Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Virtumonde


  • Please log in to reply

#1
wudisc

wudisc

    New Member

  • Member
  • Pip
  • 1 posts
I've been battling this little bugger for a couple weeks now. I've successfully removed a bunch of infections before, but this one just keeps coming back!
I've done a hijackthis, nod32, vundofix scans in safe mode, and thought I had cleaned it out, but every reboot at start up nod32 reports that the dll files have reappeared! I've come here for some much needed help.
I suspect I am overlooking something in that ugly hijackthis log so first things first;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:48, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [vmc] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\vmc.dll
O4 - HKLM\..\RunOnce: [Falcon] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Falcon.dll
O4 - HKLM\..\RunOnce: [mswm] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\mswm.dll
O4 - HKLM\..\RunOnce: [NetMD] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\NetMD.dll
O4 - HKLM\..\RunOnce: [SPTISRVps] C:\PROGRA~1\COMMON~1\SONYSH~1\OpenMG\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISR~1.DLL
O4 - HKLM\..\RunOnce: [OMG LP 4.7-07-14-05-01] C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /n /o
O4 - HKLM\..\RunOnce: [AppReg] C:\PROGRA~1\Sony\SONICS~1\AppReg.exe
O4 - HKLM\..\RunOnce: [AudioNorm.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\AUDION~1.DLL
O4 - HKLM\..\RunOnce: [Metallic.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Metallic.dll
O4 - HKLM\..\RunOnce: [OmgApDeliveryManagerComp.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OMGAPD~1.DLL
O4 - HKLM\..\RunOnce: [OmgApPlaybackComp.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OMGAPP~1.DLL
O4 - HKLM\..\RunOnce: [OpcArs.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcArs.dll
O4 - HKLM\..\RunOnce: [OpcCDAPlay.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OPCCDA~1.DLL
O4 - HKLM\..\RunOnce: [OpcWAV2.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcWAV2.dll
O4 - HKLM\..\RunOnce: [OpcWMA.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpcWMA.dll
O4 - HKLM\..\RunOnce: [OpdClie.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\OpdClie.dll
O4 - HKLM\..\RunOnce: [SonyMixerControl.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SONYMI~1.DLL
O4 - HKLM\..\RunOnce: [SonyWavWriter.ax] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SONYWA~1.AX
O4 - HKLM\..\RunOnce: [SsAppDbMan.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSAPPD~1.DLL
O4 - HKLM\..\RunOnce: [SsDbConnection.exe] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSDBCO~1.EXE
O4 - HKLM\..\RunOnce: [SsDbMan.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SsDbMan.dll
O4 - HKLM\..\RunOnce: [SSScsiSVps.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSSCSI~1.DLL
O4 - HKLM\..\RunOnce: [SsBeServicePS.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SSBESE~1.DLL
O4 - HKLM\..\RunOnce: [CDDBUISony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBUI~1.DLL
O4 - HKLM\..\RunOnce: [CDDBControlSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBCO~1.DLL
O4 - HKLM\..\RunOnce: [CddbLinkSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBLI~1.DLL
O4 - HKLM\..\RunOnce: [CddbMusicIDSony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBMU~1.DLL
O4 - HKLM\..\RunOnce: [CddbPlaylist2Sony.dll] C:\WINDOWS\system32\Regsvr32.exe /s C:\WINDOWS\system32\CDDBPL~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-527237240-682003330-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195867402468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9286 bytes
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP