The Virtumonde Trojan
I am having trouble with the Virtumonde Virus lately it infected my computer four times this month alone. I seem to get it every time I visit this dating site I covet so much 'localhookupz.com' Virtu monde modifies the Windows Internet connection settings and displays various pop-up advertisements, such as those of fake antispyware programs (including, but not limited to Antispyware Master, Sysprotect, Storage Protector). In my case two times I clicked on the Antispyware Master banner, the other two times I have no clue how I got it. But it seem now every time I get on this site I get infected. I can't be the only one, my question is I would like to keep utilizing this site is there anything I can do to browse through this site and not get infected? It has thousands of users many of which use their smart phones to access the site.
I run Windows XP Pro I have just upgraded to Service pack 3 and installed all of the updates. Updated my Java, purchased real time protection and I have SiteAdvisor (Free version) installed, but have not been back to the site since. I cannot not imagine the administrators of the site allows this to happen. How can I browse through this site safely?
I run Windows XP Pro I have just upgraded to Service pack 3 and installed all of the updates. Updated my Java, purchased real time protection and I have SiteAdvisor (Free version) installed, but have not been back to the site since. I cannot not imagine the administrators of the site allows this to happen. How can I browse through this site safely?
ASKER
I have all of the above and have a paying version of SUPERAntiSpyware. So i have real time protection now but my question is " is there anything I can do to browse through this site and not get infected?"
You've updated java, Windows and installed programs, and you have SAS realtime protection. Assuming you have firewall and antivrus protection.
You sound protected enough, but if the site is hacked then not much you can do about that.
But supposing it's not hacked, then when browsing the site just don't click any banners, don't click OK on prompts to update your applications etc, and don't click OK when prompted to download needed codecs. And immediately unplug the pc or disconnect from the site when BSOD's while browsing.
Also install SpywareBlaster to protect you against activex based malware.
http://www.javacoolsoftwar
Try and visit the site again to test your protections, anyway it's not that hard to remove vundo infection. Just be ready with MalwareBytes, Combofix and also Smitfraudfix, :)
Good luck!
You sound protected enough, but if the site is hacked then not much you can do about that.
But supposing it's not hacked, then when browsing the site just don't click any banners, don't click OK on prompts to update your applications etc, and don't click OK when prompted to download needed codecs. And immediately unplug the pc or disconnect from the site when BSOD's while browsing.
Also install SpywareBlaster to protect you against activex based malware.
http://www.javacoolsoftwar
Try and visit the site again to test your protections, anyway it's not that hard to remove vundo infection. Just be ready with MalwareBytes, Combofix and also Smitfraudfix, :)
Good luck!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rpggamergirl I usually remove all traces of the vundo infections solely with SAS, i already use spywareblaster. I also have MalwareBytes and Combofix. Do i still really need to use MalwareBytes, Combofix and also Smitfraudfix after SAS removes all traces?
ASKER
Rpggamergirl just installed the no script feature in my Firefox can't wait to try it. I can't use the site with a limited account.
ASKER
Rpggamergirl isn't SAS antivirus?
>>>Do i still really need to use MalwareBytes, Combofix and also Smitfraudfix after SAS removes all traces?<<<
If SAS had already removed all traces then you don't need to worry about the other tools unless you want a second opinion to check if SAS had missed something else.
>>>Rpggamergirl isn't SAS antivirus?
SAS is not an antivirus, ti's mainly for antispyware(hence the name) it belongs to the same category scanners as MalwareBytes, SpySweeper, SpyBot S&D etc.
It is NOT a replacement for a resident antivirus.
Keep us updated after you visit that same site again, :)
If SAS had already removed all traces then you don't need to worry about the other tools unless you want a second opinion to check if SAS had missed something else.
>>>Rpggamergirl isn't SAS antivirus?
SAS is not an antivirus, ti's mainly for antispyware(hence the name) it belongs to the same category scanners as MalwareBytes, SpySweeper, SpyBot S&D etc.
It is NOT a replacement for a resident antivirus.
Keep us updated after you visit that same site again, :)
ASKER
<<<Keep us updated after you visit that same site again, :)>>>
Will do Rpggamergirl i am going to take my time, and will let you know what happens. Thanks so much, look out for my reply!
Will do Rpggamergirl i am going to take my time, and will let you know what happens. Thanks so much, look out for my reply!
>>>look out for my reply!<<<
I sure will! :)
I sure will! :)
ASKER
>>>I sure will! :)<<<
Rpggamergirl i wne to that malicious site and did some browsing. That "no script "feature is amazing i think thats the trick. I can't find a clean version of Smitfraudfix everywhere i download it from "virus total" finds at least 14 infections. The latest site i downloaded it from was majorgeeks, and i totally trust them. Are they false positives?
Rpggamergirl i wne to that malicious site and did some browsing. That "no script "feature is amazing i think thats the trick. I can't find a clean version of Smitfraudfix everywhere i download it from "virus total" finds at least 14 infections. The latest site i downloaded it from was majorgeeks, and i totally trust them. Are they false positives?
>>>I can't find a clean version of Smitfraudfix everywhere i download it from <<<
Some antivirus flags smitfraudfix as a virus because of process.exe but it is not don't worry about it.
The only site you should download smitfraudfix.exe from is the author's site.
http://siri.geekstogo.com/
And the mirrors which are approved by the Smitfraudfix author:
Mirrors: Alternate official download locations for Smitfraudfix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
Zebulon.fr
Anywhere else I do not trust.
Glad to know you like the "no script" feature, :)
Some antivirus flags smitfraudfix as a virus because of process.exe but it is not don't worry about it.
