Restart problem may be related to virtumonde

[Lisandro]

Will any of this stuff be incorporated into avast eventually?

avast already has some antirootkit detection. More on version 5.

[lenny24]

Trojanhunter did not work, this must be a very new and very bad version of vundu / virtumonde. I tried that other file by the forum user and nothing seemed to happen. Will try the rootkit stuff next but I think this may be something entirely new that the avast and other experts need to get working on. 

[oldman]

Trojanhunter did not work, this must be a very new and very bad version of vundu / virtumonde. I tried that other file by the forum user and nothing seemed to happen. Will try the rootkit stuff next but I think this may be something entirely new that the avast and other experts need to get working on. 

They have been for the last few weeks. One of the problems being encountered is vundos ability to update and infect program executables. Some programs may seem fine in one use and infected the next. Programs such as av's, antispyware as well as window components like msconfig have been infected. Each use of these programs result in more infected files.

[lenny24]

Alright major and GOOD update, I may start a separate thread on this so it gets attention:

I found this thread: http://www.dslreports.com/forum/r19208560-Vundo-Vundo-Removal

The person seemed to have the same problem, could detect but not delete with vundofix. I downloaded combofix mentioned in the middle of the thread and it seems to have kicked Vundo / Virtumonde's @$$ into next Tuesday! 

There are no longer any Vundo files on my system, at least right now, even after reboot.

Combofix also deleted a bunch of other stuff, including some stuff in the avast and Adobe acrobat (another user mentioned) folder, as well as a n=bunch of quicktime stuff.

Avast is still working, I did get the start error but the thing that caused all of this appears to be gone and boot is completely back to normal. Here is a log of what combofix deleted:

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\qttask                 .exe
C:\Program Files\QuickTime\qttask                .exe
C:\Program Files\QuickTime\qttask               .exe
C:\Program Files\QuickTime\qttask              .exe
C:\Program Files\QuickTime\qttask             .exe
C:\Program Files\QuickTime\qttask            .exe
C:\Program Files\QuickTime\qttask           .exe
C:\Program Files\QuickTime\qttask          .exe
C:\Program Files\QuickTime\qttask         .exe
C:\Program Files\QuickTime\qttask        .exe
C:\Program Files\QuickTime\qttask       .exe
C:\Program Files\QuickTime\qttask      .exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\opnopqr.dll
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutq.exe