malware infection!

[twizzle]

hey fellas need some help.

Turns out my pc has no become infected with some malware.Unsure where it came from, and even how it managed to get on my pc considering that i have Spybot s&D, Ad-Aware and NOD32 running. Anyway its called Vitumonde.dll and i'm having problems removing it.
I'v run all 3 above, Trends Housecall, Ewido AVG, Kaperskys online checker, stinger and i've done what i can in safe mode (deleted the infected iles and removed some registry entries etc) every check says reved or fixed, until i reboot the pc and it becomes re-infected.
I have tried to google this one nd just cannot seem to find a good bit f advice on how to get rid of this apart from what i have done. So any suggestions? have i missed something??

Its getting really annoying as it runs another instance of IE when i run IE, sending me to pages of Ads. I want tmake sure i have tried everything before the last resort of reformatting and re-installing all (wont use system restore as i know this gets infected too)

[MrNerdy]

By googling your problem i found THIS
Or try THIS
It may just be a case of working through the list until you find something that works!

[Sparky]

Actually system restore should be the first you try in safe mode. I know many people say this wont work but if you can pick a restore point from a point in time before the machine got infected then that might be all you need to do. It is possible that some of the restore points may have the malware included though.

When you reboot is your PC connected to the internet? Either the malware is downloading itself again or being recreated from a start-up process.

Few things you can try:
*System restore in safe mode
*Run all the spyware checks in safe mode again
*Log on as a different user account
*Run Filemon as this will tell you exactly what is running in the background. Delete the malware files as needed.
http://technet.microsoft.com/en-us/s.../bb896642.aspx
*Icesword is useful as well, also deletes files that are in use.
http://www.softpedia.com/get/System/...IceSword.shtml

[derkit]

ComboFix may be worth a look also - I haven't researched your particular problem, but I've used it on a few computers and it always does well.

Linky

[Mitzs]

Twizzle, you can try counterspy and see if it works it is what mary and I use. They have a 15 day free trial. Adware, counter spy, just don't keep their stuff up todate well enough anymore.

[twizzle]

Mr Nerdy, thanks for the googles but i've already tried the first one and that didnt work. Hijackthis listed some processes that i removed but to no avail.
Derkit, tired Combofix but now my pc wont boot either to safe mode or normal windows, and at the mo i cant even find my xp disk!!

Bugger it all, will have to formt and start again! ( well there goes the bathroom tilling this weekend and i was so looking forward to doing that!!! ;) )

[Theprof]

I've had some pretty bad malware last week called virusheat and no anti-spyware/malware helped except for this app.

[twizzle]

Well just spent the last hour or so re-installing windows. Had to wipe the exisiting install but fortunatley not teh whole drive. Now i'm just running the Profs app to see if that finds anything.
What surprises me is that NOD didnt remove it and thats sposed to be one of the best, neither did Trend or AVG.
malware and Viruses are just getting too good these days!

[Bluerinse]

Quote:

Originally Posted by twizzle

Well just spent the last hour or so re-installing windows. Had to wipe the exisiting install but fortunatley not teh whole drive. Now i'm just running the Profs app to see if that finds anything.
What surprises me is that NOD didnt remove it and thats sposed to be one of the best, neither did Trend or AVG.
malware and Viruses are just getting too good these days!

The reason that NOD and AVG and other similar programs didnt remove it is that it's not a virus as such. it is addware, something that you have infected your computer with by using Internet Explorer and have most likely inadvertantly, agreed to the installation thereof.

Foor goodly sake, now your PC is clean again, the best protection against these nasties is to not use IE.. Use Fx or Opera for your usual day to day browsing. It is the Active X controls built into IE, mainly for the purposes of Windows update that these malware writers exploit in order to get their crap into your system. Only use IE on sites you need to and *trust*, ie some banks and Microsoft etc.