Re: Help, this Virtumundo is causing my Explorer instability

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jan Il (abuse_at_localhost.com)
Date: 11/19/04 

Date: Fri, 19 Nov 2004 16:37:45 -0500

Hi Robert :-)

> > Another bad link -
> > http://www10.brinkster.com/expl0iter/fr...2M/L2M.htm
>
>
> Where did you find that?
> I suspect (due to the ellipsis) that this is a copy of the anchor
> and not the underlying link. In order to copy the link you should
> use right-click, Copy shortcut

My fault on this one, I provided it for the OP in my previous response. I
had used it before, but, obviously, it is no longer available. :/

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

>
> ---
>
>
> >
> >
> > "Jan Il" wrote:
> >
> >> Hi Tay :-)
> >>
> >> There are some variants of malware that can replicate themselves
repeatedly,
> >> and even mutate anew, if they are not removed properly. Although you
may
> >> have already run one or more of the programs, please do so again
according
> >> to the instructions below. Some variants of malware can replicate
> >> themselves over and over if not removed properly. Please follow all
> >> instructions carefully to be sure your system is thoroughly cleaned:
> >>
> >> Step one:
> >> Run Ad-Aware:
> >> Download the latest version of AdAware at
> >> http://www.lavasoftusa.com/support/download/
> >>
> >> After installing AAW, and before running the program, you NEED to FIRST
> >> update the reference file following these instructions.
> >>
> >> Now do the following:
> >>
> >> - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning
Engine:
> >> check: "Unload recognized processes during scanning."
> >>
> >> - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning
Engine:
> >> Check: "Let Windows remove files in use after reboot."
> >>
> >> Press "Scan Now"
> >>
> >> - Check option "Use Custom scanning options"
> >> - Check option "Activate In-Depth Scan"
> >> - Press "Select drives\folders to scan"
> >> - Select the active partition which is usually C:
> >>
> >> Now press "Next" to let Ad-aware scan your drives...
> >> It will find a number of "bad" files and registry keys.
> >> Right-click in that pane and choose "select all"
> >>
> >> Now press "Next" again.
> >> It will ask you whether you'd like to remove all checked items. Click
OK.
> >>
> >>
> >> Download:
> >>
> >> 1.) http://members.shaw.ca/techcd/VB_Projects/Killmsg118.exe
> >>
> >> 2.) -L2M.zip from- http://www10.brinkster.com/expl0iter/fr...2M/L2M.htm
> >>
> >>
> >> Restart your computer, remain offline and run "Killmsg118.exe".
> >> Your computer should restart.
> >>
> >> Unzip "L2M.zip" , Double click on the "L2M.reg" file, and hit->yes to
the
> >> registry merge prompt.
> >> That will remove all the related registry entries including the
'hijacked'
> >> user agent key!
> >>
> >> When done, search your hard drive and delete these files from any
location:
> >> (if exist)
> >>
> >> -msg118.dll
> >> -msguard.dll
> >> -msg118.txt
> >> -oe.bat
> >>
> >> -----
> >> Download and then extract Hijackthis.exe to a new folder. Do not run
it
> >> from the zip the desktop or a temp folder.
> >>
> >> http://www.majorgeeks.com/downloadget.p...e6434cfc13
> >>
> >> Do not remove anything using HijackThis. It lists many types of
entries.
> >> Some are good, and others need to be removed. Post the hijackthis log
to
> >> the one of the following forums to be analyized by the experts there to
tell
> >> you what corrective action to take, if necessary .
> >>
> >> AumHa Forums: HijackThis
> >> http://forum.aumha.org/viewforum.php?f=30
> >> Computer Cops
> >> http://computercops.biz/forum67.html
> >>
> >> You will have to register to post your log, but, it is ok....there are
no
> >> spammers there. just experts to read and help you. Follow their
> >> instructions:
> >>
> >> You should also download, update and run the following programs as
well, to
> >> make sure your system is totally free of scumware:
> >>
> >> Sysclean.com, from Trend Micro, here:
> >> http://www.trendmicro.com/download/dcs.asp
> >> along with the latest pattern file, here:
> >> http://www.trendmicro.com/download/pattern.asp
> >> Be sure to read the "How-to" info here:
> >> http://www.trendmicro.com/ftp/products/tsc/readme.txt
> >> (You might also want to get Art's updater, SYS-UP.Zip, here for future
> >> updating of these:
> >> http://home.epix.net/~artnpeg/).
> >> About:Buster
> >> http://www.majorgeeks.com/download4289.html
> >> http://www.atribune.org/downloads/AboutBuster.zip
> >> SpyBot Search & Destroy
> >> http://www.majorgeeks.com/download2471.html
> >>
> >>
> >> If these steps do not resolve your problem, please post back to this
thread
> >> with the details and any error messages.
> >>
> >> Hope this helps
> >>
> >> Jan :)
> >> Smiles are meant to be shared,
> >> that's why they're so contagious.
> >>
> >> Please reply to the newsgroup so others may benefit.
> >> Replies are posted only to the newsgroup for the benefit or other
readers.
> >>
> >> How to make a good newsgroup post:
> >> http://www.dts-l.org/goodpost.htm
> >>
> >>
> >> >
> >> > This Virtumundo (malware) has resurfaced after going thru deletion
> >> > procession by using Ad-Aware SE. It's causing my Explorer
instability. Any
> >> > advice would be appreciated. Thanks!
> >>
> >>
> >>
>
>