A Nurse with a Gun

Wednesday, November 19, 2008

More Inner Tubes Issues

It seems as though I cannot view You Tube videos from their site. I've downloaded the new Flash player and installed it. I've made sure scripting is enabled. I've rebooted. I still get this message.
"Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. Get the latest Flash player."
There are other venues available, although I will miss Jodi Miller and News Busted. Strangely, I can still view embedded You Tube videos on other web pages.

Meanwhile Virtuemonde seems to be gone, or at least quiet. Several blows from f-vmonde seem to have done the sonovabitch in. is still regenerating on my system. The latest offending files are system32\yogeresi.dll and system32\tirowefa.dll.

So, I am researching which internet security suite would best meet my needs. It seems the two real players are the old standby Norton, and a new contender Kaspersky. Whichever one I chose, getting rid of Virtuemonde and like trojans is top priority.

Norton has the reputation, but it is also well known, and as such, it also falls into the list of worthy targets for hackers. The newcomer (at least to me) Kaspersky has keylogger protection via a virtual keyboard, as well as the advantage of not being as common a target. I just don't know how reliable it is though.

I think I will try the free trial of Kaspersky and a free trial of Nortons and see how it goes......

More about Kaspersky Internet Security 2009

More about Norton Internet Security 2009

The Best Security Suites for 2009

Labels: ,


Anonymous Anonymous said...

My wife had a nasty bug on her computer. Removed with AVG. They have a free version that works well so you can see if it solves the issue before you pay. See free.avg.com.

8:25 PM  
Anonymous Anonymous said...


Regular reader, first time commenter.

I make a living as a unix sysadmin and make beer and gun money doing pc repair. Which is mostly removing viruses & spyware.

Some unsolicited advice: do not buy any security suites. First, they suck. Second, the will make your machine unbearably slow.

I regularly use Spybot Search and Destroy. Some of my colleagues also like Malware Bytes; it's also free.

Here's how you fix your problem:

1. Make sure you have the latest updates from Spybot.
2. Right click the MY Computer icon, click System Restore, click "Turn Off System Restore". (VERY important. System Restore can actually restore previously removed spyware).
3. Boot into safe mode, no networking.
4. Run Spybot.
5. Reboot, do it again.
6. If you aren't using AV software already, I recommend AVG antivirus from Grisoft.com. Don't know if they still have a free version or not, though.

Good luck!

8:47 PM  
Blogger Joe Allen said...

Norton, especially the consumer version, is such a bloated resource hog that having it on your system is generally more detrimental to performance than most viruses and malware.

It's also of dubious efficacy - I regularly have to clean up systems with fully active and up to date Norton installations.

Once it has its hooks in a system, it's almost impossible to uninstall - never a good sign.

I've re-installed Kaspersky on a couple of clients' systems - it seems to be thorough, but I don't really have any experience with it.

I have the best luck using AVG and Spybot - it's what I have on my personal machines, and companies that I do IT support for.

I have very few cooties get through.


8:52 PM  
Blogger Geoff said...

The IT company I work for installs Kaspersky on all the corporate PC. They seem to be happy with it but it's not that cheap.

9:28 PM  
Blogger lee n. field said...

Comments, from someone who's been in the field quite a while:

The best way now to get rid of your nasty would be to pull the hard disk, attach it as a second to some other computer, and scan it. With both antivirus and malware scanner, until both scan clean.

Norton (home user version, not the Symantec corporate AV) is a pig. Norton will slow your computer down, guaranteed. Norton's also a bitch to fix when it breaks.

You, at this point, should probably look into backing your stuff up and reinstalling Windows and all your apps.

10:18 PM  
Anonymous Sten said...

An infected restore point could be better than none at all!

I would recommend against deleting the restore points until *after* you have successfully removed the trojan.

I've personally removed the restore points first and ended up with a system that could not be booted.

That being said, the following two forums offer excellent guides as well as personalized feedback on how to clean up your system. Here's where to start:



I've used the help from the peeps on COMODO and Major Geeks with great success in the past cleaning up some amazingly infected systems.

