1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Leftover Virtumonde trash

Discussion in 'Virus & Other Malware Removal' started by texmedic49, Sep 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. noahdfear

    noahdfear Malware Specialist

    Joined:
    Nov 20, 2003
    Messages:
    144
    Yes, you can dual boot Windows and Ubuntu, and you can keep your data intact. The data partition will be resized (shrunk) so that a new partition can be created for Ubuntu. It can be done automatically via the Ubuntu Live CD.

    https://help.ubuntu.com/community/WindowsDualBoot
     
  2. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    So I have something to report: Kavscan crashed 3 times due to Java fatal errors. Any suggestions? I am going to try running it in Knoppix, just to see if I have any luck going at it that way, I figure it can't hurt at this point.
     
  3. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Oh, and thanks, I'll have to check that out, hadn't really thought about until last night. I now see the usefulness of having two different operating systems.
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Try just scanning the following folders:

    system32
    drivers
    windows

    no sub-folders

    save each log individually
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    before you start the scan again
    are you able to navigate to the combofix log, I'd like to see what it deleted

    it should be located at c:\combofix.txt or c:\qoobox\combofix.txt

    if there is no log, can you see the contents of c:\qoobox > what has been deleted
     
  6. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Funny you should ask, I'm looking at it right now. Let me switch machines and I'll post it up, it did find several things, some known to me, and some unknown. I am beginning to think my Knoppix idea was a poor one, don't know if is actually going to work. Iceweasel locks up like a champ after the certificate prompt. I'll let it sit for a few minutes and see what happens.
     
  7. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    2010-09-21 14:04:16 . 2010-09-21 14:04:16 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-WebCheck-.reg.dat
    2010-09-21 14:04:08 . 2010-09-21 14:04:08 149 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-28e0bf1e.reg.dat
    2010-09-21 14:04:07 . 2010-09-21 14:04:07 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-mudajaloyo.old.reg.dat
    2010-09-21 14:04:03 . 2010-09-21 14:04:03 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E}.reg.dat
    2010-09-21 13:51:10 . 2010-09-21 13:51:10 810 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAS.reg.dat
    2010-09-21 13:50:58 . 2010-09-21 13:50:58 15,545 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2010-09-21 13:41:41 . 2010-09-21 13:41:41 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2007-11-07 14:03:18 . 2007-11-07 14:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
    2004-06-03 15:04:04 . 2004-06-03 15:04:04 520,349 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\RdxIE.dll.vir

    28e0bf1e and mudajaloyo are both known to me, and the reason for my post in the first place. They are the remnants of the virtumonde infection. The rest I have no idea about, the 2004 listing is before I even owned this machine. I am going to reload xPUD, the Knoppix route is a dead end.
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    hmm

    interesting, not what I might have expected

    nothing obvious there that would cause the machine not to be bootable

    I'll ask noahdfear to take a look as well
     
  9. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    I am, obviously, no expert but I assumed the same. Thanks again to you both! I am definitely getting an education with all of this.
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    when you did the bash driver.sh were there any drivers with no company name? (they would have been reported in the terminal window as well)
     
  11. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Is there a way to minimize this browser window? I'll go look if I could, I am about half done downloading the program/update for the scan.
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    No, don't minimize the browser till it's finished scanning and you've saved the logs, it shouldn't take long.

    It can wait

    (there is a way - just don't want to risk losing the scan)
     
  13. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    70K of 113K...I'm going to get a beer, BRB
     
  14. noahdfear

    noahdfear Malware Specialist

    Joined:
    Nov 20, 2003
    Messages:
    144
    Get two :cool:
     
  15. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/951189

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice