Massive Amount Of Virus

Hello.


My computer has been infected with a virus for 1 month. After tons of Bitdefender scans, it just didn't go away. At the begining it wasn't very problematic, but now my computer is so slow and there are very annoying bitdefender pop-ups from every ten minutes. There are also many Internet Explorer pop-ups, some of random sites, and others of this antivirus called WinAntivirus or something like that. What I want to know is why Bitdefender doesn't eliminate them; on the report it says that disinfection failed/moved or even worse: disinfection failed/moved failed. I doesn't even know in what moving the virus can help, their still in the computer making trouble right? One of the things that really really worried me (besides having my pc running slow) is that when I tried to make the backup of the system, it only makes me do the backup to after the infection/ making the backup to a day before the infection is impossible. And even Safe mode is messed up! When I acess safe mode a window appears from every 10 seconds saying that I am in safe mode and click "OK" to proceed or "Cancel" (I think it's cancel I don't remeber) to restart the PC. I keep clicking ok for every 10 seconds but there is a time that my PC freezes and I have to restart.


I have a report of my last scan (I know my computer is really messed up with this massive amount of virus but I can't delete them and they keep multiplying) and I'm about to try this method and this one too, but which one should I make first? Use the Processor Monitor to delete the dowloader and then using my XP boot CD to delete the others or use the boot CD first and then eliminate the source with Processor Monitor? Any help is welcome. Oh and tell me what is the point of moving infected files when I use the bitdefender scan.


Thanks.


//-----------------------------------------------------------------


//


// Product: BitDefender 9 Professional Plus


// Version: 9.5


//


// Created on: 26/07/2007 20:29:17


//


//-----------------------------------------------------------------


Statistics


Scan path : C:\


Folders : 6795


Files : 255975


Archives : 1684


Packed files : 12747


Identified viruses : 21


Infected files : 170


Warnings : 0


Suspect files : 0


Disinfected files : 0


Deleted files : 0


Copied files : 0


Moved files : 166


Renamed files : 0


I/O errors : 39


Scan time : 00:57:34


Scan speed (files/sec) : 74


Spyware Statistics


Memory processes scanned : 51


Memory processes infected : 1


Registry keys scanned : 2297


Registry keys infected : 3


Cookies scanned : 64


Cookies infected : 0


Spyware files infected : 2


Spyware threats detected : 1


Virus definitions : 702181


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 6


Mail plugins : 6


System plugins : 5


Scan options


Detection


[X] Scan boot sectors


[X] Scan archives


[X] Scan packed files


[X] Scan email


File mask


[ ] Programs


[X] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Copy to quarantine


[ ] Move to quarantine


[ ] Rename


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[ ] Copy to quarantine


[X] Move to quarantine


[ ] Rename


[ ] Prompt user


Scan options


[X] Enable warnings


[X] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Programas\Softwin\BitDefender9\Logs\vscan_1185478157.log


Spyware scan options


[X] Memory Processes


[X] Registry keys


[X] Cookies


Summary:


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Detected: Trojan.Fotomoto.A


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Detected: Trojan.Fotomoto.A


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Move failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Detected: Trojan.Fotomoto.A


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Disinfection failed


<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\FWYNJNEU.EXE Move failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (memory dump) Detected: Trojan.Fotomoto.A


<System>=>C:\WINDOWS\system32\fwynjneu.exe (memory dump) Disinfection failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (memory dump) Move failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (disk) Infected: Trojan.Fotomoto.A


<System>=>C:\WINDOWS\system32\fwynjneu.exe (disk) Disinfection failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (disk) Move failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (full dump) Infected: Trojan.Fotomoto.A


<System>=>C:\WINDOWS\system32\fwynjneu.exe (full dump) Disinfection failed


<System>=>C:\WINDOWS\system32\fwynjneu.exe (full dump) Move failed


C:\Documents and Settings\HIGHSCREEN\Os meus documentos\My Completed Downloads\WinAntiSpyware2006FreeInstall.exe.dap Infected: Trojan.Downloader.Winfixer.O


C:\Documents and Settings\HIGHSCREEN\Os meus documentos\My Completed Downloads\WinAntiSpyware2006FreeInstall.exe.dap Disinfection failed


C:\Documents and Settings\HIGHSCREEN\Os meus documentos\My Completed Downloads\WinAntiSpyware2006FreeInstall.exe.dap Moved


C:\WINDOWS\system32\abjjfqhj.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\abjjfqhj.exe Disinfection failed


C:\WINDOWS\system32\abjjfqhj.exe Moved


C:\WINDOWS\system32\adaidvns.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\adaidvns.exe Disinfection failed


C:\WINDOWS\system32\adaidvns.exe Moved


C:\WINDOWS\system32\afnwmshi.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\afnwmshi.exe Disinfection failed


C:\WINDOWS\system32\afnwmshi.exe Moved


C:\WINDOWS\system32\aramixue.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\aramixue.dll Disinfection failed


C:\WINDOWS\system32\aramixue.dll Moved


C:\WINDOWS\system32\awtspml.dll Infected: MemScan:Trojan.Virtumonde.IC


C:\WINDOWS\system32\awtspml.dll Disinfection failed


C:\WINDOWS\system32\awtspml.dll Moved


C:\WINDOWS\system32\aydafema.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\aydafema.exe Disinfection failed