Then install firefox. This alone has kept many of my friends who have no sense of maintaining security on their systems free of malware in the long term even with them visiting the dodgiest recesses of the interweb.

Good luck and don't be like Barack!


10:33 PM  
Anonymous Anonymous said...

Norton is a disaster... worse than the virus. Don't even use that free trial - you will regret it. AVG's paid system is pretty decent, but you can change quite a few of your habits to prevent about 95% of the problems.

- Decent hardware firewall
- Run Firefox with Adblock Plus rather than Internet Exploder
- Disable Java, only enable it when you need it
- Keep current on Windows updates

10:38 PM  
Anonymous Anonymous said...


Now that your system is compromised you really need to rebuild your system from scratch. The process that I use is simple but long:

Backup your data, reload Windows from scratch; if using Win XP install SP3, then install a good antivirus & firewall package. Download the latest patches/updates for the AV/FW package, install the AV/FW patches/updates, then connect to the Internet and patch your system. Reload your apps and patch again. After OS and apps are fully patched, scan computer for malware/bugs. Reload your data and scan the computer for malware/bugs.

After your system is fully up an running you might want to update your hosts file with the hosts file from "Blocking Unwanted Parasites with a Hosts File" (http://www.mvps.org/winhelp2002/hosts.htm)

As for antivirus packages, in my experience the Symantec products have vulnerabilities that are routinely exploited. So don't use them. This is not to say anything bad about the Symantec products, but the big kids throw rocks at Symantec products all day long. Sooner or later someone's rock doesn't bounce back. Vulnerability discovered, exploit follows.

Kaspersky produces a good package. Kaspersky doesn't make better software than Symantec, but fewer rocks are thrown in their direction. If you want more information the following link to PC Magazine's 2009 review of security suites should answer a lot of questions (http://www.pcmag.com/article2/0,2817,2333448,00.asp).

Good luck. Good shooting.

10:53 PM  
Anonymous Alex. said...

Here is the skiny on Kaspersky:

He was the virus maker for the KGB.
So, pay-up and get the best antyvenom from the guy who knows how to make one himself.

11:04 PM  
Anonymous Joe said...

Ok, enough is enough. My experience is Norton is worse than the problem, whateverit is. And if it ever needs to be completely removed, good luck.

On the other hand these guys are pretty damn good at solving this kind of issue.


11:30 PM  
Anonymous Sean G said...

I'm afraid a computer at work had it, and our university's IT crew, who are quite literally geniuses, had to wipe the hard drive in the end.

Good luck, that Virtumonde is a reaaaal bitch.

11:48 PM  
Blogger Bob said...

I'll go ahead and repeat my advice from the earlier thread: visit the Tech Support Guy website and register as a member. Start a thread in the Security forum, and let the experts there help you clean your system up. They will do it free of charge, and will work with you as long as it takes to get a solution that is satisfactory to you. I can vouch for their work, they have helped me clean Virtumonde out of my own computer.

They also have a world of tips and links to free utilities and programs that will help keep your system working properly.

I'd not recommend paying for antivirus if you can get one free of charge. If you use Time Warner's Roadrunner, they offer free antivirus from Computer Associates; I use it myself, and have not had any problems with virus or malware. If you don't use Roadrunner, you can get the free version of AVG antivirus, they also have an effective antispyware program.

12:16 AM  
Anonymous Anonymous said...

Xavier, not exactly in the line of your questioning, but what you really need to do is get yourself a copy of Acronis 11. It can be had extremely cheap currently because a newer version is up.

Acronis is much easier to use and reliable than Ghost or other similar programs. You create and keep clean images of your machines from clean installs, as well as incrementals backups of your critical data (email etc..). When you catch a virus, you nuke the infected machine and restore your image, as well as the critical data. Works like a charm. Ex QA software pro here: literally have done it thousands of time (use images during testing to get clean OS's).

