vondu a.k.a virtumondu [CLOSED]
Started by
MIXMASTERMIKE
, Jun 02 2008 12:09 AM
#16
Posted 04 June 2008 - 06:51 PM
#17
Posted 05 June 2008 - 03:56 AM
HEY SORRY BOUT THE FREAK OUT EARLIER, JUST DUNNO HOW IM GETTIN ALL THESE VIRUSES?!?! ANYWAYS THANKS HERE ARE THE NEXT SET OF LOGS:
Explorer killed successfully
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 moved successfully.
File/Folder C:\WINDOWS\system32\cbXQjjJD.dll.vir not found.
File/Folder C:\program files\panda secutrity\active scan 2.0\pskavs.dll not found.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_084014
nsi47.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\HP\LOCALS~1\Temp;Tool.Prockill;Incurable.Deleted.;
1stRun.exe;C:\Program Files\eRightSoft\SUPER\spk;FDOS.Atomix.28;Deleted.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Incurable.Deleted.;
musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe\\musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\SWSetup\AOLMN\SP31524.exe\;Archive contains infected objects;;
SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
brandit.exe;C:\SWSetup\BrandIt\Disk1;Probably STPAGE.Trojan;Incurable.Deleted.;
A0014607.reg;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43;Trojan.StartPage.1505;Deleted.;
data001\0011\E6\1stRun.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe\data002\data001;FDOS.Atomix.28;;
data001;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe\data002;Archive contains infected objects;;
data002;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe;Archive contains infected objects;;
A0014612.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
A0014661.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;FDOS.Atomix.28;Deleted.;
A0014662.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Trojan.Click.2093;Deleted.;
A0014664.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014664.EXE;Adware.Gdown;;
A0014664.EXE;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
musicnow1.exe\data008;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014665.exe\\musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014665.exe\;Archive contains infected objects;;
A0014665.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
By the way my word documents now seem to be saving exact replica smaller files with ~$ at the front... why is that??
thanks again.
Explorer killed successfully
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 moved successfully.
File/Folder C:\WINDOWS\system32\cbXQjjJD.dll.vir not found.
File/Folder C:\program files\panda secutrity\active scan 2.0\pskavs.dll not found.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_084014
nsi47.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\HP\LOCALS~1\Temp;Tool.Prockill;Incurable.Deleted.;
1stRun.exe;C:\Program Files\eRightSoft\SUPER\spk;FDOS.Atomix.28;Deleted.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Incurable.Deleted.;
musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe\\musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\SWSetup\AOLMN\SP31524.exe\;Archive contains infected objects;;
SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
brandit.exe;C:\SWSetup\BrandIt\Disk1;Probably STPAGE.Trojan;Incurable.Deleted.;
A0014607.reg;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP43;Trojan.StartPage.1505;Deleted.;
data001\0011\E6\1stRun.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe\data002\data001;FDOS.Atomix.28;;
data001;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe\data002;Archive contains infected objects;;
data002;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014612.exe;Archive contains infected objects;;
A0014612.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
A0014661.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;FDOS.Atomix.28;Deleted.;
A0014662.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Trojan.Click.2093;Deleted.;
A0014664.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014664.EXE;Adware.Gdown;;
A0014664.EXE;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
musicnow1.exe\data008;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014665.exe\\musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44\A0014665.exe\;Archive contains infected objects;;
A0014665.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP44;Archive contains infected objects;Moved.;
By the way my word documents now seem to be saving exact replica smaller files with ~$ at the front... why is that??
thanks again.
#18
Posted 05 June 2008 - 03:57 AM
by the way i was recommended by a friend to do a system restore bak to the point when i first got the computer... i hope i havent ruined all of our process by doing so..
#19
Posted 05 June 2008 - 05:45 AM
Yep you have ruined all the work we did
Do this
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingc...to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Also post a new HijackThis log
Do this
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingc...to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
Also post a new HijackThis log
#20
Posted 09 June 2008 - 05:38 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users