C:\WINDOWS\system32\aydafema.exe Moved


C:\WINDOWS\system32\bfgqtlcf.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\bfgqtlcf.exe Disinfection failed


C:\WINDOWS\system32\bfgqtlcf.exe Moved


C:\WINDOWS\system32\bmhqjayk.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\bmhqjayk.exe Disinfection failed


C:\WINDOWS\system32\bmhqjayk.exe Moved


C:\WINDOWS\system32\buqqwoqp.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\buqqwoqp.exe Disinfection failed


C:\WINDOWS\system32\buqqwoqp.exe Moved


C:\WINDOWS\system32\cifydsmh.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\cifydsmh.exe Disinfection failed


C:\WINDOWS\system32\cifydsmh.exe Moved


C:\WINDOWS\system32\ckimucmn.exe Infected: Trojan.LowZones.SA


C:\WINDOWS\system32\ckimucmn.exe Disinfection failed


C:\WINDOWS\system32\ckimucmn.exe Moved


C:\WINDOWS\system32\csfequch.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\csfequch.exe Disinfection failed


C:\WINDOWS\system32\csfequch.exe Moved


C:\WINDOWS\system32\csfhjqkr.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\csfhjqkr.exe Disinfection failed


C:\WINDOWS\system32\csfhjqkr.exe Moved


C:\WINDOWS\system32\cxxmuqsu.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\cxxmuqsu.exe Disinfection failed


C:\WINDOWS\system32\cxxmuqsu.exe Moved


C:\WINDOWS\system32\dbyikvyf.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\dbyikvyf.exe Disinfection failed


C:\WINDOWS\system32\dbyikvyf.exe Moved


C:\WINDOWS\system32\dldfecqb.exe Infected: Trojan.Clicker.Agent.NP


C:\WINDOWS\system32\dldfecqb.exe Disinfection failed


C:\WINDOWS\system32\dldfecqb.exe Moved


C:\WINDOWS\system32\dorjsokx.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\dorjsokx.exe Disinfection failed


C:\WINDOWS\system32\dorjsokx.exe Moved


C:\WINDOWS\system32\dqmjfaor.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\dqmjfaor.exe Disinfection failed


C:\WINDOWS\system32\dqmjfaor.exe Moved


C:\WINDOWS\system32\drvnap.dll Infected: Trojan.Agent.QT


C:\WINDOWS\system32\drvnap.dll Disinfection failed


C:\WINDOWS\system32\drvnap.dll Moved


C:\WINDOWS\system32\dvjxsfvw.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\dvjxsfvw.exe Disinfection failed


C:\WINDOWS\system32\dvjxsfvw.exe Moved


C:\WINDOWS\system32\dwpvmcnv.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\dwpvmcnv.exe Disinfection failed


C:\WINDOWS\system32\dwpvmcnv.exe Moved


C:\WINDOWS\system32\edohjgjg.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\edohjgjg.dll Disinfection failed


C:\WINDOWS\system32\edohjgjg.dll Moved


C:\WINDOWS\system32\efcebbdw.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\efcebbdw.exe Disinfection failed


C:\WINDOWS\system32\efcebbdw.exe Moved


C:\WINDOWS\system32\egsgpqea.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\egsgpqea.exe Disinfection failed


C:\WINDOWS\system32\egsgpqea.exe Moved


C:\WINDOWS\system32\egwsyary.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\egwsyary.dll Disinfection failed


C:\WINDOWS\system32\egwsyary.dll Moved


C:\WINDOWS\system32\emylxukr.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\emylxukr.dll Disinfection failed


C:\WINDOWS\system32\emylxukr.dll Moved


C:\WINDOWS\system32\enosdgih.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\enosdgih.exe Disinfection failed


C:\WINDOWS\system32\enosdgih.exe Moved


C:\WINDOWS\system32\fhoiythl.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\fhoiythl.dll Disinfection failed


C:\WINDOWS\system32\fhoiythl.dll Moved


C:\WINDOWS\system32\fkmycqvv.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\fkmycqvv.exe Disinfection failed


C:\WINDOWS\system32\fkmycqvv.exe Moved


C:\WINDOWS\system32\flojsfhe.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\flojsfhe.exe Disinfection failed


C:\WINDOWS\system32\flojsfhe.exe Moved


C:\WINDOWS\system32\flppjrok.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\flppjrok.exe Disinfection failed


C:\WINDOWS\system32\flppjrok.exe Moved


C:\WINDOWS\system32\fqiiypfu.exe Infected: Trojan.Clicker.Small.YB


C:\WINDOWS\system32\fqiiypfu.exe Disinfection failed


C:\WINDOWS\system32\fqiiypfu.exe Moved


C:\WINDOWS\system32\fsdcnsjk.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\fsdcnsjk.dll Disinfection failed


C:\WINDOWS\system32\fsdcnsjk.dll Moved


C:\WINDOWS\system32\ftjoucno.exe Infected: Trojan.LowZones.SA


C:\WINDOWS\system32\ftjoucno.exe Disinfection failed


C:\WINDOWS\system32\ftjoucno.exe Moved


C:\WINDOWS\system32\ftmyixwq.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\ftmyixwq.exe Disinfection failed


C:\WINDOWS\system32\ftmyixwq.exe Moved


C:\WINDOWS\system32\fwynjneu.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\fwynjneu.exe Disinfection failed


C:\WINDOWS\system32\fwynjneu.exe Moved


C:\WINDOWS\system32\gbdwmtkj.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\gbdwmtkj.dll Disinfection failed


C:\WINDOWS\system32\gbdwmtkj.dll Moved


C:\WINDOWS\system32\gcaugslx.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\gcaugslx.dll Disinfection failed


C:\WINDOWS\system32\gcaugslx.dll Moved


C:\WINDOWS\system32\gglvthau.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\gglvthau.dll Disinfection failed


C:\WINDOWS\system32\gglvthau.dll Moved


C:\WINDOWS\system32\ggtpfyqb.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\ggtpfyqb.exe Disinfection failed


C:\WINDOWS\system32\ggtpfyqb.exe Moved


C:\WINDOWS\system32\gvwxrwbr.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\gvwxrwbr.exe Disinfection failed


C:\WINDOWS\system32\gvwxrwbr.exe Moved


C:\WINDOWS\system32\hbhmidpb.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\hbhmidpb.exe Disinfection failed


C:\WINDOWS\system32\hbhmidpb.exe Moved


C:\WINDOWS\system32\hdijehov.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\hdijehov.dll Disinfection failed


C:\WINDOWS\system32\hdijehov.dll Moved


C:\WINDOWS\system32\hkhgqisb.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\hkhgqisb.dll Disinfection failed


C:\WINDOWS\system32\hkhgqisb.dll Moved


C:\WINDOWS\system32\hnfjnuvs.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\hnfjnuvs.exe Disinfection failed


C:\WINDOWS\system32\hnfjnuvs.exe Moved


C:\WINDOWS\system32\hnjtaves.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\hnjtaves.dll Disinfection failed


C:\WINDOWS\system32\hnjtaves.dll Moved


C:\WINDOWS\system32\hpiodbuq.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\hpiodbuq.exe Disinfection failed


C:\WINDOWS\system32\hpiodbuq.exe Moved


C:\WINDOWS\system32\hqutxfko.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\hqutxfko.dll Disinfection failed


C:\WINDOWS\system32\hqutxfko.dll Moved


C:\WINDOWS\system32\hsaelovm.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\hsaelovm.exe Disinfection failed


C:\WINDOWS\system32\hsaelovm.exe Moved


C:\WINDOWS\system32\iceeqlda.dll Infected: DeepScan:Generic.Virtumonde.2.3B1D42DE


C:\WINDOWS\system32\iceeqlda.dll Disinfection failed


C:\WINDOWS\system32\iceeqlda.dll Moved


C:\WINDOWS\system32\igqwdyhb.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\igqwdyhb.dll Disinfection failed


C:\WINDOWS\system32\igqwdyhb.dll Moved


C:\WINDOWS\system32\imaogctg.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\imaogctg.exe Disinfection failed


C:\WINDOWS\system32\imaogctg.exe Moved


C:\WINDOWS\system32\inkftupx.dll Infected: Trojan.BHO.AR


C:\WINDOWS\system32\inkftupx.dll Disinfection failed


C:\WINDOWS\system32\inkftupx.dll Moved


C:\WINDOWS\system32\ipspsoqi.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\ipspsoqi.exe Disinfection failed


C:\WINDOWS\system32\ipspsoqi.exe Moved


C:\WINDOWS\system32\ivfgtqut.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\ivfgtqut.dll Disinfection failed


C:\WINDOWS\system32\ivfgtqut.dll Moved


C:\WINDOWS\system32\ivkygixo.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\ivkygixo.exe Disinfection failed


C:\WINDOWS\system32\ivkygixo.exe Moved


C:\WINDOWS\system32\j4201437.dll Infected: Trojan.Clicker.Small.YB


C:\WINDOWS\system32\j4201437.dll Disinfection failed


C:\WINDOWS\system32\j4201437.dll Moved


C:\WINDOWS\system32\jdwtxmvk.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\jdwtxmvk.exe Disinfection failed


C:\WINDOWS\system32\jdwtxmvk.exe Moved


C:\WINDOWS\system32\jhhxecrv.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\jhhxecrv.exe Disinfection failed


C:\WINDOWS\system32\jhhxecrv.exe Moved


C:\WINDOWS\system32\kbcwsouq.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\kbcwsouq.exe Disinfection failed


C:\WINDOWS\system32\kbcwsouq.exe Moved


C:\WINDOWS\system32\kbhxgaos.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\kbhxgaos.exe Disinfection failed


C:\WINDOWS\system32\kbhxgaos.exe Moved


C:\WINDOWS\system32\kmrxwrro.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\kmrxwrro.exe Disinfection failed


C:\WINDOWS\system32\kmrxwrro.exe Moved


C:\WINDOWS\system32\kqaqmxsy.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\kqaqmxsy.dll Disinfection failed


C:\WINDOWS\system32\kqaqmxsy.dll Moved


C:\WINDOWS\system32\lcnenmdg.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\lcnenmdg.dll Disinfection failed


C:\WINDOWS\system32\lcnenmdg.dll Moved


C:\WINDOWS\system32\ldusjtgg.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\ldusjtgg.dll Disinfection failed


C:\WINDOWS\system32\ldusjtgg.dll Moved


C:\WINDOWS\system32\lepsmruy.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\lepsmruy.dll Disinfection failed


C:\WINDOWS\system32\lepsmruy.dll Moved


C:\WINDOWS\system32\lesvbpar.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\lesvbpar.exe Disinfection failed


C:\WINDOWS\system32\lesvbpar.exe Moved


C:\WINDOWS\system32\ltfukrpm.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\ltfukrpm.dll Disinfection failed


C:\WINDOWS\system32\ltfukrpm.dll Moved


C:\WINDOWS\system32\lutqcgbb.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\lutqcgbb.exe Disinfection failed


C:\WINDOWS\system32\lutqcgbb.exe Moved


C:\WINDOWS\system32\lvpjxwjh.dll Infected: Trojan.BHO.AR


C:\WINDOWS\system32\lvpjxwjh.dll Disinfection failed


C:\WINDOWS\system32\lvpjxwjh.dll Moved


C:\WINDOWS\system32\lwvctqxv.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\lwvctqxv.exe Disinfection failed


C:\WINDOWS\system32\lwvctqxv.exe Moved


C:\WINDOWS\system32\lydbgawc.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\lydbgawc.exe Disinfection failed


C:\WINDOWS\system32\lydbgawc.exe Moved


C:\WINDOWS\system32\mddfbvkp.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\mddfbvkp.exe Disinfection failed


C:\WINDOWS\system32\mddfbvkp.exe Moved


C:\WINDOWS\system32\mfoojrpt.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\mfoojrpt.dll Disinfection failed


C:\WINDOWS\system32\mfoojrpt.dll Moved


C:\WINDOWS\system32\miusttdc.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\miusttdc.dll Disinfection failed


C:\WINDOWS\system32\miusttdc.dll Moved


C:\WINDOWS\system32\mjihvqdy.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\mjihvqdy.dll Disinfection failed


C:\WINDOWS\system32\mjihvqdy.dll Moved


C:\WINDOWS\system32\mjmaojxc.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\mjmaojxc.exe Disinfection failed


C:\WINDOWS\system32\mjmaojxc.exe Moved


C:\WINDOWS\system32\mjpajrgk.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\mjpajrgk.exe Disinfection failed


C:\WINDOWS\system32\mjpajrgk.exe Moved


C:\WINDOWS\system32\mnshdmon.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\mnshdmon.exe Disinfection failed


C:\WINDOWS\system32\mnshdmon.exe Moved


C:\WINDOWS\system32\mrgorslw.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\mrgorslw.exe Disinfection failed


C:\WINDOWS\system32\mrgorslw.exe Moved


C:\WINDOWS\system32\naliaksw.dll Infected: GenPack:Trojan.Vundo.DLZ


C:\WINDOWS\system32\naliaksw.dll Disinfection failed


C:\WINDOWS\system32\naliaksw.dll Moved


C:\WINDOWS\system32\nawammqp.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\nawammqp.exe Disinfection failed


C:\WINDOWS\system32\nawammqp.exe Moved


C:\WINDOWS\system32\nbfiibqn.dll Infected: DeepScan:Generic.Virtumonde.2.3B1D42DE


C:\WINDOWS\system32\nbfiibqn.dll Disinfection failed


C:\WINDOWS\system32\nbfiibqn.dll Moved


C:\WINDOWS\system32\nbhyqeby.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\nbhyqeby.exe Disinfection failed


C:\WINDOWS\system32\nbhyqeby.exe Moved


C:\WINDOWS\system32\nellgokb.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\nellgokb.dll Disinfection failed


C:\WINDOWS\system32\nellgokb.dll Moved


C:\WINDOWS\system32\nkgfnhal.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\nkgfnhal.exe Disinfection failed


C:\WINDOWS\system32\nkgfnhal.exe Moved


C:\WINDOWS\system32\nklwicyh.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\nklwicyh.exe Disinfection failed


C:\WINDOWS\system32\nklwicyh.exe Moved


C:\WINDOWS\system32\nmdxkbkp.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\nmdxkbkp.dll Disinfection failed


C:\WINDOWS\system32\nmdxkbkp.dll Moved


C:\WINDOWS\system32\nmpeyiih.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\nmpeyiih.dll Disinfection failed


C:\WINDOWS\system32\nmpeyiih.dll Moved


C:\WINDOWS\system32\nojriirf.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\nojriirf.dll Disinfection failed


C:\WINDOWS\system32\nojriirf.dll Moved


C:\WINDOWS\system32\nsvkafys.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\nsvkafys.exe Disinfection failed


C:\WINDOWS\system32\nsvkafys.exe Moved


C:\WINDOWS\system32\oassedqt.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\oassedqt.exe Disinfection failed


C:\WINDOWS\system32\oassedqt.exe Moved


C:\WINDOWS\system32\oavnfqpm.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\oavnfqpm.dll Disinfection failed


C:\WINDOWS\system32\oavnfqpm.dll Moved


C:\WINDOWS\system32\oflhhfhw.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\oflhhfhw.exe Disinfection failed


C:\WINDOWS\system32\oflhhfhw.exe Moved


C:\WINDOWS\system32\ogwhilth.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\ogwhilth.exe Disinfection failed


C:\WINDOWS\system32\ogwhilth.exe Moved


C:\WINDOWS\system32\oswijbyw.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\oswijbyw.dll Disinfection failed


C:\WINDOWS\system32\oswijbyw.dll Moved


C:\WINDOWS\system32\owwycrpa.dll Infected: Trojan.Vundo.DLV


C:\WINDOWS\system32\owwycrpa.dll Disinfection failed


C:\WINDOWS\system32\owwycrpa.dll Moved


C:\WINDOWS\system32\pfiyleik.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\pfiyleik.exe Disinfection failed


