Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumondo Virus

Started by NotSoStr8Me , Mar 25 2006 12:59 PM

  • This topic is locked This topic is locked

#1
NotSoStr8Me
Posted 25 March 2006 - 12:59 PM

NotSoStr8Me

    Member

  • Member
  • PipPip
  • 17 posts
I ran the virtunmondobegone file and restarted my computer and I have the log. How do I know if its gone or not?
Here is a copy of the log.

[03/25/2006, 12:20:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Holly\Local Settings\Temporary Internet Files\Content.IE5\R4HO7TXJ\VirtumundoBeGone[1].exe" )
[03/25/2006, 12:21:00] - Detected System Information:
[03/25/2006, 12:21:00] - Windows Version: 5.1.2600, Service Pack 2
[03/25/2006, 12:21:00] - Current Username: Holly (Admin)
[03/25/2006, 12:21:00] - Windows is in NORMAL mode.
[03/25/2006, 12:21:00] - Searching for Browser Helper Objects:
[03/25/2006, 12:21:00] - BHO 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} ()
[03/25/2006, 12:21:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2006, 12:21:00] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/25/2006, 12:21:00] - Found: HKLM\...\Winlogon\Notify\pmkjj - This is probably Virtumundo.
[03/25/2006, 12:21:00] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[03/25/2006, 12:21:00] - BHO list has been changed! Starting over...
[03/25/2006, 12:21:00] - BHO 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} (MSEvents Object)
[03/25/2006, 12:21:00] - ALERT: Found MSEvents Object!
[03/25/2006, 12:21:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/25/2006, 12:21:00] - BHO 3: {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} (MSEvents Object)
[03/25/2006, 12:21:00] - ALERT: Found MSEvents Object!
[03/25/2006, 12:21:00] - BHO 4: {5AB21E92-5182-475B-960B-06D5B9B3B987} (C:\WINDOWS\adsldpbd.dll)
[03/25/2006, 12:21:00] - BHO 5: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
[03/25/2006, 12:21:00] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/25/2006, 12:21:01] - BHO 7: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
[03/25/2006, 12:21:01] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2006, 12:21:01] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/25/2006, 12:21:01] - Finished Searching Browser Helper Objects
[03/25/2006, 12:21:01] - *** Detected MSEvents Object
[03/25/2006, 12:21:01] - Trying to remove MSEvents Object...
[03/25/2006, 12:21:02] - Terminating Process: IEXPLORE.EXE
[03/25/2006, 12:21:02] - Terminating Process: RUNDLL32.EXE
[03/25/2006, 12:21:02] - Disabling Automatic Shell Restart
[03/25/2006, 12:21:02] - Terminating Process: EXPLORER.EXE
[03/25/2006, 12:21:02] - Suspending the NT Session Manager System Service
[03/25/2006, 12:21:02] - Terminating Windows NT Logon/Logoff Manager
[03/25/2006, 12:21:03] - Re-enabling Automatic Shell Restart
[03/25/2006, 12:21:03] - File to disable: C:\WINDOWS\system32\pmkjj.dll
[03/25/2006, 12:21:03] - Renaming C:\WINDOWS\system32\pmkjj.dll -> C:\WINDOWS\system32\pmkjj.dll.vir
[03/25/2006, 12:21:03] - File successfully renamed!
[03/25/2006, 12:21:03] - Removing HKLM\...\Browser Helper Objects\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[03/25/2006, 12:21:03] - Removing HKCR\CLSID\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[03/25/2006, 12:21:03] - Adding Kill Bit for ActiveX for GUID: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[03/25/2006, 12:21:03] - Deleting ATLEvents/MSEvents Registry entries
[03/25/2006, 12:21:03] - Removing HKLM\...\Winlogon\Notify\pmkjj
[03/25/2006, 12:21:03] - Searching for Browser Helper Objects:
[03/25/2006, 12:21:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/25/2006, 12:21:03] - BHO 2: {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} (MSEvents Object)
[03/25/2006, 12:21:03] - ALERT: Found MSEvents Object!
[03/25/2006, 12:21:03] - BHO 3: {5AB21E92-5182-475B-960B-06D5B9B3B987} (C:\WINDOWS\adsldpbd.dll)
[03/25/2006, 12:21:03] - BHO 4: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
[03/25/2006, 12:21:03] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/25/2006, 12:21:03] - BHO 6: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
[03/25/2006, 12:21:03] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2006, 12:21:03] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/25/2006, 12:21:03] - Finished Searching Browser Helper Objects
[03/25/2006, 12:21:03] - *** Detected MSEvents Object
[03/25/2006, 12:21:03] - Trying to remove MSEvents Object...
[03/25/2006, 12:21:04] - Terminating Process: IEXPLORE.EXE
[03/25/2006, 12:21:04] - Terminating Process: RUNDLL32.EXE
[03/25/2006, 12:21:04] - Disabling Automatic Shell Restart
[03/25/2006, 12:21:04] - Terminating Process: EXPLORER.EXE
[03/25/2006, 12:21:04] - Suspending the NT Session Manager System Service
[03/25/2006, 12:21:04] - Terminating Windows NT Logon/Logoff Manager
[03/25/2006, 12:21:04] - Re-enabling Automatic Shell Restart
[03/25/2006, 12:21:04] - File to disable: C:\WINDOWS\Config\webnet.dll
[03/25/2006, 12:21:04] - Renaming C:\WINDOWS\Config\webnet.dll -> C:\WINDOWS\Config\webnet.dll.vir
[03/25/2006, 12:21:04] - File successfully renamed!
[03/25/2006, 12:21:04] - Removing HKLM\...\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
[03/25/2006, 12:21:04] - Removing HKCR\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
[03/25/2006, 12:21:04] - Adding Kill Bit for ActiveX for GUID: {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
[03/25/2006, 12:21:04] - Deleting ATLEvents/MSEvents Registry entries
[03/25/2006, 12:21:04] - Removing HKLM\...\Winlogon\Notify\webnet
[03/25/2006, 12:21:04] - Searching for Browser Helper Objects:
[03/25/2006, 12:21:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/25/2006, 12:21:04] - BHO 2: {5AB21E92-5182-475B-960B-06D5B9B3B987} (C:\WINDOWS\adsldpbd.dll)
[03/25/2006, 12:21:04] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (UberButton Class)
[03/25/2006, 12:21:04] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/25/2006, 12:21:04] - BHO 5: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} (YahooTaggedBM Class)
[03/25/2006, 12:21:04] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2006, 12:21:04] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/25/2006, 12:21:04] - Finished Searching Browser Helper Objects
[03/25/2006, 12:21:04] - Finishing up...
[03/25/2006, 12:21:04] - A restart is needed.
[03/25/2006, 12:21:04] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[03/25/2006, 12:21:23] - Attempting to Restart via STOP error (Blue Screen!)
  • 0

Advertisements

#2
Flrman1
Posted 25 March 2006 - 01:58 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please do not post duplicate topics. I have replied here:

http://www.geekstogo...83

Make all posts regarding this matter in that thread. This one is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP