Image shows location. You can see the multiple times i have tried to remove with SAS and it keeps coming back. i don’t know where it came from but i have a feeling it might have come from YouTube. i did this search in YT i heard about “worlds most infected computer” and like an idiot i tried it, thinking my firewall and AV could handle it. Avast blocked it but now i have this. how do i get rid of it?
thank you i have gone to the link u provided and followed the instructions… the only thing is the logs are too long to post. malwarebytes found nothing, OTS log is so long and can hardly summarize what im looking at
Please don’t follow Shreyas’ suggestions. He doesnt know what he is doing. Please wait until someone else posts or please follow the first post in this topic: http://forum.avast.com/index.php?topic=53253.0 (which is from a malware expert unlike shreyas who is here on forum trying to break other users computers.)
“The authors are now using file infection so Virtumonde checks which files run at Windows startup and tries to infect them. Effectively this means that Virtumonde turns the original host file into a Trojan-Dropper.”
I wouldn’t waste time with other tools or suggestions and follow only essexboy’s instructions and and hopefully you won’t have missed him
The reason not to waste time is essexboy has limited time available to be on the forums, around 7-11 pm UK time, now 10:40pk in the UK. So if you miss out he won’t be back on-line for some time.
poo. well i can only wait i guess.
well okay essex, i uploaded to mediafire. i’ll watch out for any weird activity and let u know if i see anything. i try to keep my machine as clean as possible, i update regularly or automatically if it allows. i use win 7(64bit), avast, comodo firewall, malwarebytes, hitman pro, superantispyware, ccleaner, firefox with WOT add-on.
i dont click on ads, install or use any tool bars or install any other strange plugins.
maybe i should have asked first but should i install java? i think i was only using flash and i dont think my machine had java on it at all. there was something i saw that mentioned that java being out of date could be targets for vundo.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\] > -> HKEY_USERS\S-1-5-21-2920811595-138694612-3144721724-1002\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files - No Company Name]
NY -> clip0001.avi -> C:\Users\Preston\Documents\clip0001.avi
NY -> Olcodec.dll -> C:\Windows\SysWow64\Olcodec.dll
NY -> OLSBMIX.DLL -> C:\Windows\SysWow64\OLSBMIX.DLL
[Files/Folders - Unicode - All]
NY -> C:\Windows\SysNative\?3 -> C:\Windows\SysNative\ꌐ3
NY -> C:\Windows\SysNative\?3 -> C:\Windows\SysNative\ꌐ3
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
awesome thanks
i still yet to run the fix but before i start, to answer your first question; as far as PC performance no problems actually, the only malware on my whole machine is OLSBMIX.dll that shows as a vundo but i dont think its doing anything, yet.
ok so when i run the fix do i paste the script and follow the same steps as in the first scan customizing the controls? or do i just paste and run it?