C:\WINDOWS\system32\pfiyleik.exe Moved


C:\WINDOWS\system32\pfspooum.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\pfspooum.exe Disinfection failed


C:\WINDOWS\system32\pfspooum.exe Moved


C:\WINDOWS\system32\pjgeineo.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\pjgeineo.exe Disinfection failed


C:\WINDOWS\system32\pjgeineo.exe Moved


C:\WINDOWS\system32\pjkcbbnm.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\pjkcbbnm.exe Disinfection failed


C:\WINDOWS\system32\pjkcbbnm.exe Moved


C:\WINDOWS\system32\pkpdntds.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\pkpdntds.exe Disinfection failed


C:\WINDOWS\system32\pkpdntds.exe Moved


C:\WINDOWS\system32\pmeeddjw.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\pmeeddjw.exe Disinfection failed


C:\WINDOWS\system32\pmeeddjw.exe Moved


C:\WINDOWS\system32\pmnlj.dll Infected: Trojan.Vundo.DLW


C:\WINDOWS\system32\pmnlj.dll Disinfection failed


C:\WINDOWS\system32\pmosooqs.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\pmosooqs.exe Disinfection failed


C:\WINDOWS\system32\pmosooqs.exe Moved


C:\WINDOWS\system32\popoqtkh.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\popoqtkh.exe Disinfection failed


C:\WINDOWS\system32\popoqtkh.exe Moved


C:\WINDOWS\system32\priasflo.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\priasflo.dll Disinfection failed


C:\WINDOWS\system32\priasflo.dll Moved


C:\WINDOWS\system32\qavqogqh.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\qavqogqh.dll Disinfection failed


C:\WINDOWS\system32\qavqogqh.dll Moved


C:\WINDOWS\system32\qccqsfey.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\qccqsfey.dll Disinfection failed


C:\WINDOWS\system32\qccqsfey.dll Moved


C:\WINDOWS\system32\qdabltih.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\qdabltih.dll Disinfection failed


C:\WINDOWS\system32\qdabltih.dll Moved


C:\WINDOWS\system32\qfkvefsr.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\qfkvefsr.dll Disinfection failed


C:\WINDOWS\system32\qfkvefsr.dll Moved


C:\WINDOWS\system32\qjhgcouv.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\qjhgcouv.dll Disinfection failed


C:\WINDOWS\system32\qjhgcouv.dll Moved


C:\WINDOWS\system32\qkfjypwn.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\qkfjypwn.exe Disinfection failed


C:\WINDOWS\system32\qkfjypwn.exe Moved


C:\WINDOWS\system32\quwdexeo.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\quwdexeo.exe Disinfection failed


C:\WINDOWS\system32\quwdexeo.exe Moved


C:\WINDOWS\system32\qxariyiw.dll Infected: Trojan.JuanSearch.A


C:\WINDOWS\system32\qxariyiw.dll Disinfection failed


C:\WINDOWS\system32\qxariyiw.dll Moved


C:\WINDOWS\system32\qxijqlqk.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\qxijqlqk.dll Disinfection failed


C:\WINDOWS\system32\qxijqlqk.dll Moved


C:\WINDOWS\system32\rbxgjbvw.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\rbxgjbvw.dll Disinfection failed


C:\WINDOWS\system32\rbxgjbvw.dll Moved


C:\WINDOWS\system32\rgjhwgcj.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\rgjhwgcj.exe Disinfection failed


C:\WINDOWS\system32\rgjhwgcj.exe Moved


C:\WINDOWS\system32\rhjkpbag.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\rhjkpbag.exe Disinfection failed


C:\WINDOWS\system32\rhjkpbag.exe Moved


C:\WINDOWS\system32\rlglqxmf.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\rlglqxmf.dll Disinfection failed


C:\WINDOWS\system32\rlglqxmf.dll Moved


C:\WINDOWS\system32\rsejagfk.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\rsejagfk.exe Disinfection failed


C:\WINDOWS\system32\rsejagfk.exe Moved


C:\WINDOWS\system32\rsgojdsa.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\rsgojdsa.exe Disinfection failed


C:\WINDOWS\system32\rsgojdsa.exe Moved


C:\WINDOWS\system32\rufntcmu.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\rufntcmu.dll Disinfection failed


C:\WINDOWS\system32\rufntcmu.dll Moved


C:\WINDOWS\system32\saeiwfaf.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\saeiwfaf.exe Disinfection failed


C:\WINDOWS\system32\saeiwfaf.exe Moved


C:\WINDOWS\system32\svfqsibr.dll Infected: Trojan.BHO.BP


C:\WINDOWS\system32\svfqsibr.dll Disinfection failed


C:\WINDOWS\system32\svfqsibr.dll Moved


C:\WINDOWS\system32\svuyiwdh.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\svuyiwdh.dll Disinfection failed


C:\WINDOWS\system32\svuyiwdh.dll Moved


C:\WINDOWS\system32\swxiyssf.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\swxiyssf.dll Disinfection failed


C:\WINDOWS\system32\swxiyssf.dll Moved


C:\WINDOWS\system32\tjxdhsuq.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\tjxdhsuq.dll Disinfection failed


C:\WINDOWS\system32\tjxdhsuq.dll Moved


C:\WINDOWS\system32\tpgvglbn.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\tpgvglbn.exe Disinfection failed