The only site you should download smitfraudfix.exe from is the author's site.
http://siri.geekstogo.com/
And the mirrors which are approved by the Smitfraudfix author:
Mirrors: Alternate official download locations for Smitfraudfix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
Zebulon.fr
Anywhere else I do not trust.
Glad to know you like the "no script" feature, :)
ASKER
>>>Some antivirus flags smitfraudfix as a virus because of process.exe but it is not don't worry about it.<<<
Some i could understand but 14 engines Rpggamergirl? I think i will pass...lol Another day or so browsing through localhookupz.com and i will award you the point, it's so nice having you around, thanks!
Some i could understand but 14 engines Rpggamergirl? I think i will pass...lol Another day or so browsing through localhookupz.com and i will award you the point, it's so nice having you around, thanks!
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.22 -
AhnLab-V3 5.0.0.2 2009.01.22 -
AntiVir 7.9.0.57 2009.01.22 HEUR/Crypted.E
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.22 -
BitDefender 7.2 2009.01.22 Application.Generic.26831
CAT-QuickHeal 10.00 2009.01.22 -
ClamAV 0.94.1 2009.01.22 Trojan.Killproc-1
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.22 Tool.Prockill
eSafe 7.0.17.0 2009.01.20 Win32.Banker
eTrust-Vet 31.6.6321 2009.01.22 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.22 W32/Zlob.gen123
Fortinet 3.117.0.0 2009.01.22 Misc/PrcViewer
GData 19 2009.01.22 Application.Generic.26831
Ikarus T3.1.1.45.0 2009.01.22 -
K7AntiVirus 7.10.599 2009.01.22 -
Kaspersky 7.0.0.125 2009.01.22 -
McAfee 5502 2009.01.21 potentially unwanted program PrcViewer
McAfee+Artemis 5502 2009.01.21 potentially unwanted program PrcViewer
Microsoft 1.4205 2009.01.22 -
NOD32 3787 2009.01.22 Win32/PrcView
Norman 5.93.01 2009.01.21 IEDefender.E.dropper
nProtect 2009.1.8.0 2009.01.22 -
Panda 9.5.1.2 2009.01.21 Application/SmithFraudFix.A
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.22 -
Rising 21.13.31.00 2009.01.22 -
SecureWeb-Gateway 6.7.6 2009.01.22 Riskware.Tool.Reboot.F
Sophos 4.37.0 2009.01.22 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.22 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.22 -
VBA32 3.12.8.10 2009.01.22 -
ViRobot 2009.1.22.1573 2009.01.22 -
VirusBuster 4.5.11.0 2009.01.21 -
It's really normal for some antivirus to flag Smitfraudfix as a risk tool or virus as explained in the author's page.
If you've downloaded from the only sites I've listed then they are virus free.
>>>Some i could understand but 14 engines Rpggamergirl? I think i will pass<<<
Only 14? I've expected more than that, lol.
I respect your decision, and I understand why you're hesitant to use it, it's good to be cautious, but for the record Smitfraudfix really is virus free, :)
>>>it's so nice having you around, <<<
that's the nicest thing I've heard today, I really appreciate it, thank you.
I wish there were more members like you, :)
If you've downloaded from the only sites I've listed then they are virus free.
>>>Some i could understand but 14 engines Rpggamergirl? I think i will pass<<<
Only 14? I've expected more than that, lol.
I respect your decision, and I understand why you're hesitant to use it, it's good to be cautious, but for the record Smitfraudfix really is virus free, :)
>>>it's so nice having you around, <<<
that's the nicest thing I've heard today, I really appreciate it, thank you.
I wish there were more members like you, :)
ASKER
>>>It's really normal for some antivirus to flag Smitfraudfix as a risk tool or virus as explained in the author's page.
If you've downloaded from the only sites I've listed then they are virus free.<<<
I will consider downloading it again, i probably will.
>>>that's the nicest thing I've heard today, I really appreciate it, thank you.
I wish there were more members like you, :)<<<
Your welcome, and i meant what i said. Talk to you soon!
If you've downloaded from the only sites I've listed then they are virus free.<<<
I will consider downloading it again, i probably will.
>>>that's the nicest thing I've heard today, I really appreciate it, thank you.
I wish there were more members like you, :)<<<
Your welcome, and i meant what i said. Talk to you soon!
ASKER
Rpggamergirl just an update, I have not forgot about you, I have been using that possible malicious site for a few days now, the no script feature is working great. However Spysweeper found a trace of the Virtumonde, I am not sure if it was already in the quarantined section and showed up again or I got a new infection from that site, either way SUPERAntiSpyware (did not run scan) did not alert me which I though it would being I am running it real time. Anyway I deleted it from the quarantined section of Spysweeper and will try the site some more and run a scan again. I will get back to you thanks.
Did SpySweeper give you some info on that trace of virtumonde? like a filename, location or a registry location?
Good luck!
Good luck!
ASKER
>>>Did SpySweeper give you some info on that trace of virtumonde? like a filename, location or a registry location?<<<
It was a registry location, and i deleted it from Spysweeper quarantine.
It was a registry location, and i deleted it from Spysweeper quarantine.
ASKER
Rpggamergirl thanks for your patience. I have been using site the last week and no more traces of the Virtumonde if I have any more problems I will just open another question thanks the points are yours!
Glad to know that everything's fine.
Thanks for the points and the grade!
Thanks for the points and the grade!
OR
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
AND
http://download.bleepingcomputer.com/sUBs/ComboFix.exe