Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib

* * * * * 4 votes

  • Please log in to reply
125 replies to this topic

#76
zookate

zookate

    New Member

  • Member
  • Pip
  • 5 posts
I had a problem with Winfixer last year. I ran McAfee VirusScan and it seemed to fix the problem, but still lists it every time a new virus scan is run. (Says it cannot be completely removed.) I've ignored it because I didn't notice any issues.

HOWEVER, last week I did a stupid thing while I was running Windows Update. I've been using Firefox and usually go to the download site at Microsoft to download updates, but decided to open Explorer and let it automatically check on which updates I need. I ended up with a new virus/malware (RemAdm-ProcLaunch!171). McAfee said the same thing for this as it did for Winfixer - it cannot be completely removed. I can't download any programs (.exe's) because I get the warning from Firefox that "This download has been blocked by your Security Zone policy".

I used the Firefox help sections and reset my about:config settings, cleaned out folders, reset my security settings to "default", etc... and still can't download anything. I finally got frustrated at 3am the other morning and "uninstalled" IE (removed from Windows Components in Control Panel, Add/Remove Programs), then I tried to delete the IE folder (and all subfolders) on my C drive - knowing it probably wouldn't work, but I was about to toss my computer out the window anyway... After I did that, the "RemAdm-ProcLaunch!171" doesn't show up in my virus scan, but I still get the prompt that Firefox is not my default browser, blah, blah... every time I open it.

Since I can't download anything, and have gone through everything I know and can find on the internet, I'm at the end of my rope. I also get an error every time I open

PLEASE HELP!!!

I'm running Windows XP Home, and McAfee Security Center 9.0 with VirusScan and Personal Firewall also installed. Firefox ver is 3.0.5 and when I had IE, it was ver 6.0 or something - I never upgraded to the latest version because I didn't want it anyway.

Thanks,
zookate
  • 0

Advertisements


#77
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
  • 0

#78
zookate

zookate

    New Member

  • Member
  • Pip
  • 5 posts
My problem is that I can't even follow the first set of instructions because I can't download any .exe files.

"Save File" and "Cancel" are the only options available when I click a link to download a file. ("Run" isn't available)

Then, I get the error that all downloads are blocked by my "Security Zone policy". Even though the .exe is in the location I chose, when I try to run it, I get an error that ".... ___.exe is not a valid Win32 application" and I'm unable to run the .exe.
  • 0

#79
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try rename the files to a random name. If that doesn't work, then just post a topic in the Malware Removal forum and mention that problem
  • 0

#80
Tobewan

Tobewan

    New Member

  • Member
  • Pip
  • 3 posts
Trying to remove Avenger files but they're password protected. Anyway to get the password reset?
  • 0

#81
zookate

zookate

    New Member

  • Member
  • Pip
  • 5 posts
Rorschach112,

Thanks for the help. I posted on the malware removal forum so you can probably close me out in here. I guess I'll come back if someone redirects me here...

Thank you!
  • 0

#82
sari

sari

    GeekU Admin

  • Administrator
  • 21,659 posts
  • MVP

Trying to remove Avenger files but they're password protected. Anyway to get the password reset?


Tobewan, Avenger files from what? You shouldn't be running that program without the direction of someone who's trained in its use. If you're infected, you should be posting in the Malware forum. Please go here and follow those instructions.
  • 0

#83
Tobewan

Tobewan

    New Member

  • Member
  • Pip
  • 3 posts
Thanks, but after a little bit of concious thought (doesn't happen often), I was able to delete the files. I too was concerned that the program was beyond my expertise so I just wanted to get rid of it. I took care of my virus a while ago and no longer infected. Running Kaspersky now and all is good.
  • 0

#84
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Glad you got it fixed

If you need help in the future don't be afraid to ask
  • 0

#85
Tobewan

Tobewan

    New Member

  • Member
  • Pip
  • 3 posts
Thanks. Hopefully I won't need to but if I do Geekstogo is where I'll go.
  • 0

Advertisements


#86
sari

sari

    GeekU Admin

  • Administrator
  • 21,659 posts
  • MVP
Maybe that should be our new slogan: "Geeks to Go is where I go!". :)

Thanks for letting us know, Tobewan.
  • 0

#87
hello2009

hello2009

    Member

  • Member
  • PipPip
  • 17 posts
hi not sure if this is the right place to ask this ... but just out of curiosity ...if i know my computer might be infected by some backdoor trojan, is it safe to do online banking transactions using the screen keyboard to type the passwords...in other words are mouse clicks logged on my machine or the banks server ????
  • 0

#88
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No its more than likely not safe to do online banking or stuff like that. Backdoors tend to monitor infected machines for passwords
  • 0

#89
betyar

betyar

    Member

  • Member
  • PipPip
  • 42 posts
Hi Rorschach112!

I've read the succesful rootkit killing,where you helped in this forum!It was great!Could you help me?I think I have almost the same problem.The AVG detects a hidden driver,and when I want to delete this,the AVG asks to reboot to remove this item.I do it,but if I do a rootkit scan again,it appears in another file in windows/system32/drivers folder.Could you cure this?Would you please help me?

betyar

ps:Oh,sorry!I think this is not the right topic for my problem...

Edited by betyar, 28 December 2008 - 05:31 AM.

  • 0

#90
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.