Options
Virtumonde
Hi guys, this is my first thread on here, so be gentle with me!!
I was reading through the sticky above about how to remove Virtumonde, but i became stuck at this bit;
IMPORTANT
Lately, the Vundo infection has been hiding itself from HijackThis. You will know when Vundo is hiding because there will be NO O2 entries present (and possibly no O20 entry) in your HijackThis log. If this is the case, then you need to rename HijackThis.exe to Scanner.exe and run another HijackThis scan. You will now see the O2 and O20 entries appear.
How do i do this exactly? I firstly went into the properties of the hijack this file i downloaded and changed the name to 'Scanner.exe' but that didnt work, i then went into Program Files and changed it there, but that didnt work either.
Any help on this matter would be greatly appreciated as this Virtumonde thing is really starting to get on my nerves
Thanks in advance
Wrighty
I was reading through the sticky above about how to remove Virtumonde, but i became stuck at this bit;
IMPORTANT
Lately, the Vundo infection has been hiding itself from HijackThis. You will know when Vundo is hiding because there will be NO O2 entries present (and possibly no O20 entry) in your HijackThis log. If this is the case, then you need to rename HijackThis.exe to Scanner.exe and run another HijackThis scan. You will now see the O2 and O20 entries appear.
How do i do this exactly? I firstly went into the properties of the hijack this file i downloaded and changed the name to 'Scanner.exe' but that didnt work, i then went into Program Files and changed it there, but that didnt work either.
Any help on this matter would be greatly appreciated as this Virtumonde thing is really starting to get on my nerves
Thanks in advance
Wrighty
0
Comments
You can still run through the removal procedure here ...
http://www.bleepingcomputer.com/forums/topic18610.html
Post a HJT log to this thread afterwards with an update on how the computer is operating now.
MM
c:\windows\system32\1281931.exe
is there anything else i need to do to remove this last one?
The easiest way to do this last part is it use HijackThis BUT DO NOT change anything in a HJT log until you receive specific advice on it.
Run a HJT scan (don't bother with the "renaming" exercise at this stage; we'll see how the fist scan looks) post the HJT logfile to this thread. More specific removal instructions will follow for that remaining file and any other malware revealed.
Please also give us another update on how the computer is working now.
MM