Hi.

I have picked up some sort of a nasty and i'm having some trouble getting rid.

It's driving Ewido nuts as when i clean/quarantine/delete it it immediately rectivates itself, throwing Ewido's warning box back up. Ewido lists it as adware.virtumonde

I have also found the rogue entry in HJT....

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yaywvvt.dll

....but not even that will remove it, so i assume there is something else i have not noticed that is reinstating the .dll after deletion.

Could one of you guys please take a look at my HJT log and try to point me in the direction of a fix please?

Thanks in advance for any help.

B

Forgot to post the Ewido report so here it is.

Hi B-2-0

Download VirtumundoBegone and save it to your desktop. When you have done this doubleclick on VirtumundoBeGone.exe and follow the instructions. When it has finished, reboot and post the log that is created on your desktop called VBG.TXT in your next reply. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
Run Hijack This again and post a new Hijack This log and VBG.TXT .

Thanks for the reply Pancake.

I ran the tool but after everything except my background picture and the tool disappeared it froze my PC and i had to ower down at the mains after about 3 or 4 mins so i dunno if it has worked properly.

It did save the log though...

Yes that all worked fine.Your log clean.Go forth and sin no more...






If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..
If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile:
Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Now that you are clean its now is a good time to flush out your restored files.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
How Do I Protect My Computer Against Future Malware Now I'm Clean.
NOTE:You may have already taken some of these steps.
Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system
Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options?.
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.
Some Recommended Protection Programs
Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!
Some available programs are:
Ad-Aware
SpyBot Search & Destroy
Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.
If you do not have a firewall, here is a free one for personal use:
ZoneAlarm
http://www.zonelabs.com/store/conten..._freedownloads
http://www.zonelabs.com/store/conten...g=en&lid=ho_za

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
http://www.spywarewarrior.com/asw-test-guide.htm

Here is a helpful article:
"So how did I get infected in the first place?"

http://www.pchelpforum.com/index.php?page=protect

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Excellent!

I had to remove the yaywvvt.dll myself and run another scan of ewido and disk cleanup to sweep up the debris but now all is fine.

Many thanks Pancake (great name btw)

One more thing....is there a place where i can find a list or a collection of these removal tools you recommend?

Ok thats fine....well done.