Anti-virus programs are not a panacea, and each of them has flaws. Spybot is grossly over-rated.

12:31 AM  
Blogger Duane said...

I've been a Windows system admin and PC guru for many years.
Gonna have to speak up for the new Norton Consumer product. The new 2009 Version has the smallest footprint of any of the existing AV products and is the least intrusive.
I have avoided Norton for years. Was running AVG up till this month.
AVG used around 50MB of memory and was updated daily. Norton 2009 uses less than 10 MB and is updated every 5 minutes. Norton is using a new whitelist technology that allows scans to occur in way less time than in the past, like 10 minutes as opposed to 120 with AVG. the new Norton 2009 product also does background processing very well, running scans in the background and then as soon as you move the mouse or keyboard getting out of the way.

To recap the newest version of Norton is no longer bloated and I does not slow down your PC. Check out some of the reviews online.

12:59 AM  
Anonymous Oana said...

I just had this problem after changing a bunch of security settings. After puzzling through a variety of checkboxes and script options, what solved it was my cookie settings. (Note that this may not solve *your* problem.) Apparently a "Medium" setting in IE blocks YouTube. A "Low" allows it. Or, you could permit cookies for the entire domain.

2:01 AM  
OpenID Steve said...

Have you tried alternative web browsers such as Firefox ( http://www.mozilla.com/firefox/ ) or Opera ( http://www.opera.com/ )?

2:10 AM  
Blogger Xavier said...

I use Mozilla and Opera on occasion for different applicable tasks.

Gents, I'm not going to use anonymous advice posted to my blog. No offense, but I don't know you. I wasn't born yesterday. The last thing I will do presently is follow unsolicited anonymous advice. It makes for great reading though......

I'm posting these events for my own reference and perhaps to help others. If my posts continue to generate instructions that are obviously incorrect when dealing with this specific virus..... yes, I have named it..... Then I will simply stop posting about anything concerning my struggle at removal.

5:50 AM  
Blogger DCUnited said...

The biggest issue with many of the new 'AV' products is they attempt to do a bit more than AV (antivirus). First, they do AV, which is signature based. Basically it is looking at a file, running it against a known, bad item and saying if it is good or not. This is what you want. Many other things they do are more 'feelings' based. Basically they set up feelers to figure out if something bad 'may' be happening. This takes up a lot of cpu, disk and memory without a proven rate of return. I would suggest just the AV portion of one of the suites or AVG. My wife uses Trend-Micro and it works pretty well for her. It doesn't do as poorly as Norton in speed. My suggestion would be AVG and ZoneAlarm firewall. I do know someone who broke ZoneAlarm but it has been made stronger because the creators listen.

As far as removing the virus, rebuilding is the best way to go. It allows you to make sure that it is gone (unless there is a bios virus involved, which I don't think there is). Rebuilding also allows you get a fresh start, which windows is horrible at keeping parts of programs you remove on the system and, more importantly, in the registry.

For security moving forward, I would suggest firefox or Opera. I use firefox with Ad Block Plus and No Script and it works quite well. The methods you use for personal protection work quite well on the WWW as well. Don't go places where you are not sure of, if you can help it. A couple days ago you showed a video about the Matrix running on windows and at the end there was something said about Ubuntu. I do not know what all you use your computer for but you may want to give it a look to see if it will work for you. You can use a live cd and not harm your present installation (warning: it is slower that a real install) but I have used linux as my primary home computer for a year or two (been playing with it for almost ten years) and it has worked out quite well for me.

Best of luck.

5:56 AM  
Blogger Beth said...

ask you IT guy at work
check out leo laporte.

knoppix ,no cost,no viri, no problem.
not anonymussess

6:03 AM  
Blogger bumper sticker philosopher said...

Back up your data then take off and nuke it from orbit, It's the only way to be sure.

Even if you don't do a total reinstall, I would also have to recommend staying away from Norton. I just had to rebuild the machine of a friend who installed the latest version of Norton to remove a persistant Trojan infestation. The machine was unusable afterwards.