C:\WINDOWS\system32\tpgvglbn.exe Moved


C:\WINDOWS\system32\tqqvfvrr.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\tqqvfvrr.exe Disinfection failed


C:\WINDOWS\system32\tqqvfvrr.exe Moved


C:\WINDOWS\system32\ucrvivev.dll Infected: Trojan.Vundo.DLV


C:\WINDOWS\system32\ucrvivev.dll Disinfection failed


C:\WINDOWS\system32\ucrvivev.dll Moved


C:\WINDOWS\system32\udaxywjl.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\udaxywjl.exe Disinfection failed


C:\WINDOWS\system32\udaxywjl.exe Moved


C:\WINDOWS\system32\udemlnyf.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\udemlnyf.dll Disinfection failed


C:\WINDOWS\system32\udemlnyf.dll Moved


C:\WINDOWS\system32\udumpxmq.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\udumpxmq.dll Disinfection failed


C:\WINDOWS\system32\udumpxmq.dll Moved


C:\WINDOWS\system32\uiljcytq.dll Infected: MemScan:Trojan.BHO.BM


C:\WINDOWS\system32\uiljcytq.dll Disinfection failed


C:\WINDOWS\system32\uiljcytq.dll Moved


C:\WINDOWS\system32\usiqoscr.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\usiqoscr.exe Disinfection failed


C:\WINDOWS\system32\usiqoscr.exe Moved


C:\WINDOWS\system32\uvdeylqo.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\uvdeylqo.dll Disinfection failed


C:\WINDOWS\system32\uvdeylqo.dll Moved


C:\WINDOWS\system32\vkjwjhwh.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\vkjwjhwh.exe Disinfection failed


C:\WINDOWS\system32\vkjwjhwh.exe Moved


C:\WINDOWS\system32\vrmmyqdq.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\vrmmyqdq.exe Disinfection failed


C:\WINDOWS\system32\vrmmyqdq.exe Moved


C:\WINDOWS\system32\vtwsdfym.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\vtwsdfym.dll Disinfection failed


C:\WINDOWS\system32\vtwsdfym.dll Moved


C:\WINDOWS\system32\vudhepue.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\vudhepue.dll Disinfection failed


C:\WINDOWS\system32\vudhepue.dll Moved


C:\WINDOWS\system32\vvrrwovw.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\vvrrwovw.exe Disinfection failed


C:\WINDOWS\system32\vvrrwovw.exe Moved


C:\WINDOWS\system32\wchmulxu.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\wchmulxu.dll Disinfection failed


C:\WINDOWS\system32\wchmulxu.dll Moved


C:\WINDOWS\system32\wcuqaiju.dll Infected: Trojan.Vundo.DLV


C:\WINDOWS\system32\wcuqaiju.dll Disinfection failed


C:\WINDOWS\system32\wcuqaiju.dll Moved


C:\WINDOWS\system32\wcvbyumv.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wcvbyumv.exe Disinfection failed


C:\WINDOWS\system32\wcvbyumv.exe Moved


C:\WINDOWS\system32\wmtynclr.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wmtynclr.exe Disinfection failed


C:\WINDOWS\system32\wmtynclr.exe Moved


C:\WINDOWS\system32\wocupnuo.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wocupnuo.exe Disinfection failed


C:\WINDOWS\system32\wocupnuo.exe Moved


C:\WINDOWS\system32\wovnvevl.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\wovnvevl.exe Disinfection failed


C:\WINDOWS\system32\wovnvevl.exe Moved


C:\WINDOWS\system32\wpfeoanc.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wpfeoanc.exe Disinfection failed


C:\WINDOWS\system32\wpfeoanc.exe Moved


C:\WINDOWS\system32\wsdkcwsu.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wsdkcwsu.exe Disinfection failed


C:\WINDOWS\system32\wsdkcwsu.exe Moved


C:\WINDOWS\system32\wvyxpecb.exe Infected: Trojan.LowZones.SA


C:\WINDOWS\system32\wvyxpecb.exe Disinfection failed


C:\WINDOWS\system32\wvyxpecb.exe Moved


C:\WINDOWS\system32\wydahyal.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\wydahyal.exe Disinfection failed


C:\WINDOWS\system32\wydahyal.exe Moved


C:\WINDOWS\system32\wyvrbunc.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\wyvrbunc.exe Disinfection failed


C:\WINDOWS\system32\wyvrbunc.exe Moved


C:\WINDOWS\system32\xctulmwk.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\xctulmwk.exe Disinfection failed


C:\WINDOWS\system32\xctulmwk.exe Moved


C:\WINDOWS\system32\xkdcjmso.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\xkdcjmso.dll Disinfection failed


C:\WINDOWS\system32\xkdcjmso.dll Moved


C:\WINDOWS\system32\xoktgttv.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\xoktgttv.exe Disinfection failed


C:\WINDOWS\system32\xoktgttv.exe Moved


C:\WINDOWS\system32\xxtdeajm.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\xxtdeajm.exe Disinfection failed


C:\WINDOWS\system32\xxtdeajm.exe Moved


C:\WINDOWS\system32\xxyywxv.dll Infected: Trojan.Virtumod.OV


C:\WINDOWS\system32\xxyywxv.dll Disinfection failed


C:\WINDOWS\system32\xykoihjg.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\xykoihjg.dll Disinfection failed


