Virtumonde?

I am not sure which is the appropriate forum for this post, so moderators move it where you deem fit.

I have a laptop running Windows XP SP3 (current with Windows updates and security updates) which gets used once a week for about two hours. It spends very little time on the Internet.

Last week I ran Spybot-S&D and it found Virtumonde. I ran a bunch of the other scans (list below) but no Malware or viruses found. I decided to purge Virtumonde out of Spybot-S&D. The laptop shows no symptoms as being infected, but I can't go to Photo Bucket using Firefox or Internet Explorer.

Don't want to scorch the earth of I don't have to (wipe the drive).

Can I trust the results of these online virus scan?

ESET's Online Antivirus Scan: No Threats Found.
Panda Online Active Scan: No Infection Found.
Trend Micro Housecalls: Found Three Tracking Cookies.
Windows Live One Care: No Threats Found.

Desktop Scans:

Nod32: No Threats Found.
SUPERAntiSpyware: found two or three Ad Aware.
Malwarebytes: No Infection Found.
Ad-Aware: Found Three Tracking Cookies.

 

on the balance i would say you can trust all those reports. what happens when you go to photo bucket?

 

I just started surfing the Internet with this laptop and there are other websites where the page will not load. So there are some websites that I can navigate to and others not. Any suggestions?

Message below:

Address Not Found

Firefox can't find the server at www.bleepingcomputer.com.
The browser could not find the host server for the provided address.

* Did you make a mistake when typing the domain? (e.g. "ww.mozilla.org" instead of "www.mozilla.org")
* Are you certain this domain address exists? Its registration may have expired.
* Are you unable to browse other sites? Check your network connection and DNS server settings.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.

 

empty browser cache, use ipconfig /flushdns from cmd line to flush dns and finally restart router/modem as final resort.

 

I went to the command line and type: ipconfig /flushdns, and then reset the modem and the router. No change. When I went to the command line and typed in: ipconfig /flushdns, I pressed enter on the keyboard and then I saw what appeared to be a outline of a black box open and close very quickly. It really didn't look like it did anything.

Have I missed something?

Is there another option?

ETA: I emptied the cache, history, etc.

 

All the other computers on the network are okay, and had no problems connecting to other websites. I have heard good things about OpenDNS, so I am willing to give it a go. However, I can't make the changes to the network today. In the meantime, I will look for a way to remove this Malware from the laptop. I am running out of ideas. I do appreciate your help.

 

Ron, thanks. Leo Laporte uses and recommends OpenDNS.

I just don't know how any Malware got onto this laptop. I don't open attachments. I don't quick links in e-mails or sketchy websites. I surf the net using Firefox with NoScript. I follow all the rules for safe computing.

As the King of Siam once said, "it is a puzzlement."

 

Ron: it is a good explanation. Back tomorrow.

Thanks again.

 

You could try Avira, or the bootable version of Avira.
Prevx could also be a good choice. Scanning is free, cleaning is not.

 

Before doing that, you could also use ipconfig /release and ipconfig /renew .

 

From the Wikipedia article, I was able to navigate over to VundoFix (is this a legitimate website?) and download their removal tool to my desktop. I will have to disconnect from the Internet before I can run the program/VundoFix.

Should I do this from the desktop (master browser) or the laptop? I don't know if this means anything but the laptop was given a static IP. This was done because I was having problems (sometimes) using RealVNC when trying to connect from the laptop to the desktop or vice versa on my home network. I believe this problem (RealVNC) had more to do with the Linksys Range Expander. Since I disconnected the Linksys Range Expander, I haven't had any more problems.

The laptop is almost asymptomatic except for the fact that I cannot connect to some websites. As I stated above, this laptop is only used once a week for about two hours when I need to use RealVNC (Connect to desktop on home network).

 

Vundofix is legit - not sure how often its updated. Those tools you've already used are probably more effective, at the moment.

Have you done a HiJackThis check? and taken a peak inside HOSTS file for any blocking of those sites you're having problems with?

 

With all these scans I think you are OK it was probably a false positive from Spybot-S&D. However, for safety run a boot scan from a rescue disc.

 

Vundofix found no viruses. It sure seems like a false positive, but not being able to navigate to some websites gives me pause for concern.

I have been reading about the boot scan and it looks like I can do it from a USB flash drive.

All the other computers on the network are (three PCs and one Mac) are okay. I have not forgotten about OpenDNS.

 

Have you checked to see if you have a specific DNS Server entered in your TCP/IP settings? I see a lot of threats that will change the DNS from automatic to a specific server usually starting with 85.255.x.x. To check this, click the Start button then click Run (use the search bar if it's Vista). Type ncpa.cpl then press Enter. Locate "Internet Protocol (TCP/IP)" and double click it. Check to see if both options are set to automatically obtain a server address. If not, try changing them to automatic and see if this solves the problem. After doing this you may need to restart the computer or just flush the DNS.

 

My tale of woe has come to an end. It turns out that it was a DNS problem on the laptop. Reinstalling Windows would have resolved this issue, but then I would have to install all my programs, etc.

Thanks everybody. Case closed.