I'd recommend Kaspersky or AVG.

As for taking my advice, it's your call. Just offering my $.02.

word verification: satism

6:43 AM  
Blogger Mikael said...

I use AVG, good enough for my needs, and free.

However a while back(a few years, so possibly not pertinent anymore), my computer stoped functioning and had to be sent in for repairs, one thing the computer shop did in the process of trying to fix it was clean up my computer, this being a professional computer repair shop, I thought I'd share what they used: F-Secure. (And yes, I had a bunch of junk they removed, something along the lines of 50+ spyware/malware/trojans that my anti-spyware program at the time, Ad-Aware, had missed).

6:58 AM  
Anonymous Anonymous said...

If your computer needs are word processing and web browsing, Fedora Linux will have everything you need. It is free. The install is easier than installing windows. The applications are free. The updates are automatic and free.
You will be immune to any virus that runs on windows.
Fedora looks and works pretty much like windows or a mac. Very very easy.

Download the DVD image at


7:42 AM  
Blogger Thernlund said...

I've removed this malware by hand many many times.

Look up my reputation, then either send me the computer at my work(silly?) or get me access to it and I will fix it free of charge.

Alright... yeah. It's probably ridiculous to offer. I might be some loon. By hey... just putting it out there. I can fix this pretty quickly.


9:02 AM  
Anonymous Anonymous said...

I got Vundo on a computer...had to wipe the hard drive to get rid of it.

9:19 AM  
Anonymous Sutton said...

I know it doesn't help your current situation, but after you rectify things enough to extract whatever data you want to keep from your current machine, why not consider getting a Mac? These issues just don't really come up, not because they're impregnable (though native security is definitely good on Macs) but just because virus writers know they get more bang for their buck if they work to attack PCs. Knock on wood, but I've literally never had a problem with a virus on any of my Macs, and that's with only casually paying attention to whatever security software I have installed, if any.

The other nice thing about Macs is, they're actually still worth some money a few years after purchasing, so you can sell them when you want to upgrade.

9:54 AM  
Anonymous Anonymous Bosch said...

RE: "Gents, I'm not going to use anonymous advice posted to my blog. No offense, but I don't know you. I wasn't born yesterday."

With respect, nothing I see posted in these comment is malicious, and all could be vetted by your own research.

Realistically, are the uber-hackers of the world trolling your blog to offer up some custom crafted social engineering blog comments, when they could be spending their time on building the social engineering web sites like the one that infected your computer and likely thousands of others?

On point and worth a mention is VundoFix http://vundofix.atribune.org/. That is, it would be worth mentioning, if you were taking unsolicited advice.

If you're still not interested in anonymous advice then all I can offer is "Good Luck!," as there is no 'One Ring' commercial product to rid yourself of all malware other than the one that came with your computer:
"C:\> FORMAT C:"

Then get a copy of Ubuntu or a Mac.

Anonymously yours,
Anonymous Bosch

11:37 AM  
Anonymous Anonymous said...

I agree - unsolicited advice may get you even deeper down the rabbit hole. Your best bet is to search within legit security software sites, like Symantec, Trend Micro, Norton, Kaspersky. Don't waste time googling it; go to the security software site and search within that site. Some offer free Virtumonde removal tools. I can't vouch for which may work better, but the good news (well, sort of) is the Virtumonde trojan has been around for quite some time now, so the latest removal tools (from legit companies) should have a pretty good removal success rate.

12:13 PM  
Blogger Arthur said...

I would avoid Norton like the plague.

In my dealings with it Norton was always big, bloated and fragile. And when it did break, it would break in the most truly ODD ways. It also would take a heroic effort to remove it completely when you finally did get sick of it.

If as commenter Duane suggested they've cleaned up their act, great. Let a bunch of other people test that out for you.

1:01 PM  
Blogger Joe Allen said...

I forgot to mention another line of defense that I've been using for a while that has saved my bacon several times: www.sandboxie.com.

It will run your browser of choice - or any other application - in an isolated space and prevent it from making changes to your system files.

