Virtumonde - watch out for this Trojan

[StickFish]

Nasty little bugger to get rid of. Comes from a bunch of different sources essentially opening a gateway to ad bots and malicious code. In the process of getting it off my system, I learned a bunch about antivirus programs and what had been sitting on my own machine for years.

Over the last 5 years or so I've used Symantec's Internet Security suite, McAfee Spy/antivirus scanner and AVG's antivirus product as well. All of them set to perform routine scans of the entire system.

In the process of getting help from the Spybot forum guru's and running Kaspersky's online scanner and Hijackthis, that there was some 170 plus incidences of e-mail worm code sitting in old e-mail archives besides the nasty regenerating Abetterinternet and Virtumonde and others. I was very surprised that neither of the three programs I had run never found the worms. I was also surprised that CWShredder, RogueRemover, Spybot, Ad aware and what not were unable to get rid of the new trojans.

These things came from Myspace pages that other kids had setup that my oldest visited from my machine. The only thing that kept her system alive upstairs was the Spybot running in immunize mode. Mine was an older version that didn't have that feature (I'd been using Ad Aware downstairs).

Anyhow be careful out there and if you get this bug (or any of the other really nasty critters) the great folks at spybot have a forum site much like this dedicated to helping people out

http://forums.spybot.info/index.php

They are not selling anything at that site so the link should be OK - if not Doh - my bad!

[anglingaddict]

Thanks for that info stickfish! I just went through the whole erase re-load thing the first of the year and I did not enjoy it enough to revisit it anytime soon! I'm running AVG's internet security suite right now and it seems to be doing a good job cleaning up tracking cookies and other things that find their way in when it runs each morning. Updates itself everyday too. I just hope that nothing gets by it!

[baltz526]

spent 5hrs today cleaning and updating my machine. i now have 5 fewer spybots and 4 less adware running on my machine. norton internet security found none of them on fridays full scan. spybot found most of them, aol found 2. UPDATE your software. daily there are new attacks

[StickFish]

Re-run your Spybot scan in Safe mode and see what happens - many times the critters can't get started in safe mode and you can get rid of them. In regular corrupted windows mode, they just morph when spybot or similar products touch them.

I thought I was all good, but when starting spybot and Firefox this am I got a warning from tea timer that a registry entry was changed for macromedia flash - a start up request. That has never happened before.

You really want to see a bug list run Kaspersky's online scanner - you have to use IE for it however

[StickFish]

Well one computer clean. The list of stuff to use to protect your system is pretty immense when you get done.

Lets see

AVG anti virus running
Spybot running in resident mode
Spywarebuster loaded
Comodo BOclean
Winpatrol

They all do something different and that doesn't include the host file change.

The host file redirects calls to sites and IP addresses on their list to 127.0.0.0 which is you own computer.

Spywarebuster uses an extensive list of sites and cookies to not allow IE and or Firefox/mozilla to visit

BOclean is supposed to help with protecting you from ID Theft

Winpatrol monitors your host file from updates.

Last thing is Software firewall - I've not run one for years, been relying on the hardware firewall on my router but that may change.

No off to the Twigs computer - almost two weeks of fidling 1/2 of it working with the folks at spybot

[JustCallMeDave]

[Dave G]

thanks for the info.