Win32/Adware.Virtumonde. |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Jan 5 2006, 11:39 AM
Post
#1
|
|
|
Member  Posts: 12 OS: windows xp  |
Nod32 keeps coming popping up with: Win32/Adware.Virtumonde.O application found in operating memory. System memory infection originated from file C:\WINDOWS\system32\fdconfig.dll.
Logfile of HijackThis v1.99.1 Scan saved at 17:36:30, on 05/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\System32\Tablet.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Eset\nod32.exe C:\Documents and Settings\Cal\My Documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.anwqzuvmspwc.net/zq4b654YJNY05n...o91BrO88wGs.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\fdconfig.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\Run: [CTHelper] cthelper.exe O4 - HKLM\..\Run: [PcSync] PCsync.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Windows System] agoqojjd.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe O4 - HKLM\..\RunServices: [PcSync] PCsync.exe O4 - HKLM\..\RunServices: [Microsoft Windows System] agoqojjd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\Run: [CTHelper] cthelper.exe O4 - HKCU\..\Run: [PcSync] PCsync.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [srshost.exe] C:\WINDOWS\system32\srshost.exe O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe O4 - HKCU\..\RunServices: [PcSync] PCsync.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/309469d363bdda...ip/RdxIE601.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: fdconfig - C:\WINDOWS\SYSTEM32\fdconfig.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe |
 |
 
|
Posts in this topic
nuttiepooh Win32/Adware.Virtumonde. Jan 5 2006, 11:39 AM
Cretemonster Hi nuttiepooh and Welcome to GeekstoGo!
I ne... Jan 6 2006, 08:01 AM nuttiepooh Hi, thanks alot for replying, i sent u the fdconfi... Jan 8 2006, 10:07 AM Cretemonster When you go to Safe Mode,log in under the same use... Jan 8 2006, 05:14 PM nuttiepooh Hey, sorry for delay, here are the logs, blackligh... Jan 9 2006, 03:50 PM Cretemonster Go to Add\Remove Programs and Remove
SmileyD... Jan 9 2006, 07:47 PM nuttiepooh It wouldnt let me remove smiley district optimizer... Jan 10 2006, 06:03 PM Cretemonster What happened when you tried to uninstall it from ... Jan 10 2006, 06:14 PM nuttiepooh This is what is says:
error loading C:\WINDO... Jan 11 2006, 05:31 AM Cretemonster Allright,try going to Safe Mode and Removing from ... Jan 12 2006, 01:15 PM nuttiepooh I was able to remove smiley district optimizer in ... Jan 14 2006, 04:45 PM Cretemonster Please download VundoFix.exe to your desktop.Doubl... Jan 14 2006, 05:30 PM nuttiepooh Vundo came up with nothing, and nod 32 doesnt seem... Jan 14 2006, 06:49 PM Cretemonster Copy the text below to a blank notepad page and sa... Jan 14 2006, 06:56 PM nuttiepooh It says:
Volume in drive C has no label.
Volume... Jan 15 2006, 05:55 AM Cretemonster Good Deal!
Have HijackThis fix this entry... Jan 15 2006, 08:20 AM nuttiepooh Here they are! :
-------------------------... Jan 15 2006, 11:19 AM Cretemonster Excellent Work!
Please Install these 2 to... Jan 15 2006, 11:26 AM nuttiepooh Everthing seems good, a few days ago when I tried ... Jan 15 2006, 12:00 PM Cretemonster Mr. Gary,was my pleasure to assist you,I do enjoy ... Jan 15 2006, 01:22 PM
nuttiepooh Thanks again Jan 15 2006, 02:16 PM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
38 / 1,506 | 22nd October 2008 - 06:59 PM BlueGreenOne started - last by kahdah |
|||||
|
26 / 913 | 28th February 2009 - 05:32 PM dimba started - last by dimba |
|||||
 |
 |
12 / 771 | 7th November 2008 - 01:07 PM viral_attack started - last by Rorschach112 |
||||
|
10 / 841 | 6th May 2009 - 12:34 AM nick443 started - last by Blade81 |
|||||
|
10 / 142 | 18th August 2009 - 02:14 PM Dragosh started - last by fenzodahl512 |
|||||
|
Time is now: 24th November 2009 - 03:13 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising