Monday, May 29, 2017
4:41:12 AM
Users online: 0   You are here >> Home > Security

Forums | Security Forums search
Forum FAQ
Crazy virus - can't find info anywhere
23/6/08 2:30:02 AM
Okay I've tried googling the filename, no relevant result. I've tried clicking the Info link my scanner provides (AntiVir Guard) and I'm told they have no information on it. The scanner calls the virus "TR/Dldr.Ag.24576.TA" so I tried Googling that to no avail.

I can post a Hijack This log if anyone thinks it may help?

So far I can tell you the original DLL that was coming up as infected is called vtU[l]LCus.dll (note the square brackets aren't really in the filename, I'm using those to highlight the character between them - it's not a standard character and tends to look like a 1 or a vertical pipe depending on the font its displayed in) and now while scanning with Spybot etc I get seemingly random blips from AntiVir informing me of other infected DLLs. iiffCVNh.dll is one, and the others that have come up all seems to be random 8 character strings for filenames.

I don't want to create a wall of text with a HJT log, but if you guys need that to help out just let me know.

Edit: breakthrough! SpyBot just identified it as Virtumonde...

Edited by gnack: 23/6/2008 2:36:29 AM


23/6/08 4:47:25 AM

Give this a go.

"You do not really understand something unless you can explain it to your grandmother" - Albert Einstein.
"Note to self....Don't feed the trolls"

24/6/08 6:49:11 AM
Antivir is the pest you need to get rid of.

Make sure hidden folders and files are on not hidden. If you go into safe mode, I would get rid of all your other antivirus programs and delete everything in all temp folders and the prefetch folder. Then look at your C:\Windows\System32 folder, look for odd named files that do not belong to windows, that have a date close to the date you started having problems, if your not sure if its good or bad, go to process library and check it out. This will help you get rid of most of the crap your explaining. I do realize trojans and etc hide in other places, but this is the most common place and I do realize there is a heck of a lot of files in that folder, but if you want to fix it yourself, you have to have patience. Afterwards I would check your startup in msconfig and make sure there are not any programs there that shouldnt be.

If there are some files that will not delete, or come back, I would boot from a bart pe windows live cd and from there you can delete anything with no problems.

Send me your hijack logs if you continue having problems, and I might be able to shed some light.

Sooner or later, even the best can be beat


Forums | Security