Questions on infections

Discussion in 'ewido anti-spyware forum' started by E_User, Mar 9, 2006.

Thread Status:
Not open for further replies.
  1. E_User

    E_User Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    2
    Ive Googled for the answer and havent had any luck. Running Ewido I come up with a Vitrumonde malware everytime I scan. Actually 7 versions of it each time. What has me perplexed is that It reappears without even connecting to the web. I run a scan close it out and immediatly run another there it is.

    I run a pretty tight ship on this PC. Spyware blaster on full lockdown, Lavasoft and SB S&D, along with AVG AV. So im assuming I have something embedded that resets itself when its functioning parts are removed.

    ANother question, I also get another similiar situation with something labeled, windows/scvpk2/nutcr.dll, close to that anyways, thats from memory. Shows up immeadiatly after being quarantined.

    Curious if there is a manual fix for these I can go through?

    System restore is off on my machine also

    Any consideration would be appreciated.

    Thanks
     
  2. steveke

    steveke Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    90
  3. E_User

    E_User Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    2
    Thanks Ill check those out. :)
     
  4. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Check out these web sites for removal tools and suggested cleaning instructions, I think you have to try to remove it from add/remove programs and then use the special tools in safe mode. Follow up with a full Ewido scan.
    http://forums.mcafeehelp.com/viewtopic.php?t=57049
    http://www.bleepingcomputer.com/for...janVundoB-Search42com-MSevents-tx18610-0.html
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
    After these procedures, you should submit a HijackThis log at bleepingcomputer forums for analysis and completion of removal.
    http://www.bleepingcomputer.com/forums/HijackThis-Logs-and-Analysis-f22.html
     
Thread Status:
Not open for further replies.