Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multi Virtmonde versions infestation.

Started by Tashar59 , Nov 22 2007 11:24 PM

  • Please log in to reply

#1
Tashar59
Posted 22 November 2007 - 11:24 PM

Tashar59

    New Member

  • Member
  • Pip
  • 1 posts
It only took 1 night for relatives to ruin perfect record. I don't know what they were trying to download but they did manage to infect my computer with, Virtumonde, Virtumonde .generic, Virtumonde .rtk, Virtumod .211 and a bogus antivirus they tried to use to fix it.

I managed to get rid of most of it, I think, at least the 5 second popups that would stop an antivirus scan or any of the fixes. Got rid of the bogus antivirus app. I can't stop the second window opening to other sites when using my browser. I have also noticed when first opening IE there is a second/another browser that shows for a split second and then hides. The second window opens every time I load a new page.

Here are the scan logs. I don't have all of them as I was about to re-format when someone told me about this placeand give you a try first. I used adware, spybot S&D, my norton antivirus besides many others.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:04 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.efirehose.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Primus Canada
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [cce1d761] rundll32.exe "C:\WINDOWS\system32\liakuxsv.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_SE4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.primus.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167552045619
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8988 bytes



[11/19/2007, 1:10:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kevin\Desktop\VirtumundoBeGone.exe" )
[11/19/2007, 1:10:29] - Detected System Information:
[11/19/2007, 1:10:29] - Windows Version: 5.1.2600, Service Pack 2
[11/19/2007, 1:10:29] - Current Username: Kevin (Admin)
[11/19/2007, 1:10:29] - Windows is in NORMAL mode.
[11/19/2007, 1:10:29] - Searching for Browser Helper Objects:
[11/19/2007, 1:10:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/19/2007, 1:10:29] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[11/19/2007, 1:10:29] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/19/2007, 1:10:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/19/2007, 1:10:29] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[11/19/2007, 1:10:29] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[11/19/2007, 1:10:29] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[11/19/2007, 1:10:29] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/19/2007, 1:10:29] - BHO 7: {92F3F559-EAFA-43BB-93EC-50B2789F139C} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/19/2007, 1:10:29] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/19/2007, 1:10:29] - BHO 8: {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\vtussro
[11/19/2007, 1:10:29] - Found: HKLM\...\Winlogon\Notify\vtussro - This is probably Virtumundo.
[11/19/2007, 1:10:29] - Assigning {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} MSEvents Object
[11/19/2007, 1:10:29] - BHO list has been changed! Starting over...
[11/19/2007, 1:10:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/19/2007, 1:10:29] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[11/19/2007, 1:10:29] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/19/2007, 1:10:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/19/2007, 1:10:29] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[11/19/2007, 1:10:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:29] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[11/19/2007, 1:10:29] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[11/19/2007, 1:10:29] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[11/19/2007, 1:10:29] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/19/2007, 1:10:30] - BHO 7: {92F3F559-EAFA-43BB-93EC-50B2789F139C} ()
[11/19/2007, 1:10:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:30] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/19/2007, 1:10:30] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/19/2007, 1:10:30] - BHO 8: {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} (MSEvents Object)
[11/19/2007, 1:10:30] - ALERT: Found MSEvents Object!
[11/19/2007, 1:10:30] - BHO 9: {dd223b81-0969-49fa-bbd6-b29ddad70058} ()
[11/19/2007, 1:10:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:30] - Checking for HKLM\...\Winlogon\Notify\toyqupjm
[11/19/2007, 1:10:30] - Key not found: HKLM\...\Winlogon\Notify\toyqupjm, continuing.
[11/19/2007, 1:10:30] - Finished Searching Browser Helper Objects
[11/19/2007, 1:10:30] - *** Detected MSEvents Object
[11/19/2007, 1:10:30] - Trying to remove MSEvents Object...
[11/19/2007, 1:10:31] - Terminating Process: IEXPLORE.EXE
[11/19/2007, 1:10:31] - Terminating Process: RUNDLL32.EXE
[11/19/2007, 1:10:31] - Disabling Automatic Shell Restart
[11/19/2007, 1:10:31] - Terminating Process: EXPLORER.EXE
[11/19/2007, 1:10:31] - Suspending the NT Session Manager System Service
[11/19/2007, 1:10:32] - Terminating Windows NT Logon/Logoff Manager
[11/19/2007, 1:10:32] - Re-enabling Automatic Shell Restart
[11/19/2007, 1:10:32] - File to disable: C:\WINDOWS\system32\vtussro.dll
[11/19/2007, 1:10:32] - Removing HKLM\...\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
[11/19/2007, 1:10:32] - Removing HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
[11/19/2007, 1:10:32] - Adding Kill Bit for ActiveX for GUID: {BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
[11/19/2007, 1:10:32] - Deleting ATLEvents/MSEvents Registry entries
[11/19/2007, 1:10:32] - Removing HKLM\...\Winlogon\Notify\vtussro
[11/19/2007, 1:10:32] - Searching for Browser Helper Objects:
[11/19/2007, 1:10:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/19/2007, 1:10:32] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (bho2gr Class)
[11/19/2007, 1:10:32] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/19/2007, 1:10:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/19/2007, 1:10:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/19/2007, 1:10:32] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[11/19/2007, 1:10:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:32] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[11/19/2007, 1:10:32] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[11/19/2007, 1:10:32] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[11/19/2007, 1:10:32] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/19/2007, 1:10:32] - BHO 7: {92F3F559-EAFA-43BB-93EC-50B2789F139C} ()
[11/19/2007, 1:10:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:32] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/19/2007, 1:10:32] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/19/2007, 1:10:32] - BHO 8: {dd223b81-0969-49fa-bbd6-b29ddad70058} ()
[11/19/2007, 1:10:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/19/2007, 1:10:33] - Checking for HKLM\...\Winlogon\Notify\toyqupjm
[11/19/2007, 1:10:33] - Key not found: HKLM\...\Winlogon\Notify\toyqupjm, continuing.
[11/19/2007, 1:10:33] - Finished Searching Browser Helper Objects
[11/19/2007, 1:10:33] - Finishing up...
[11/19/2007, 1:10:33] - A restart is needed.
[11/19/2007, 1:10:47] - Attempting to Restart via STOP error (Blue Screen!)




Incident Status Location

Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:adware/portalscan Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@doubleclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@enhance[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@linksynergy[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\VirtumundoBeGone.exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Kevin\Local Settings\Temp\cemgugtw.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Kevin\Local Settings\Temp\nauciwur.exe


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 8:54:01 PM 11/18/2007

Listing files found while scanning....

C:\windows\system32\muchhwqw.dll
C:\windows\system32\muchhwqw.dllbox
C:\windows\system32\uhxphwxr.dll

Beginning removal...

Attempting to delete C:\windows\system32\muchhwqw.dll
C:\windows\system32\muchhwqw.dll Has been deleted!

Attempting to delete C:\windows\system32\muchhwqw.dllbox
C:\windows\system32\muchhwqw.dllbox Has been deleted!

Attempting to delete C:\windows\system32\uhxphwxr.dll
C:\windows\system32\uhxphwxr.dll Has been deleted!

Performing Repairs to the registry.
Done!



Thanks for any help you can give.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP