Problems removing Vmonde ---- htepo.com

Giganews Newsgroups
Subject: Problems removing Vmonde ---- htepo.com
Posted by:  Buck Rogers (bu…@rogers.com)
Date: Fri, 09 Nov 2007

Hello,

A client's computer is infected with Virtumonde.generic (identified by
Spybot S & D).  This manifests itself with two icons on the desktop
that point to htepo.com.

Googling htepo.com generates 411 hits and through the dialogue, I
downloaded a couple of programs (Vundofix by Atribune and FXVMonde
from Symantec).

I ran Adaware, Spybot S &D, Vundofix and FXVMonde.  Spybot and
Vundofix were the only ones to identify the problem.  Adaware and
Symantec's FXVMonde didn't find it.  This was done in Safe Mode and in
Normal Mode.

I also ran the current version of Stinger and did a complete scan with
an updated Norton AV.  Again this was done in Safe and Normal Mode.

It appeared the Malware was deleted by Spybot and Vundofix (by reading
the logs and noting the icons were delted). After cleaning, I went on
line with no problems and the popups stopped manifesting themselves.
However, after returning the computer, the client was re-infected the
moment he went on line.

The computer is up to date (XP Home), XP Firewall turned on, and
Norton is up to date and working correctly.

The only reason I have to explain the re-infection is either the
initial clean only deleted the .dll file and not the real culprit or
the client is not connected to the internet properly......he is
plugged directly into the DSL modem with no router inbetween.

Does anyone have any suggestions on how to clean this junk properly?
This is the first time in many moons I've been stumped on cleaning a
computer.

I'll provide any further info you might need to help me with this
problem.

Regards,

Buck

Replies