Adware-Virtumonde and privacy Remover M64

**camper** · 27-08-2008

Since this morning a window screen tells me that Windows has detected these two viruses. I have included the Hijack this report with it as well. Someone help me please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:48, 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccProxy.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphcaj8j0eg9v.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hervé\Local Settings\Temporary Internet Files\Content.IE5\A22P19S6\VundoFix[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

**Big Fish** · 27-08-2008

Lavasoft Virtumonde Remover:
It will find and clean the variants of the Virtumonde (a.k.a Vundo Trojan), that integrate tightly with the operating system, causing some scanners to bluescreen windows
http://www.download.com/Virtumonde-R...-10564813.html

A-Squared Free:
http://www.download.com/A-squared-Fr...-10262215.html
This is not a limited version but a full tool to clean your computer from Malware, Spyware, Trojans, Backdoors, Worms, Dialers and Keyloggers.
How to use:
http://cotojo.wordpress.com/2008/07/07

Malwarebytes Anti-Malware:
http://www.download.com/Malwarebytes....html?hhTest=1.
Download, install, update and select Full Scan.
Remove all infections that it finds after scan.

Spybot S&D:
http://www.safer-networking.org/en/download/index.html
Download, install, update and Immunize, turn off Tea Timer then click 'Check for problems' then when complete select all and then 'Fix Checked'

Spyware Doctor Free Basic Edition - Realtime monitoring:
http://pack.google.com/intl/en/pack_...gl=us&ciNum=12
Its free with Google pack, untick all boxes except Spyware Doctor. Download install, update and run.

SUPERAntiSpyware Free Edition:
http://www.download.com/SUPERAntiSpy...-10523889.html
Download, install, check for updates, then select Scan your Computer, select your drive and select Perform Complete Scan

VundoFix:
http://www.symantec.com/content/en/u...s/FixVundo.exe
Disconnect your computer from the internet
Run vundo
Restart your computer
Run the tool again to ensure no traces are left.

Repair you wallpaper with Wallpaper Hijacker Removal Tool:
http://www.majorgeeks.com/Wallpaper_...ver_d4816.html
Note: You should hit all "Repair" buttons even though it may not say "Found!" This will fix a wallpaper hijack everytime if all repair buttons are pressed.

SpyNo More:
Appeared on list of fraudulent sites.
Appeared on malware domain blocklist.
Used for the distribution of "rogue" security or other such applications:
http://hosts-file.net/?s=spynomore.com
http://www.malwaredomains.com/
http://www.mywot.com/en/scorecard/spynomore.com

**Mr. Boo Bear** · 27-08-2008

How to remove privacy remover m64
To save time and avoid risking destroying your computer, we highly recommend use a spyware scanner such as SpyHunter, to detect privacy remover m64 and other spyware, adware, Trojans, viruses, keyloggers, and more that can be hidden in your PC.

associated with privacy remover m64 infection:

Code:

c:\Program Files\XPGuard\XP-Guard.exe
c:\Program Files\XPGuard\unwise.exe
c:\Program Files\XPGuard\XP-Guard Web Site.url
c:\Program Files\XPGuard\install.log
%UserProfile%\Desktop\XP-Guard.lnk
%UserProfile%\Start Menu\Programs\XPGuard\XP-Guard.lnk
%UserProfile%\Start Menu\Programs\XPGuard\XP-Guard Web Site.lnk

privacy remover m64 processes to kill:

Code:

c:\Program Files\XPGuard\XP-Guard.exe
c:\Program Files\XPGuard\unwise.exe

Remove privacy remover m64 registry entries:

Code:

414B0283-2228-4F26-8BB3-C2211FA99223
BC37F38C-D37C-46FC-AC8D-93ABBCE72947
FE06810E-CAFB-4F02-A65B-F35190236D02

Source: zimbio.com

**silviutza** · 16-09-2008

hi. i have a question. what if it won't allow you to access your account on the pc? it's logging me off. do i have any alternative rather than reinstall the operating system? thanks

**Milton.J** · 17-09-2008

Hi silviutza,

I didn't get your problem properly. Please elaborate and explain it. That will be helpful for us to understand and give proper solution

**silviutza** · 17-09-2008

hi. thanks.

. my friend has this problem. when she opens the pc, a message appears, about the 2 viruses: adaware.virtumonde and privacy.remover.m64. after the welcome screen appears, it appears the username (to log on). but when you try to log on, after a few seconds it says logging off. and the 'turn off' button appears in the left corner. i think i should use some antivirus programs that boot from dos. what is your recomandation? thanks a lot for your help.

**.:MUNDITO:.** · 17-09-2008

Originally Posted by silviutza

hi. thanks.

. my friend has this problem. when she opens the pc, a message appears, about the 2 viruses: adaware.virtumonde and privacy.remover.m64. after the welcome screen appears, it appears the username (to log on). but when you try to log on, after a few seconds it says logging off. and the 'turn off' button appears in the left corner. i think i should use some antivirus programs that boot from dos. what is your recomandation? thanks a lot for your help.

Hi,
Did you try the above solutions mentioned?

**silviutza** · 17-09-2008

Actually, not yet.

. I was hoping you recomended me some antiviruses that i can boot from a cd/dvd. or something... i haven't tried this before...

**Milton.J** · 19-09-2008

Privacy remover m64Privacy remover m64 is a Trojan infection related to a "Warning! Win32/privacyremover.M64" and a Rogue program called XP-GUard. Privacy remover m64 will change Your desktop to it own, and will promote the XP-Guard fake program.

The message may look like this:

The message says:

“WARNING! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.
Warning! Win32/Adware.Virtumonde
Warning! Win32/privacyremover.M64“.

It is very important to remove Privacy remover m64 as soon as possible. Privacy remover m64 may also install other Trojans. And do not try to install, nor buy the fake program XP-Guard.

Download Privacy remover m64 infection scanner