Expert: Brian Benosky - 8/14/2008

Question
QUESTION: Hey,
I have a computer with virus etc. I have done a scan with "spyware doctor" (pc tools) but now they must remove the bad things. May I remove all items (browsercookie, registerkey, proces...) (I copied them, see file added) or what must I do? (sorry, I don't speak and write English well.. but dutch)
thank you for your help.
Dorina

ANSWER: Hello Dorina

It is difficult to read, but from what I can see, yes, you should have PCTools remove the listed items.  It looks like you have something called a Virtumonde/Vundo trojan virus, which SpywareDoctor can fix.  I also recommend that you run a scan with Spybot Search and Destroy.  The program has a dutch language version:

http://www.safer-networking.org/nl/home/index.html

Let me know if you need further help.  Good luck or goed geluk!

Brian



---------- FOLLOW-UP ----------

QUESTION: Hello Brian,
First at all: thank you for the quickly answer!!
spyware doctor does that only remove if jou pay. Can it with other "free" tools?
And indeed, it goes about "trojan.virtumonde" but also about the following list:
- backdoor.IRCBot
- Adware.Advertising
- Spyware.known_bad_Sites
- Rogue.Antispyware.AdvancedCleaner
- Trojan.Popuper
- Adware.Component.Unrelated
- Trojan.PSGuard_Desktop_Hijacker
etc...
Can I personally, remove item per item, that spyware doctor shows in the list?
I known "spybot search and destroy", I use that on my PC, but this program don't start at the infected PC (it's one of my friend). So, may I remove all the keys (HKEY_ussers...etc..), all files (C/WindowsSYSTEM32eraseme_52554.exe, etc...), all thats on the list.
Of is there an other free removal programme for all this stuff?
thank you!!

ANSWER: Hello Dorina

No, you should not remove the files manually because of the danger involved in changing the registry if you do not know what you are doing.  Tell your friend to install Spybot (it's free) so it can remove the files.  Also, first use the free VundoFix:

Download Vundo Fix and save it to your desktop:

http://www.atribune.org/ccount/click.php?id=4

When it has completed downloading, double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click the OK button.
When the computer has shutdown, turn your computer back on.

Then you can download Spybot and run a scan that will clean things up.  

Brian

---------- FOLLOW-UP ----------

QUESTION: Dear Brian,
I have done 'Vundo' and also Spybot. Even Bitdefender. Restart the PC, again all...
see image the result of the scans.

Dorina

Answer
Hi Dorina

Here's what I would like for you to do:

Please install HijackThis! by downloading Deckards System Scanner to your desktop from the following link:
http://www.techsupportforum.com/sectools/Deckard/dss.exe
1. Close ALL applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt and extra.txt (this one will be minimized)
4. Copy and paste the contents of main.txt into a follow-up here.

What DSS will do:
* Create a new System Restore point in Windows XP and Vista.
* Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
* Check some important areas of your system and produce a report.  DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

I will look over the log and advise you on how best to clean the computer.

Brian