I noticed that my background had been changed to an ad for windows warning message and a notice saying that I was infected with Win32\Adware.Virtumonde and Win32\PrivacyRemover.M64
There was also a pop-up for Antivirus XP 2008 license agreement, which I didn’t download or anything. So I scanned my computer with Avast!. The scan came up with several files which I moved to the chest, but some would not move and so I deleted them.
The files that show up when ever I rescan and won’t delete are:
c:\docume~1\admni~1\locals~1\temp\nsm4.tmp\euladlg.dll (Malware name: Win32:Adware-gen [Adw]) VPS version: 080919-0, 09/19/2008
It recommendes that I move the file to chest, but even after doing so it keeps reappering when ever I rescan.
c:\windows\system32\tdssl.dll (Maleware name: Win32;Bravix-B [Drp]) Maleware type: Dropper (VPS version:080919-0, 09/19/2008)
It recommendes that I move the file to chest but it will not let me, saying:
The Process cannot access the file because it is being used by another process
Cannot process ‘c:\windows\system32\tdssl.dll’ file
So then I delete the file, but it doesn’t go away and re-appears next time I scan.
Then a notice would pop up saying that:
Avast! has detected a virus in the operating memory. Since it is very dangerous to work with the computer while the virus is active, it is strongly recommended that you restart the computer and let avast! scan all your data in the boot phase, before the virus can be activated. Do you want to scedual the boot-time scan and restart the computer?
I click yes and it restarts my computer scanning. These things show up when it scans:
File C:\Documents and Settings\Administrator\Local Settings\Temp.tt1A.tmp.vbs is infected by VBS:Malware-gen
File C:\Documents and Settings\Administrator\Local Settings\Temp.tt1D.tmp.vbs is infected by VBS:Malware-gen
File C:\Documents and Settings\Administrator\Local Settings\Temp.tt1E.tmp.vbs is infected by VBS:Malware-gen
File C:\Documents and Settings\Administrator\Local Settings\Temp.tt20.tmp.vbs is infected by VBS:Malware-gen
File C:\Documents and Settings\Administrator\Local Settings\Temp.tt22.tmp.vbs is infected by VBS:Malware-gen
I send them all to the chest put they re-appear every time I rescan. I’ve deleted them all before too, and they re-appear anyway.
File C:\WINDOWS\SYSTEM32\tdssadw.dll is infected by Win32:Bravix-B [Drp]
File C:\WINDOWS\SYSTEM32\tdssl.dll is infected by Win32:Bravix-B [Drp]
File C:\WINDOWS\SYSTEM32\tdsslog.dll is infected by Win32:Bravix-B [Drp]
File C:\WINDOWS\SYSTEM32\tdssmain.dll is infected by Win32:Bravix-B [Drp]
File C:\WINDOWS\SYSTEM32\tdssserf.dll is infected by Win32:Bravix-B [Drp]
I send these ones to chest also and the same thing happens. They re-appear the next time I scan.
I have downloaded the newest version of CBO and this pops up:
Location of startup: FILE
c://WINDOWS/SYSTEM32/DRIVERS/SUCHOST.EXE
Then it mentions that that was a trojan horse and that it has been shut down, but the file it comes from remains. I remove the file but it shows up again when I restart my computer.
That’s really all the information I can think of to give. My Avast! is the lastest version as is CBO. I’ve turned off my System Restore. My operating system is a Windows XP, I don’t know about the bit part. My only virus software is Avast! and now CBO.
I’m sorry if this was not clear enough. Normally I can fix these things on my own, but I guess that this is a real virus or something. I am sorry to bother you, but please help. I need my laptop back.