Virtumonde?

Discussion in 'malware problems & news' started by Nuke, Jul 6, 2009.

Thread Status:
Not open for further replies.
  1. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I am not sure which is the appropriate forum for this post, so moderators move it where you deem fit.

    I have a laptop running Windows XP SP3 (current with Windows updates and security updates) which gets used once a week for about two hours. It spends very little time on the Internet.

    Last week I ran Spybot-S&D and it found Virtumonde. I ran a bunch of the other scans (list below) but no Malware or viruses found. I decided to purge Virtumonde out of Spybot-S&D. The laptop shows no symptoms as being infected, but I can't go to Photo Bucket using Firefox or Internet Explorer.

    Don't want to scorch the earth of I don't have to (wipe the drive).

    Can I trust the results of these online virus scan?

    ESET's Online Antivirus Scan: No Threats Found.
    Panda Online Active Scan: No Infection Found.
    Trend Micro Housecalls: Found Three Tracking Cookies.
    Windows Live One Care: No Threats Found.

    Desktop Scans:

    Nod32: No Threats Found.
    SUPERAntiSpyware: found two or three Ad Aware.
    Malwarebytes: No Infection Found.
    Ad-Aware: Found Three Tracking Cookies.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    on the balance i would say you can trust all those reports. what happens when you go to photo bucket?
     
  3. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I just started surfing the Internet with this laptop and there are other websites where the page will not load. So there are some websites that I can navigate to and others not. Any suggestions?

    Message below:

    Address Not Found

    Firefox can't find the server at www.bleepingcomputer.com.
    The browser could not find the host server for the provided address.

    * Did you make a mistake when typing the domain? (e.g. "ww.mozilla.org" instead of "www.mozilla.org")
    * Are you certain this domain address exists? Its registration may have expired.
    * Are you unable to browse other sites? Check your network connection and DNS server settings.
    * Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    empty browser cache, use ipconfig /flushdns from cmd line to flush dns and finally restart router/modem as final resort.
     
  5. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I went to the command line and type: ipconfig /flushdns, and then reset the modem and the router. No change. When I went to the command line and typed in: ipconfig /flushdns, I pressed enter on the keyboard and then I saw what appeared to be a outline of a black box open and close very quickly. It really didn't look like it did anything.

    Have I missed something?

    Is there another option?

    ETA: I emptied the cache, history, etc.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
  7. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    All the other computers on the network are okay, and had no problems connecting to other websites. I have heard good things about OpenDNS, so I am willing to give it a go. However, I can't make the changes to the network today. In the meantime, I will look for a way to remove this Malware from the laptop. I am running out of ideas. I do appreciate your help.
     
    Last edited: Jul 6, 2009
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    I understand. It's a quick and easy change and easily reversible.
     
  9. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Ron, thanks. Leo Laporte uses and recommends OpenDNS.

    I just don't know how any Malware got onto this laptop. I don't open attachments. I don't quick links in e-mails or sketchy websites. I surf the net using Firefox with NoScript. I follow all the rules for safe computing.

    As the King of Siam once said, "it is a puzzlement."
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
  11. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Ron: it is a good explanation. Back tomorrow.

    Thanks again.
     
  12. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    You could try Avira, or the bootable version of Avira.
    Prevx could also be a good choice. Scanning is free, cleaning is not.
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Before doing that, you could also use ipconfig /release and ipconfig /renew .
     
  14. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    From the Wikipedia article, I was able to navigate over to VundoFix (is this a legitimate website?) and download their removal tool to my desktop. I will have to disconnect from the Internet before I can run the program/VundoFix.
    Should I do this from the desktop (master browser) or the laptop? I don't know if this means anything but the laptop was given a static IP. This was done because I was having problems (sometimes) using RealVNC when trying to connect from the laptop to the desktop or vice versa on my home network. I believe this problem (RealVNC) had more to do with the Linksys Range Expander. Since I disconnected the Linksys Range Expander, I haven't had any more problems.

    The laptop is almost asymptomatic except for the fact that I cannot connect to some websites. As I stated above, this laptop is only used once a week for about two hours when I need to use RealVNC (Connect to desktop on home network).
     
    Last edited: Jul 7, 2009
  15. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Vundofix is legit - not sure how often its updated. Those tools you've already used are probably more effective, at the moment.

    Have you done a HiJackThis check? and taken a peak inside HOSTS file for any blocking of those sites you're having problems with?
     
  16. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    With all these scans I think you are OK it was probably a false positive from Spybot-S&D. However, for safety run a boot scan from a rescue disc.
     
  17. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Vundofix found no viruses. It sure seems like a false positive, but not being able to navigate to some websites gives me pause for concern.

    I have been reading about the boot scan and it looks like I can do it from a USB flash drive.

    All the other computers on the network are (three PCs and one Mac) are okay. I have not forgotten about OpenDNS.
     
  18. NickHSunbelt

    NickHSunbelt Support Specialist

    Joined:
    Apr 13, 2009
    Posts:
    177
    Location:
    Clearwater, Florida
    Have you checked to see if you have a specific DNS Server entered in your TCP/IP settings? I see a lot of threats that will change the DNS from automatic to a specific server usually starting with 85.255.x.x. To check this, click the Start button then click Run (use the search bar if it's Vista). Type ncpa.cpl then press Enter. Locate "Internet Protocol (TCP/IP)" and double click it. Check to see if both options are set to automatically obtain a server address. If not, try changing them to automatic and see if this solves the problem. After doing this you may need to restart the computer or just flush the DNS.
     
  19. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    My tale of woe has come to an end. It turns out that it was a DNS problem on the laptop. Reinstalling Windows would have resolved this issue, but then I would have to install all my programs, etc.

    Thanks everybody. Case closed.
     
Thread Status:
Not open for further replies.