C:\WINDOWS\system32\xykoihjg.dll Moved


C:\WINDOWS\system32\yajbhkwy.exe Detected: Adware.Virtumonde.SY


C:\WINDOWS\system32\yajbhkwy.exe Disinfection failed


C:\WINDOWS\system32\yajbhkwy.exe Moved


C:\WINDOWS\system32\ydlrwqjk.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\ydlrwqjk.dll Disinfection failed


C:\WINDOWS\system32\ydlrwqjk.dll Moved


C:\WINDOWS\system32\yekiqttj.exe Infected: Trojan.Fotomoto.A


C:\WINDOWS\system32\yekiqttj.exe Disinfection failed


C:\WINDOWS\system32\yekiqttj.exe Moved


C:\WINDOWS\system32\yesmfhdr.dll Detected: Adware.Virtumonde.GFA


C:\WINDOWS\system32\yesmfhdr.dll Disinfection failed


C:\WINDOWS\system32\yesmfhdr.dll Moved


C:\WINDOWS\system32\ynxvfvvl.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\ynxvfvvl.dll Disinfection failed


C:\WINDOWS\system32\ynxvfvvl.dll Moved


C:\WINDOWS\system32\ytnrcmdu.dll Infected: Trojan.JuanSearch.B


C:\WINDOWS\system32\ytnrcmdu.dll Disinfection failed


C:\WINDOWS\system32\ytnrcmdu.dll Moved


C:\WINDOWS\Temp\mst844.tmp Infected: Trojan.Agent.QT


C:\WINDOWS\Temp\mst844.tmp Disinfection failed


C:\WINDOWS\Temp\mst844.tmp Moved


C:\WINDOWS\Temp\win83A.tmp.exe Infected: Trojan.Agent.AAGG


C:\WINDOWS\Temp\win83A.tmp.exe Disinfection failed


C:\WINDOWS\Temp\win83A.tmp.exe Moved

Comments

  • Niels
    Niels
    edited July 2007

    Hello Luis C. Martins


    You should first have to find the source. So follow first the second link.


    Can you please do this go to start,run,at the run dialog box type services.msc press enter. Take a look if you can find a service called FWYNJNEU. If present doubleclick on it and and choose by startup type for disabled and press on stop.Don't forget to press on apply and ok. Moving means placing it in quarantaine so the file can't be executed anymore. I recommend that you download also superantispyware: http://downloads2.superantispyware.com/dow...AntiSpyware.exe Update it. Reboot your pc into safe mode by rebooting your pc and press several times on the F8 button before the windows loading screen and choose safe mode. After that start superantispyware and perform a complete scan.


    Regards


    Niels

  • Thanks for the reply Niels, I know now what moving infected files means. However I'm having trouble with other things now.


    - I didn't find any "downloader", "winfixer", "trojan" or".exe.dap" or even the path of the infected file in the Processor Monitor filters. (I think the downloader is the Trojan.Downloader.Winfixer.O, as you can see in the report in my first post).


    - I booted the XP CD but I couldn't delete the files; It says the acess is denied or the parameter is incorrect. The same happens with the commands given (attrib -H; attrib -R; attrib -S). And... if that actually worked, should I had to do it with all those virus? There are alot of them...


    - No. There wasn't any service called FWYNJNEU.


    - I haven't tried that superantispyware yet, and I think it is a meaningless effort, because like I said in my first post, I can't do anything in safe mode.


    Thanks is advance...

  • You should try superantispyware in Safe Mode. Safe Mode should work. Reboot your PC and before WinXP boot screen appears press F8 many times. A menu should appear. Choose "Safe mode". You should do a scan both with BD and SuperAntispyware. To scan with BD, type in the following command in prompt:


    cd C:\Program Files\Common Files\Softwin\BitDefender Scan Server


    than


    bdc /f /b /r /i /G /N /p


    Andrei

  • Hello Luis C. Martins


    Did you also tried the administrator account in safe mode? Try to run also superantispyware in normal mode.You can also choose for that. I suggest that you also do this go to start,run,at the run dialog box type regedit press enter now press on +-icon before: HKEY_LOCAL_MACHINE and navigate to the follow folders and subfolders: CURRENTCONTROLSET\SERVICES\DOMAINSERVICE that isn't a default regitry entry. So delete it by leftclicking on it and choose delete. Or if it fails rightclick on it and choose rights and see that everything is allowed. Take also a look here go to start,run,at the run dialog box type msconfig press enter. Go to the latest tab called start up/boot and see if you can find any reference to malware you can use this site: http://castlecops.com/StartupList.html you have to enter the name under item for booting. If you see an N or X uncheck the item. After that go also to start,all programs,start up and remove any unknown entries with strange name. Go back to the registry and navigate to the following key HKEY_LOCAL_MACHINE and open the following folder and subfolders: software,microsoft,windows,currentversion,run. All start up items are displayed at the right side. You have to enter them also on the website. If suspecious delete them by selecting them and press on delete.


    Regards


    Niels

  • vlad
    edited July 2007

    I've sent you a removal tool for Virtumonde by PM. Please run it and post a new scan log.


    /LE:


    WinAntiSpyware is actually an adware/spyware.


    The service Niels mentioned should be called DOMAINSERVICE.

  • Niels
    Niels
    edited July 2007

    winantispyware is a rogue antispyware : http://www.malwarebytes.org/database.php?id=296


    Sorry that I gave the wrong name for the service you have to stop.


    Niels


    Thanks vlad for correcting me.

