Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I Had Virtumonde, But I Think I Got Rid Of It [RESOLVED]

Started by numskully , Jun 10 2008 02:16 PM

  • This topic is locked This topic is locked

#1
numskully
Posted 10 June 2008 - 02:16 PM

numskully

    Member

  • Member
  • PipPip
  • 13 posts
Can someone check my Hijackthis file? I ran several online virus scanners, Norton AV 2002, Spyware Doctor and Norton's FixVundo. And how did Virtumonde run, seeing I do not have Java installed?

thanks!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:41 AM, on 6/8/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DKZNOTE\DKZNOTE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - .DEFAULT Startup: DK Notes.lnk = C:\Program Files\DKZNOTE\dkznote.exe (User 'Default user')
O4 - Startup: DK Notes.lnk = C:\Program Files\DKZNOTE\dkznote.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...312/mcfscan.cab
  • 0

Advertisements

#2
Essexboy
Posted 15 June 2008 - 04:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK an old system I haven't done one of these for a while... Sorry for the delay in getting to you. I would like a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
numskully
Posted 15 June 2008 - 12:05 PM

numskully

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
DSS.exe did not run on Windows ME. Is there any other program like it that will run?

thanks for your time
  • 0

#4
Essexboy
Posted 15 June 2008 - 12:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ooops :) I have two programmes for you to download and run. They will both produce reports. Please run them in the order stated

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply


THEN

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#5
numskully
Posted 15 June 2008 - 09:48 PM

numskully

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
What is that ISSETUP.DLL? It is was made by a company call "Macrovision Corporation". Is this an ok file?

About to do the other script. Thanks!




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2008 at 11:40 PM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 00:07:47

Memory items scanned : 183
Memory threats detected : 0
Registry items scanned : 2341
Registry threats detected : 0
File items scanned : 4331
File threats detected : 1

Adware.Tracking Cookie
.ads.addynamix.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.doubleclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.bs.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
ads.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.zedo.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.richmedia.yahoo.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
server.iad.liveperson.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
server.iad.liveperson.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.adinterax.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]
.adinterax.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\n9tix5as.default\cookies.txt ]

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\ISSETUP.DLL

Edited by numskully, 15 June 2008 - 09:50 PM.

  • 0

#6
numskully
Posted 15 June 2008 - 09:55 PM

numskully

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SUPERAntiSpyware" = "C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"Zone Labs Client" = "C:\Program Files\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"BitDefender Live Service" = ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe"" ["SOFTWIN S.R.L."]
"BitDefender Virus Shield" = ""C:\Program Files\BitDefender10\vsserv.exe"" ["SOFTWIN S.R.L."]
"BDMCon" = ""C:\Program Files\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"]
"KB918547" = "C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE" [MS]
"KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS]
"BitDefender Scan Server" = "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" [null data]
"BitDefender Communicator" = "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" ["SOFTWIN S.R.L"]
"BitDefender Live! Init" = ""C:\Program Files\BitDefender10\bdinit.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]
PerUser_Enable_Inis\(Default) = "Windows Setup - Accessibility"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis_remove 64 C:\WINDOWS\INF\enable.inf" [MS]
PerUser_Wingames_Inis\(Default) = "Windows Setup - Classic Games"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Rem_Inis 64 C:\WINDOWS\INF\games.inf" [MS]
PerUser_ZoneGame_Inis\(Default) = "Windows Setup - Internet Games"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Rem_Inis 64 C:\WINDOWS\INF\games.inf" [MS]
PerUser_PBGame_Inis\(Default) = "Windows Setup - Plus! Games"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Rem_Inis 64 C:\WINDOWS\INF\games.inf" [MS]
PerUser_Sysmon_Inis\(Default) = "Windows Setup - System Monitor"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis_remove 64 C:\WINDOWS\INF\appletpp.inf" [MS]
PerUser_Sysmeter_Inis\(Default) = "Windows Setup - System Meter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Rem_Inis 64 C:\WINDOWS\INF\appletpp.inf" [MS]
PerUser_netwatch_Inis\(Default) = "Windows Setup - Netwatch"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Rem_Inis 64 C:\WINDOWS\INF\appletpp.inf" [MS]
PerUser_Onlinelnks_Inis\(Default) = "Windows Setup - HyperTerminal"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 C:\WINDOWS\INF\appletpp.inf" [MS]
PerUser_Dialer_Inis\(Default) = "Windows Setup - Phone Dialer"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis_remove 64 C:\WINDOWS\INF\appletpp.inf" [MS]
OlsAolPerUser\(Default) = "Windows Setup - America Online"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
OlsAttPerUser\(Default) = "Windows Setup - AT&T WorldNet Service"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
OlsProdigyPerUser\(Default) = "Windows Setup - Prodigy Internet"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
OlsEarthlinkPerUser\(Default) = "Windows Setup - Earthlink Internet"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUserRemove 64 C:\WINDOWS\INF\ols.inf" [MS]
{44BBA851-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Web Publishing Wizard 1.6"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserRemove" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX" ["("]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL" ["PC Tools"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL" ["PC Tools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVCPL.DLL" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\PROGRAM FILES\SUPERANTISPYWARE\SASSEH.DLL" ["SuperAdBlocker.com"]


