Virtumonde virus/spyware [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Virtumonde virus/spyware [RESOLVED], can't get rid of the dll in my system32 folder

Options

NatPortmanYUM View Member Profile	Oct 19 2008, 08:21 PM Post #1
Member Posts: 24 From: Canada OS: XP	I had my anti virus/spyware off at the moment because it lags when I play fps games. I guess I forgot to turn it back on before I went on to the internet. Once I was done and not on the internet, I started getting pop-ups. I immediately went to my system32 folder only to find a couple dlls with random names i.e vtUnmNEt.dll, ajgska.dll etc.. I deleted the ones that could be deleted, but it's still on my pc so I've just had my zonealarm firewall settings on the highest they could go for the time being until I get rid of this. Thanks ahead of time Here are the logs from HijackThis and OScanIt Attached File(s) hijackthis.txt ( 5.98K ) Number of downloads: 17 OTScanIt.Txt ( 109.61K ) Number of downloads: 25

Tigger93 View Member Profile	Oct 19 2008, 08:34 PM Post #2
Trusted Helper Posts: 1,870 OS: XP	Hi, Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

NatPortmanYUM View Member Profile	Oct 19 2008, 10:03 PM Post #3
Member Posts: 24 From: Canada OS: XP	Hi, thanks for your help and here is the log: CODE Malwarebytes' Anti-Malware 1.29 Database version: 1295 Windows 5.1.2600 Service Pack 3 19/10/2008 11:53:33 PM mbam-log-2008-10-19 (23-53-33).txt Scan type: Quick Scan Objects scanned: 47364 Time elapsed: 4 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 9 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\vtUnmNEt.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{939c24aa-fe14-4729-a095-d4be6a53853e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtunmnet (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{939c24aa-fe14-4729-a095-d4be6a53853e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{939c24aa-fe14-4729-a095-d4be6a53853e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc32hj0ec77 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\vtUnmNEt.dll (Trojan.Vundo.H) -> Delete on reboot.

Tigger93 View Member Profile	Oct 20 2008, 05:31 PM Post #4
Trusted Helper Posts: 1,870 OS: XP	Empty those items from quarantine. Please post a new HJT log.

NatPortmanYUM View Member Profile	Oct 20 2008, 08:29 PM Post #5
Member Posts: 24 From: Canada OS: XP	Here you go. Attached File(s) hijackthis.txt ( 5.76K ) Number of downloads: 30

Tigger93 View Member Profile	Oct 21 2008, 02:50 PM Post #6
Trusted Helper Posts: 1,870 OS: XP	Please stop attaching the logs, just post them. Your logs look good. Are you having any problems?

NatPortmanYUM View Member Profile	Oct 21 2008, 03:06 PM Post #7
Member Posts: 24 From: Canada OS: XP	QUOTE (Tigger93 @ Oct 21 2008, 04:50 PM) Please stop attaching the logs, just post them. Your logs look good. Are you having any problems? Nope nothing so far, but I ran my zonealarm anti-virus/spyware, it found and quarantined about 7 of these "Trojan.Win32.Monderb.uxu" located in C:\Program Files\Trend Micro\HijackThis\backups\

Tigger93 View Member Profile	Oct 21 2008, 05:43 PM Post #8
Trusted Helper Posts: 1,870 OS: XP	Delete C:\Program Files\Trend Micro\HijackThis\backups\ and you'll be set.

NatPortmanYUM View Member Profile	Oct 21 2008, 06:15 PM Post #9
Member Posts: 24 From: Canada OS: XP	QUOTE (Tigger93 @ Oct 21 2008, 07:43 PM) Delete C:\Program Files\Trend Micro\HijackThis\backups\ and you'll be set. Done. Thanks alot for taking the time to help me get rid of this problem.

Tigger93 View Member Profile	Oct 21 2008, 08:55 PM Post #10
Trusted Helper Posts: 1,870 OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Might be infected with Virus/Spyware ? [RESOLVED] 123» 6	78 / 3,466	10th February 2008 - 11:03 AM Chrissy G started - last by JSntgRvr
Virus, Spyware and Trojan Removal antispywaresuite/virtumonde virus HELP [RESOLVED]	11 / 2,439	13th April 2008 - 04:35 AM Sims1 started - last by Essexboy
Virus, Spyware and Trojan Removal Can't seem to rid my PC of virus/spyware [RESOLVED] 12	19 / 1,293	19th July 2008 - 08:00 PM APCSystems started - last by Octagonal
Virus, Spyware and Trojan Removal Virtumonde virus problem [RESOLVED]	13 / 597	14th December 2008 - 11:33 AM helpme85 started - last by fenzodahl512