Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64


  • Please log in to reply

#1
MOPPER

MOPPER

    New Member

  • Member
  • Pip
  • 1 posts
I've been asked to clean up a Win XP Pro PC infected with this malware. The PC has AVG 8.0 but that did not catch it coming in nor could it see it after infection. Also, VCLEANER.exe from Grisoft (AVG) did nothing.

I restored to the restore point that was about 4 hours prior to the infection and that cleaned up the desktop fake warning box. My questions are:
1. Is that enough? If not, what else needs to be done to make sure it's safe?
2. The PC was on a company LAN at the time, and it was shut down and rebooted a few times before being removed from the LAN. Does this bug have a payload that could infect other PC's on the LAN? No one else has reported any problems.
3. Does it have the ability to infect flash drives? Software (like VCLEANER.exe) was download to another PC and then moved over on a flash drive.

BTW, this infection occurred when the user received an email announcing an "e-card from a dear friend." The hot link looks like a legitimate web site: (which probably got hacked) followed by /e-card.exe Now how obvious can it be? I'm surprised AVG didn't flag this one.

Thanks.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP