Found virus but can't find virus

Digital Nightfall on 11/4/2010 at 18:43

This just began about two hours ago. Here's the odd thing. Microsoft Security Essentials keeps warning me of a virus on my computer. I tell it to remove it and it claims to do so, but it come back in 15 - 20 mins. I am sure it's there - clicking on links on google always sends me to some strange and shady website, not where the link was supposed to take me. The problem is that both MSE and Malwarebytes (I'm broke right now, I can't afford a paid virus protection license) can't find anything on a full system scan. Zero results on both.

I know there's a freeware virus scanner out there that scans during bootup and kills what most other scanners can't even find. I've used it before. It works great. But I can't remember what it's called, and searching online has gotten me nowhere. Does anyone have any ideas?

Enchantermon on 11/4/2010 at 19:08

I've always been quite happy with (http://www.avast.com/index) avast!, and it has an option to scan on boot.

Queue on 11/4/2010 at 19:09

Digi, it sounds a lot like Virtumondo (there are variant spellings like Virtumonde) which is a bitch to get rid of as it hides and reinstalls itself--but can be gotten rid of with freeware.

Runs these programs, one after the other as none alone with fully remove it, to get rid of it:

- Fixvundo
- VirtumundoBeGone
- Vundofix

Then, run and AdAware scan followed by a WiseRegistry scan. you should be golden after that, or at least know it's not Virtumondo

(EDIT) Avast is one of the best (it's what I run and greatly support) but it won't get rid of Virtumono, though it will keep finding it, or stop it from coming in.

bikerdude on 11/4/2010 at 21:06

Quote Posted by Digital Nightfall

Here's the odd thing. Microsoft Security Essentials

unfortunately this where your problem is, MSE is uttler crap at detecting or removing virus's.

what I suggest is -

* Run the free scanner from kaspersky - (http://www.kaspersky.co.uk/virusscanner)

* Then run the virus removal tool - (http://support.kaspersky.com/viruses/avptool2010?level=2)

* then after all that go and buy a 1 user OEM copy of KAV2010 for $15 - (http://www.google.com/products?q=kaspersky+antivirus+2010+oem&aq=f)

Digital Nightfall on 12/4/2010 at 00:29

Trying the Anvil boot scan now. Thanks, guys!

It's just my laptop... but it's also "just" my dromeding machine. :(

Edit 1: Well that didn't work. I'm trying NV's suggestion next (told to me in a chat) of using a boot-disc OS with some built in scanners to have a hack at it. If that doesn't work I'll go with Queue's or Biker's suggestions.

Edit 2: I'm actually using a combo of NV and Queue's suggestions. Fingers crossed.

Edit 3: No Vundo found! Shit...

Queue on 12/4/2010 at 03:19

Hmmm....

Have you tried running F-Secure's Blacklight program? It hunts out apps that hide.

Brian The Dog on 12/4/2010 at 09:38

If you're after an Anti-Virus software that is bootable, then (http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/) Kapersky do one, although I'd recommend (http://www.techmixer.com/bitdefender-rescue-cd-with-auto-update-virus-definition-features/) BitDefender's instead since it updates the definitions via the internet.

bikerdude on 12/4/2010 at 16:10

Quote Posted by Brian The Dog

instead since it updates the definitions via the internet.

I image the latest version (2010) of KAV does also..

EZ-52 on 12/4/2010 at 18:33

Try running (http://www.combofix.org) ComboFix on your computer and seeing if it helps.