How Do I Get Rid Of Viruses In My Memory?

Hey Forum!

I was running NOD32 and got this message.

A variant of Win32/Adware.Virtumonde.FP application found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click “Leave” to continue and subsequently run the cleaning of all disks. System memory infection originated from file C:\WINDOWS
System32\pmnli.dll


I also have tried Avast Free and DrWeb... both found viruses in memory and recommended to reboot and then they would fix (or remove) on rebooting, but it seems like I STILL have some in memory (or at least just this one).

So... any ideas of how to get rid of this?

Thanks!

SEAS

 

you could try with superantispyware and/or vundofix, they offer good results in removing this.

 

if you know the particular process which happens to be the malware file, then use task manager to terminate it. If that doesn't work, try some more "advanced" termination:

IceSword -> http://www.antirootkit.com/software/IceSword.htm
DarkSpy -> http://www.softpedia.com/get/Antivirus/DarkSpy-Anti-Rootkit.shtml
APT -> http://www.diamondcs.com.au/freeutilities/apt.php

 

Hi SEAS (no pun intended)

What I have read about this malware it looks like you need expert advice from a dedicated spyware removal forum, somewhere like HijackThis - Tom Coyote - Bleeping computer etc.

 

Have look here at bleeping computers instructions
http://www.bleepingcomputer.com/forums/topic18610.html

 

As I remember Eset have removal tool for that malware. You should contact their support or Macros.

You can not kill Vundo process from memory with Taskbar because it is often loaded with winlogon.exe process.

 

Scan in safe mode. Also between reboots..power down PC complete for a few seconds. Soft reboots allow stuff to still run in RAM.

 

Even physically pull the power cord for a couple minutes.

 

Thanks guys for your hellp!

So far I'm going down the list of recommendations step by step. I'm please to say that SUPERantispyware FREE found another 180 or so that NOD32 didn't. Now it's on to the other fixes that were recommended!

However after cleaning... I'm getting "Error loading C:\WINDOWS\system32\kfkhydle.dll the specific module cannot be found"

Is this something I need or what?

Thanks!

SEAS

P.S. I was also going to run Windows XP Pro repair after all of this (to see if there's somethings that got killed acccidently). Is that something that is recommended or not?

 

If you never turn the power off on your computer, ANY data stored in "volitile" memory [memory which holds data only while power is flowing to the motherboard, where physical memory resides, [such as malware and viruses] will remain there.

So, once viruses and other malware are removed by programs such as NOD32, you MUST TURN THE MACHINE OFF to get them completly "killed." This will remove any residual malware code still stored in volitile memory.

NOD32 almost always does a cold boot [that is, all power to the machine is turned OFF, and the machine reboots freshly] after any malware removal operations. If it doesn't, you must configure NOD32 to either ask for a manual cold boot, or do an automatic cold boot.

If the virus returns after a cold reboot, it was obviously NOT completely sanitized by your AV product.

Removing an electronic virus is much like removing a virus from one's body. If he/she leaves a single virus in his/her body, or one goes back into an environment heavily-laden with the virus after it is removed from the body , even though the illness caused by the virus is in complete remission, it will eventually return, and usually returns in a more virulent state.

Sometimes, the best solution is to re-partition and format your drives, and reinstall your OS, making sure you do this using OS installation media which cannot be rewritten [don't use copies of OS installation media!!!] Then start using safe surfing habits [stay away from P2Ps, Porn sites, and "warez" sites] CONSISTENTLY!!!. Also stay away from sites which originate from the former Soviet Union, and NEVER click on links from unknown senders in your e-mail.

 

Thanks YeOldeStonecat, zapjb, orthocros2007, and the rest!

I unplugged my PC... let it sit for a while... then plugged back in. I then scanned with SUPERanitSpyWare Free and there was no more viruses in memory.

I STILL get the RUNDELL Error " C:\WINDOWS\system32\kfkhydle.dll". Does anyone have any suggestions for this?

SEAS

 

try going to the msconfig in the startup tab and see if that file is there, ore use autoruns from microsoft to identfy that. then uncheck it

 

It's funny how some times ya just have to pull the plug.

Anyways for your dlll error. On XP I use RegistryBooster.

http://www.liutilities.com/products/registrybooster/

They have a free scan. Don't know if it fixes free. Try it.

The full registered version fixed a dll error for me that nothing, no other program, no manual editing would fix.

 

You need to touch in the registry either manually or with special tools to delete the reg key.

Since you got Virtumonde infection , you can go through the folloling instructions given by Blackspear

HiTech_boy

 

Downloading Now!

I'll keep everyone posted as well.

BTW - Does anyone here on this forum have a project studio and use their PC for recording?

SEAS

 

Say... how does RegistryBooster compare with Regcure?

Here's Regcure's link http://www.regcure.com/lp/11/?uid=k0lxs

A friend of mine emailed that to me to try the other day but hadn't gotten around to it yet.

BTW - RegistgryBooster found 837 problems. Just made a backup... now going to try to fix!

Thanks again everyone!

SEAS

 

I'll do this as well HiTech_boy! Just to make sure everythings is GONE!!!

SEAS

 

Hey zapjb!

RegCure found like 1,495 or so (but who knows if it's better or worse that RegistryBooster ya know?)

What about the free one CCLEANER?

SEAS

 

Imo/e stay away from cc.


And don't go crazy w/reg fixers. Is your dll problem fixed?

If so. I'd reboot, use comp at least10-15mins. Repeat 2-3x. If everthings well.

I then would make an image & or clone & test it.


Btw experience has taught me if you fool with reg fixers too much you'll f up your OS. And you won't know what program or what action of yours caused it. Or how to fix it.

 

I'll reboot now and see. I BELIEVE the .dll problem is solved!

BRB!

SEAS

 

YEP! The .dll is gone.

SEAS

 

RegCure is a ParetoLogic braded product. For some reason, I remember ParetoLogic = bad. Something to do with extortionware at some point I believe.

As far as other alternatives go, the best Registry cleaner job I've seen was by AmustSoft Registry Cleaner 3.11 . It's the last version that had a fully functional trial. Google it and give it a go, it has done the most consistently thorough and safe job of cleaning out dead entries of any cleaner I've worked with. It beats CCleaner over the head with a shovel.

 

If Op doesn't have a backup solution....

 

Thanks AshG!

AmustSoft has a 3.5 version out now.

Here's the link.
http://www.amustsoft.com/registrycleaner/download/

Trying it out now

SEAS

 

Yes, with a crippled/lss functional trial. 3.11 still removes all the baddies with minimal nag.