8 hours & still scanning and counting

Discussion in 'Virus Information' started by Marcy, Nov 18, 2009.

  1. Marcy

    Marcy Guest

    I know there is some sort of malware on my Laptop-Windows Xp home edition
    sp2, IE7.
    Its also in the registry. In the start up (msconfig), its there and I
    unchecked it only to see it comes back with a different name.
    Here is what I know so far.....
    Here is what this malware does:
    AFter I launch IE or Firefox, I get random google ads and I think in IE
    browser. Dont remember if they pop up on the firefox. I will get about 6 or
    so and close them each time. Then that is the end of that. I cant see
    anything else that it is causing.

    Here is what I have done: scanned with Spybot search and destroy & Ad-aware.
    all the times, the pc froze or the program would just shut off. So I Started
    safe mode. SS&D cause 69 entries but there were errors in many of them;
    something about the memory full. So I will assume that they are not totally
    gone. The scan took 15 minutes maybe.

    But now in safe mode, we are at a 8 hour scan now. And its only on
    documents and settings in the 's' section.....74,000 files scanned and still
    going....That should not be this long, right!!!!!!!!!
    Here is the SS&D info:
    virtumonde.atr and dll files were found. Need2find. Win32.TDSS.rtk. And then
    there are some with WIndows name on it like an IE firewallBypass. ANd a few
    more. So I will guess this malware is bypassing some of my security
    programs.

    Why is ad-aware taking so long? I did a hijack scan and removed the obvious
    things casue I know what the name is. But I guess it was not enough.
    I thank you in advance for any suggestions.....
     
    Marcy, Nov 18, 2009
    #1
    1. Advertisements

  2. From: "Marcy" <>

    | I know there is some sort of malware on my Laptop-Windows Xp home edition
    | sp2, IE7.
    | Its also in the registry. In the start up (msconfig), its there and I
    | unchecked it only to see it comes back with a different name.
    | Here is what I know so far.....
    | Here is what this malware does:
    | AFter I launch IE or Firefox, I get random google ads and I think in IE
    | browser. Dont remember if they pop up on the firefox. I will get about 6 or
    | so and close them each time. Then that is the end of that. I cant see
    | anything else that it is causing.

    | Here is what I have done: scanned with Spybot search and destroy & Ad-aware.
    | all the times, the pc froze or the program would just shut off. So I Started
    | safe mode. SS&D cause 69 entries but there were errors in many of them;
    | something about the memory full. So I will assume that they are not totally
    | gone. The scan took 15 minutes maybe.

    | But now in safe mode, we are at a 8 hour scan now. And its only on
    | documents and settings in the 's' section.....74,000 files scanned and still
    | going....That should not be this long, right!!!!!!!!!
    | Here is the SS&D info:
    | virtumonde.atr and dll files were found. Need2find. Win32.TDSS.rtk. And then
    | there are some with WIndows name on it like an IE firewallBypass. ANd a few
    | more. So I will guess this malware is bypassing some of my security
    | programs.

    | Why is ad-aware taking so long? I did a hijack scan and removed the obvious
    | things casue I know what the name is. But I guess it was not enough.
    | I thank you in advance for any suggestions.....

    | --
    | Thanks so very much for your help-! ! ! !



    Win32.TDSS.rtk -- TDSS RootKit !

    http://www.gmer.net/#files

    Close all applications and run a scan w/Gmer.
     
    David H. Lipman, Nov 18, 2009
    #2
    1. Advertisements

  3. Marcy

    Hot-text Guest

    2:50 pm here in Houston how you doing "Marcy"
    have a update for us?
     
    Hot-text, Nov 18, 2009
    #3
  4. Marcy

    Marcy Guest

    THanks hot text and Dave.
    I ended stopping the 8 hour scan. I followed Davids advice and run a scan
    w/Gmer.
    I read on that site that if I had questions to email Gmer. I sent themthe
    log file and have not heard anything yet. did that on 11-18-09 so its still
    kind of soon.
    I am doing scans in safe mode as we speak. I turned off system restore
    before going into safe mode because I think the virtumundo object is in
    system restore. I see it all the time in the msconfig start up. I may have
    more than just this malware but this one is for sure there.
    I ran SS&D in safe mode and deleted what it found. I am doing adaware again
    and in safe mode as we speak. I have a feeling that this is an all day thing
    though and think there has got to be a better faster way.

    I have submitted hijack log files years before to forums. I think that is
    where I need to go at this point.
    Note that I did an onlin panda scan and it lasted hours too; but I had to
    turn off the PC and was not able to continue.
    I thank you in advance. Az time, 9:00 am
     
    Marcy, Nov 20, 2009
    #4
  5. Marcy

    Hot-text Guest

    Keep as POSTED
    On how you doing OK

     
    Hot-text, Nov 20, 2009
    #5
  6. From: "Marcy" <>

    | THanks hot text and Dave.
    | I ended stopping the 8 hour scan. I followed Davids advice and run a scan
    | w/Gmer.
    | I read on that site that if I had questions to email Gmer. I sent themthe
    | log file and have not heard anything yet. did that on 11-18-09 so its still
    | kind of soon.
    | I am doing scans in safe mode as we speak. I turned off system restore
    | before going into safe mode because I think the virtumundo object is in
    | system restore. I see it all the time in the msconfig start up. I may have
    | more than just this malware but this one is for sure there.
    | I ran SS&D in safe mode and deleted what it found. I am doing adaware again
    | and in safe mode as we speak. I have a feeling that this is an all day thing
    | though and think there has got to be a better faster way.

    | I have submitted hijack log files years before to forums. I think that is
    | where I need to go at this point.
    | Note that I did an onlin panda scan and it lasted hours too; but I had to
    | turn off the PC and was not able to continue.
    | I thank you in advance. Az time, 9:00 am


    If you have have that Gmer log, please send it to me. I have direct access to him (Gmer).

    Just remove ~nospam~ from my posting email address.
     
    David H. Lipman, Nov 20, 2009
    #6
  7. Marcy

    Marcy Guest

    Update................
    Happy to report that I believe the malware has gone.
    David suggested I use malwarebytes to scan and remove.
    I followed his advice and did the scan. Malware bytes found the malware and
    after I rebooted, it appears that the problem is solved and that malware is
    gone.
    The scan was pretty quick compared to the 8 hours + that it was taking
    adaware. That was frustrating.
    Thanks Dave & all for your help and advice.
     
    Marcy, Nov 21, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.