Malware - HALP!

[Million]

Hi all,

I have been struggling with my first installation of vista, as I managed in the space of a week or so to get a whole load of trojans and assorted malware (I think an infected zip file and possibly a fake adobe reader download, but IDK). Anyhow, I seem to have gotten rid of it using AVG free, SpyBot S&D and CCleaner, however SpyBot still picks up Virtumonde.

I've done a bit of reading on virtumonde, and it seems like it's a persistent bugger. I wondered if anyone has any advice for me on good tools or methods to use. All replies are valued!

Thanks

[Will404]

Try a free trial of something like Kaspersky Internet Security Suite 2009 free trial in safe mode, and uninstall all other security software, and use that to kill virtumonde

[Betty_Swallocks]

TBH if your installation is only a week old you can't have anything on there that you can't reinstall so I'd just format and reinstall Windows. You can spend days chasing down remnants of these nasty things and still miss some but a rebuild takes only a couple of hours and I don't know any virus or malware that can survive a format.

[Splash]

Would you by any chance have disabled UAC?

[Saracen]

TBH if your installation is only a week old you can't have anything on there that you can't reinstall so I'd just format and reinstall Windows. You can spend days chasing down remnants of these nasty things and still miss some but a rebuild takes only a couple of hours and I don't know any virus or malware that can survive a format.

Agreed. When I'm building a new machine, my strategy is :-

1) Plan it. Collect all the software I need for a base build.
2) Download the latest versions of AV software, firewall, etc if I don't already have them
3) Stick them all on a CD or DVD
4) Once built, ensure PC isn't connected to my network
5) Install OS, install TrueImage
6) Install security software (firewall, AV software, Anti-Malware progs, etc)
7) Install main utilities (Acrobat, Firefox, WinRAR, FTP software, etc)
8) Install basic software suites (MS Office, Photoshop, Coreldraw, etc)
9) Run TrueImage and take a backup, then vreate TrueImage boot disc (if needed)

At that point, I can always restore the PC to that "start point" by formatting and reloading the image file.

I've often found that if I get some nasty in PC infection, which to be honest, very rarely happens to me (these days) because I'm selective about what I install, only use legit versions and am careful about what websites I visit) I never quite feel I can trust a system if I just clean whatever nasty it was out. I'm always wondering if I got it all, or whether it left some system files laying around, whether it adversely affected performance by overwriting other system files, etc.

Years ago, I spend a fair bit of time chasing my tail trying to get rid of nasties, mainly because I was determined to beat the little beggars. These days, I just want my system back ASAP and with the absolute minimum of time and effort. I'd rather be working, lurking about on Hexus (or a couple of other places), browsing the web, etc than screwing around trying to disinfect my PC, so I plan ahead, and find that a bit of preventative time can save a lot of hassle and frustration after something bites me.

If I had a system that was relatively clean, I'd rather redo it from scratch and have the peace of mind, than scrabble around trying to undo a problem, and never be entirely sure I'd thoroughly got it all. of course, that's just be being careful and lazy.

[Million]

Would you by any chance have disabled UAC?

Ummm... maybe, just for a short while. Why?

As for the format and fresh install - yes, I could do that, it's just I'm at uni now, and the OS disk is at home so it's a bit of a pain. I do know what you mean about not being able to trust your machine though!

I used malwarebytes in safe mode, and then scanned with spybot, and it seemed that virtumonde had gone, but on normal startup I get spybot giving me a warning about a registry entry in C:\Users\\AppData\Roaming\Adobe\Manager.exe. Now when I try to navigate to this location, the adobe folder concerned appears to have nothing of the sort in it.

What i'm wondering is if this is spyware re-writing itself into the registry, or if it's SpyBot picking up a regular program activity... I think it's probably still the sodding spyware

[Will404]

Uninstall adobe reader?