System Policies {policy setting}:
---------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"CDRAutoRun" = (REG_BINARY) hex:00 00 00 00
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by System Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\background.bmp"

Displayed if Active Desktop disabled and wallpaper not set by System Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\background.bmp"


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SCROLL~1.SCR" (Scrolling Marquee.scr) [MS]


Startup items in "Startup" & "All Users...Startup" folders:
-----------------------------------------------------------

C:\WINDOWS\Start Menu\Programs\StartUp
"DK Notes" -> shortcut to: "C:\Program Files\DKZNOTE\dkznote.exe" [" "]


Enabled Scheduled Tasks:
------------------------

"Video Reminder" -> launches: "C:\WINDOWS\TUNEUP.EXE /COOL" [MS]
"Tune-up Application Start" -> launches: "walign" [MS]
"PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL="http://www.microsoft...5.5&ar=msnhome"
[Strings]: MS_START_PAGE_URL="http://www.microsoft...5.5&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 2 lines


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
SYSFMON\Driver = "SYSFMON.DLL" ["Smart Technology Enablers Inc."]
BJ Language Monitor (US)\Driver = "CJPLM.DLL" ["CANON INC."]
PDF Port\Driver = "C:\WINDOWS\SYSTEM\pdfports.dll" ["Adobe Systems Incorporated."]
PostScript Language Monitor\Driver = "C:\WINDOWS\SYSTEM\PSMON.DLL" [MS]


---------- (launch time: 2008-06-15 23:54:29)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 3 seconds.
---------- (total run time: 41 seconds)
  • 0

#7
Essexboy
Posted 16 June 2008 - 12:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
ISSETUP.DLL can be infected by a trojan but generally it is a legitimate file, SAS probably found something in the code that was suspect..

Both scans look good are you experiencing any problems ?
  • 0

#8
numskully
Posted 16 June 2008 - 11:51 PM

numskully

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

ISSETUP.DLL can be infected by a trojan but generally it is a legitimate file, SAS probably found something in the code that was suspect..

Both scans look good are you experiencing any problems ?



No problems anymore, I had Virtumonde a week or 2 ago and it kept coming back. I ran lots of virus/malware/Virtumonde fix programs, and it seems to be gone. And you confirmed that! Thanks very much!

And how did Virtumonde run, seeing I do not have Java installed?
  • 0

#9
Essexboy
Posted 17 June 2008 - 11:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

And how did Virtumonde run, seeing I do not have Java installed?

There are a lot of variants out there and they do not need Java to run

Now the best part of the day ----- Your log now appears clean :)

You may now delete the tools I had you download


Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: Both will work with ME


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#10
numskully
Posted 17 June 2008 - 05:54 PM

numskully

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much Essex!

take care
  • 0

#11
Essexboy
Posted 18 June 2008 - 01:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP