Adware.virtumonde.gfr, Memscan:trojan.virtumod.ama, Trojan.spy.vbstat.b

Hello friends,


I accidentaly found this infected file which was run by me by mistake. The report of the scan by bitdefender is as under


//-----------------------------------------------------------------
//
//    Product BitDefender Internet Security v10
//    Product 10.2
//
//    Created on:    22/08/2007    16:05:28
//
//-----------------------------------------------------------------


Virus Statistics

Scan path    : C:\WINDOWS
        C:\Program Files
Folders    : 4737
Files    :  47677
Memory processes scanned    : 0
Archives    : 2
Runtime packers    : 4956
Identified viruses    : 3
Infected files    : 3
Memory processes infected    : 0
Suspect files    : 0
Warnings    : 0
Disinfected files    : 0
Deleted files    : 1
Moved files    : 0
I/O errors    : 0
Scan time    : 00:14:11
Scan speed (files/sec)    : 56

Virus definitions    : 814150
Scan plugins    : 16
Archive plugins    : 40
Unpack plugins    : 6
Mail plugins    : 6
System plugins    : 5

Virus scan options

Detection
[X] Scan boot sectors
[ ] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[X] Programs
[ ] All files
[ ] User defined extensions:
[ ] Exclude extensions:;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[ ] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\quick_scan\1187778928.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[ ] Registry keys
[ ] Cookies


Summary:

C:\WINDOWS\system32\fmoqawww.dll    Infected: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\fmoqawww.dll    Deleted
C:\WINDOWS\system32\geeba.dll    Detected: Adware.Virtumonde.GFR
C:\WINDOWS\system32\geeba.dll    Disinfection failed
C:\WINDOWS\system32\geeba.dll    Move failed
C:\WINDOWS\system32\yaywxww.dll    Infected: MemScan:Trojan.Virtumod.AMA
C:\WINDOWS\system32\yaywxww.dll    Disinfection failed
C:\WINDOWS\system32\yaywxww.dll    Move failed


I run it several times but i am not able to remove it. Please check it and inform me how i could get rid of the same.


Thanks


Jyot

Comments

  • Niels
    Niels
    edited August 2007

    Hello jchemie


    I suggest that you use BitDefender rescue cd-rom or running BitDefender in safe mode. Put in your installation disc of BitDefender. Boot your pc with the cd-rom inside. You have first to change the boot sequence in your BIOS. So you must change that first will be looked at your cd-rom,hard disc. You can change that when you see the BIOS screen. To enter the BIOS try to press delete or the key that is displayed.


    When you see a screen with LinuxDefender on press on enter.Double click on install NTFS Write Drivers. Press first on BitDefender remote admin and then on update now After that rightclick on the folder you want to scan and choose send to , BitDefender scanner you can also press on configure antivirus. If the scan is finished you have to do this rightclick on the partition icons and choose for unmount and exit.


    To run BitDefender in safe mode take a look at this topic


    Download also superantispyware


    Install it perform an update. Reboot your pc and press several times on the F8 button before the windows loading screen choose for safe mode press enter. Log in with your account start,superantispyware and perform a complete scan. After the scan is finished reboot your pc.


    In normal mode start BitDefender again and perform a deepscan and post the scan report.


    Regards


    Niels

  • Hi neils,


    I have downloaded a trial from bitdefender so i dont have the rescue CD. I will try out the superantispyware method.


    Thanks


    Hello jchemie


    I suggest that you use BitDefender rescue cd-rom or running BitDefender in safe mode. Put in your installation disc of BitDefender. Boot your pc with the cd-rom inside. You have first to change the boot sequence in your BIOS. So you must change that first will be looked at your cd-rom,hard disc. You can change that when you see the BIOS screen. To enter the BIOS try to press delete or the key that is displayed.


    When you see a screen with LinuxDefender on press on enter.Double click on install NTFS Write Drivers. Press first on BitDefender remote admin and then on update now After that rightclick on the folder you want to scan and choose send to , BitDefender scanner you can also press on configure antivirus. If the scan is finished you have to do this rightclick on the partition icons and choose for unmount and exit.


    To run BitDefender in safe mode take a look at this topic


    Download also superantispyware


    Install it perform an update. Reboot your pc and press several times on the F8 button before the windows loading screen choose for safe mode press enter. Log in with your account start,superantispyware and perform a complete scan. After the scan is finished reboot your pc.


    In normal mode start BitDefender again and perform a deepscan and post the scan report.


    Regards


    Niels

  • Hello jchemie


    You can download the rescue cd-rom also here


    You have to burn it as a bootable disc in your burn package. Then you can follow my further instructions.


    Regards


    Niels