It's caught several trojans trying to affect system files, which don't exist in the isolated space.

It's free for 30 days with a nag screen after that, or $30 or so to make the screen go away.


1:17 PM  
Anonymous Anonymous said...

Well Xavier you know what they say about opinions they are like ass hxxx everyone has one.

2:14 PM  
Anonymous Anonymous said...

Joe Allen is right. Everytime I tried Norton, it slowed my system so much that I deinstalled it.

Norton is a pig.

5:18 PM  
Anonymous Anonymous said...

My company runs a pair of systems 24/7 on T1 lines, plus two at the house, and a variety of off premise boxes. Over the last twenty years I have tried enough AV software to pay for a pretty good used car.

I have long since concluded Norton is a waste of time and money. The time you waste recreating your system from backups - and the money you spend for it.

Not to mention the aggravation when you renew on line, the key does not work, and tech support and I do not seem to have any language in common.

Kaspersky does quite well as a firewall/AV first line of defense, with Spy Sweeper running behind it.

While these boxes all have two gigs or more of RAM, I do not believe the combination uses any unreasonable amount of memory - and Crucial (crucial.com) charges less than $20 a Gigabyte for RAM. About what a 8Kb chip cost back when.

Kaspersky updates virus definitions every hour. It's not free, but free stuff is usually worth what you paid for it.

I spend a lot of time running down financial news stories, and Spy Sweeper will occasionally lock me out of a suspicious site. Better safe than sorry so I'm
happy with that.

I also run "Advanced System Optimizer" as a "run B4 shutdown" third line of defense on my home boxes. ASO has caught a couple of keystroke loggers that escaped Norton, and the cleanup and optimizers also work very, very well.

I used Spybot some time back. It missed a keystroke logger - with some irritating consequences. And I have had much better support from paid AV ware than free. $100 a box a year is cheap peace of mind.

Otherwise the "Regular Reader, First Time Commentator" is pretty much on target. I will add that the free version of Zone Alarm is a must if you go the free/shareware route.

Once you are back on line, with your choice of firewall and AV software installed, DO go to Steve Gibson's grc.com site, and click on the "Shelds Up" logo.

Then download and install ALL of the free security software. Especially "Shoot the Messenger" and "Unplug and Pray." But read about all the free stuff and decide if you need all of it or just the two critical ones.

Once you have completed that chore, scroll on down and do the "leak test" and "shields up."

The reevaluate your security situation in light of the results.


Pete Allen

Pete Allen

6:15 PM  
Anonymous Anonymous said...

Get a Mac.

Norton 2009 is NOT a resource hog as previous versions were.

9:34 PM  
Blogger Mauser*Girl said...

I second heading over to the Major Geeks forums. They are highly helpful and have links and downloads for software to help you get rid of issues. I removed some nasty stuff from Trueman's old system following instructions from that forum.

Spybot Search & Destroy and AVG are a good place to get started if you're having issues.

As far as a new Antivirus and security suite, we have been using ESET Smart Security after it was recommended to me by IT friends who are using it on their clients' computers. WE have been very happy with it. I think it's probably one of the most underrated programs out there - and it's not ridiculously expensive like Norton, nor will it completely screw up your system like Noron.

10:28 PM  
Anonymous Anonymous said...

Norton Internet Security Version 2009 (16.0)
The 2009 version was released on September 8, 2008. It uses a new software architecture which boosts the software speed. It has some new features including Silent Mode, Smart Idle Time Scheduler, Program Trust, a CPU/Memory usage monitor, and Norton Insight which uses data from a global network to predetermine if a file is safe.

Symantec claims that Norton 2009 is the fastest amongst its predecessors and in the world because of its new architecture that reduces the boot time impact, the scan time, the memory usage as well as the system footprint and the install time. Redundancies have been removed, slimming the installation size from 300 megabytes in 2006 to less than 100 megabytes

9:16 PM  

Post a Comment

<< Home

Links to this post:

Create a Link