sys32/bovusuyo.dll located, deleted

i am wondering if as I delete them it is creating more, damn...

lemme comb the dir and see...

did you try the combofix I posted? or are you on vista?






or maybe I am just on Stuart D's elite ignore feature :1orglaugh

I downloaded it, but didn't like the "can shut down your computer" warning lol

Am I describing something similar to what you had?

also found:

nayirima.dll
nelumoje.dll

but as I detected it was making more as I deleted them... and it was

the file names are all dynamic and yes they are being created as I deletd this file called "mabalawa"

upon deleting that it created a copy of mabalawa, two .dlls (raramugee.dll zofarimo.dll) and egumarar (config file)

lol

I dont rememebr what i had, its been some trojan, perhaps a more simply one than yours.

I got the "1 in 100 computers won't survive the scan" message or so but I proceed and it went Ok.

You can make the windows recovery console like they suggest but I didn't do that.

anwway, Combofix is a powerful tool, recommended on many forums.
I was also scared to use it first but it went Ok.

If you take their warning literally, then you've got 99% chance that it will run fine... and hopefully it can get rid of your trojan, though no 100% promisses obviously..

anwyay good luck, cant really say much more

did you try scanning with your network connection disconnected? Some of these virii use your internet connection in order to get shit from a database or whatever so if you're still connected that is more than likely why it keeps coming back. Try all these scan with NO NETWORK CONNECTION and see if that helps.

i've had Virtumonde - go here - complete step by step guide - you have most of the software already - read carefully, follow the instructions

http://forums.majorgeeks.com/showthread.php?t=35407

and you MUST run ComboFix after using SuperAntiSpyware, Spybot S&D, MBAM

there's nothing to fear running ComboFix

Fletch man, just download windows new live one care program.

http://onecare.live.com/standard/en-us/3/default.htm

Its the only one that worked for me, the trial will still remove everything, you get like 3 months free. I have this puppy running all the time, rock solid program. Good luck with it..

this shit is getting out of hand - there have been half a dozen posts just on GFY in the past week about Virtumonde. Why the fuck doesn't anybody in law enforcement go after these people - they're easy to trace, most of them are incredibly trying to get you to buy anti-spyware software after they put it on your machine or redirecting you to pay per click ad networks, follow the money. I know what site I picked it up on.

and the Mac owners who smugly tell you 'get a Mac' because Macs don't get this shit - sorry your time is coming, the more people switching to Mac makes it inevitable that these guys right now are writing malicious code for the Mac. Apple for the first time is now recommending their users start using anti-virus software - they know what's coming.

k, i am following the guide you posted mutt,... combofix (it seems) has been able to delete some things that were undeleteable before... but i am crossing fingers...

heres some of what combofix *claims* to have removed that others couldnt:

c:\windows\system32\vuzinaku.dll
c:\windows\Tasks\jbmyigho.job

these BHO databases were a bitch to remove:

BHO-{b101738f-bc27-4dea-8c2c-a37e2940a71d} - c:\windows\system32\narudoku.dll
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
BHO-{E672726E-AB49-43CF-876E-3ADD486F7E29} - c:\windows\system32\jkkLBqPh.dll
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-mibutamiku - c:\windows\system32\tapusura.dll

and the tapusua.dll was being called from the beginning, I knew it was part of it, but couldnt remove it... so far looking good, but ive gotten excited before and had it remanifest lol

having problem getting this one gone though

HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

Well if your computer is now running normally I wouldn't worry about that last remnant - but if you are - register on Major Geeks forum and one of them will give you further advice on how to get rid of that.

I went through it for a few days. NOTHING worked so I had to just wipe her clean. :-(

But today she's blazing fast and running smooth.

Is this virus available for download?

Im sure you got it just by posting in this thread.

Had the virtumonde a few weeks ago too (missed this thread). Wrestled with it for about 2 or 3 hours but of course it kept coming back. Three hours was my point of no return so I reached for my XP disc and started from scratch. After reading this thread I am so glad I just formatted and started over...probably saved time in the long run.