  • First things first, let me thank you all for the help, it is really working. Niels, I have done everything you told me and now my PC is running fast. I went to castlecops.com to see if there were any reference to malware and there were about 15, which I unmarked them. I went to that regedit thing and deleted the folder called DomainService in Currentcontrolset/Services. I also installed Superantispyware and made to scans: one in normal mode and other in safe mode. The first one (normal mode) revealed 65 threats, and the second one (safe mode) revealed only 2 (I went to the Administrator account in safe mode which worked. Thanks.). Thank you vlad for giving me the direct link to the removal tool, which it wasn't necessary because I used it after the two Superantispyware scans and the system was already clean.


    I am now doing a Bitdefender scan to see if there's still something here, and it revealed 2 Virtumonde adware already, however when I use the Virtumonde removal tool it says that the system is clean. Is there something wrong?


    Anyways the bitdefender and Internet Explorer pop-ups are over and my computer is running normal now, and I am really glad for it. When the bitdefender scan is over, I will post the report here so you can look at the 2 Virtumonde adware that I was talking about.


    Thank you very much,


    Luis

  • The removal tool is generic, so it can't detect all possible Virtumonde versions. To remove the ones that escaped, try following the steps here: http://forum.bitdefender.com/index.php?showtopic=1054 . Unlocker will fail on Virtumonde, and Safe Mode doesn't help either. You can also try this tool which Mieke recommmended: http://www.atribune.org/ccount/click.php?id=4. If it's possible to upload the Virtumonde variants here, please do so, and I'll forward them to the person who maintains our removal tool.

  • Niels
    Niels
    edited July 2007

    Hello Luis C. Martins


    It could be that some of the infections are also attachted to your system restore. So I suggest that you do this also go to start,my computer,rightclick on my computer choose properties,system restore,check the option disable system restore on all stations and confirm the message. After you done that uncheck it again and do not forget to confirm by pressing on apply and ok. You have to wait till vlad response because I don't know which removal he sended to you. There are more than one removal tool. Clear also the temp files. You can use ccleaner for it : http://www.filehippo.com/download/751ed683...ebaab/download/


    Do not forget to uncheck yahoo toolbar during installation. Adn use the cleanup option and also the problem option. Fix every problem that is founded.


    Glad that we could assist you.


    I've uploaded a removal tool : http://www.verzend.be/v/2957210/Virtumonde_Remover.exe.html


    Regards


    Niels

  • LUISCMARTINS
    edited July 2007

    Ok the Bitdefender scan just ended and there are a total of 4 virus in my Computer. Niels thank you for CCleaner.


    The removal tool vlad sent me is Anti-Adwre.Virtumonde.GenEN, but I also tried yours and Mieke's and none of them revealed anything.


    vlad I would like to submit my samples but I don't find the files in the paths that the scan shows. There are lots of hidden files in quarantine's folder, but none of them the last 2 virus showed on the scan. After using CCleaner my temp folder has only 5 files now, which I can't delete now, but I think they are not virus because I scaned the temp folder and it revealed nothing.


    So I am about to try Niels method or the one in the link given by vlad.


    Anyways here is my last scan results:


    [ ] Delete


    [ ] Copy to quarantine


    [X] Move to quarantine


    [ ] Rename


    [ ] Prompt user


    Scan options


    [X] Enable warnings


    [X] Enable heuristics


    [ ] Show all files in log


    [X] Report file: C:\Programas\Softwin\BitDefender9\Logs\vscan_1185552937.log


    Spyware scan options


    [X] Memory Processes


    [X] Registry keys


    [X] Cookies


    Summary:


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\jwlfipuh.exe Detected: Adware.Virtumonde.SY


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\jwlfipuh.exe Disinfection failed


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\jwlfipuh.exe Moved


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\pdperjkc.exe Detected: Adware.Virtumonde.SY


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\pdperjkc.exe Disinfection failed


    C:\Documents and Settings\HIGHSCREEN\Definições locais\Temp\pdperjkc.exe Moved


    C:\Programas\Softwin\BitDefender9\Quarantine\iceeqlda.dll Infected: DeepScan:Generic.Virtumonde.2.3B1D42DE


    C:\Programas\Softwin\BitDefender9\Quarantine\iceeqlda.dll Disinfection failed


    C:\Programas\Softwin\BitDefender9\Quarantine\qxariyiw.dll Infected: Trojan.JuanSearch.A


    C:\Programas\Softwin\BitDefender9\Quarantine\qxariyiw.dll Disinfection failed

  • Hello Luis C. Martins


    You don't have to worry abou these entries:


    C:\Programas\Softwin\BitDefender9\Quarantine\iceeqlda.dll Because BitDefender detects them in the Quarantine folder. If you run ccleaner normally than all the temp files also the one mentionned in the scan report will be deleted.


    Regards


    Niels

  • miekiemoes
    edited July 2007
    If it's possible to upload the Virtumonde variants here, please do so, and I'll forward them to the person who maintains our removal tool.


    Collected and attached some undetected samples (recent ones) from different computers.


    I assume ConHook variants are also targetted by the removal tool?


    /applications/core/interface/file/attachment.php?id=379" data-fileid="379" rel="">Vundo_ConHook.zip

  • Yes I made another Bitdefender scan after using CCleaner, and seems that my computer is finally clean.


    Thank you all for the help.

  • Glad that we could help you.


    Don't hesitate when you have further questions.


    Niels