in your e-mail.
     
    Last edited: Jul 16, 2007
  11. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Thanks YeOldeStonecat, zapjb, orthocros2007, and the rest!

    I unplugged my PC... let it sit for a while... then plugged back in. I then scanned with SUPERanitSpyWare Free and there was no more viruses in memory.

    I STILL get the RUNDELL Error " C:\WINDOWS\system32\kfkhydle.dll". Does anyone have any suggestions for this?

    SEAS
     
  12. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    try going to the msconfig in the startup tab and see if that file is there, ore use autoruns from microsoft to identfy that. then uncheck it
     
  13. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    It's funny how some times ya just have to pull the plug.

    Anyways for your dlll error. On XP I use RegistryBooster.

    http://www.liutilities.com/products/registrybooster/

    They have a free scan. Don't know if it fixes free. Try it.

    The full registered version fixed a dll error for me that nothing, no other program, no manual editing would fix.
     
  14. ASpace

    ASpace Guest

    You need to touch in the registry either manually or with special tools to delete the reg key.

    Since you got Virtumonde infection , you can go through the folloling instructions given by Blackspear


    HiTech_boy
     
  15. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Downloading Now! :D

    I'll keep everyone posted as well.

    BTW - Does anyone here on this forum have a project studio and use their PC for recording?

    SEAS
     
  16. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Say... how does RegistryBooster compare with Regcure?

    Here's Regcure's link http://www.regcure.com/lp/11/?uid=k0lxs

    A friend of mine emailed that to me to try the other day but hadn't gotten around to it yet.

    BTW - RegistgryBooster found 837 problems. Just made a backup... now going to try to fix!

    Thanks again everyone!

    SEAS :cool:
     
  17. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    I'll do this as well HiTech_boy! Just to make sure everythings is GONE!!!

    SEAS
     
  18. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Hey zapjb!

    RegCure found like 1,495 or so (but who knows if it's better or worse that RegistryBooster ya know?)

    What about the free one CCLEANER?

    SEAS
     
  19. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Imo/e stay away from cc.


    And don't go crazy w/reg fixers. Is your dll problem fixed?

    If so. I'd reboot, use comp at least10-15mins. Repeat 2-3x. If everthings well.

    I then would make an image & or clone & test it.


    Btw experience has taught me if you fool with reg fixers too much you'll f up your OS. And you won't know what program or what action of yours caused it. Or how to fix it.
     
  20. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    I'll reboot now and see. I BELIEVE the .dll problem is solved!

    BRB! ;)

    SEAS
     
  21. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    YEP! The .dll is gone.

    SEAS
     
  22. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    RegCure is a ParetoLogic braded product. For some reason, I remember ParetoLogic = bad. Something to do with extortionware at some point I believe.

    As far as other alternatives go, the best Registry cleaner job I've seen was by AmustSoft Registry Cleaner 3.11 . It's the last version that had a fully functional trial. Google it and give it a go, it has done the most consistently thorough and safe job of cleaning out dead entries of any cleaner I've worked with. It beats CCleaner over the head with a shovel.
     
  23. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    If Op doesn't have a backup solution....
     
  24. SEAS

    SEAS Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    53
    Thanks AshG!

    AmustSoft has a 3.5 version out now.

    Here's the link.
    http://www.amustsoft.com/registrycleaner/download/

    Trying it out now :)

    SEAS
     
  25. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    Yes, with a crippled/lss functional trial. 3.11 still removes all the baddies with minimal nag.
     
Loading...
Thread Status:
Not open for further replies.