Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde infected


  • Please log in to reply

#1
WRECKON

WRECKON

    New Member

  • Member
  • Pip
  • 2 posts
Hello! Looks like I've come down with a bad case of VIRTUMONDE. Of course I can't stress how frustratin this thing has been to try to get rid of. Anyway, below is my log. Hopefully someone out there can decifer this for me and offer some help. I greatly appreciate it of course.

Symptoms: Started with pop ups and got more severe pretty quickly. Have run Malwarebytes, AVG FREE, AVAST and adaware. Looks like quite a bit of it had gone, but my background is still different and unchangeable. Also, it seems that the whole system crashes and the computer restarts, though since running Malwarebytes this hasn't seemed to happen (though it's only been a half an hour). Thanks, hope someone can help!
~J


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:40 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\DJWrecker\Desktop\windows-kb890830-v2.2.exe
c:\7d44de9bf38a62d832daa5977f6d\mrtstub.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by HBI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = hbi-isa.hbi.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride =

artbox;flyers;cisco-acs;rims;*.hbi.com;callwatcher;webgarage;flyers.hbi

.com;corpmsg.hbi.com;graphics-ftp-gw.hbi.com;nav-metaframe;webmail.reel

zchannel.com;172.23.2.14;172.23.2.5;172.21.*;172.22.*;172.23.*;192.168.

*;69.54.46.142;207.126.125.9;<local>;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file

missing)
O2 - BHO: Skype add-on (mastermind) -

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Policies\Explorer\Run: [Goh0tNuYAF] C:\Documents and

Settings\DJWrecker\Desktop\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-18\..\Run: [cpucooler] C:\WINDOWS\cpucooler.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cpucooler] C:\WINDOWS\cpucooler.exe (User

'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O17 -

HKLM\System\CCS\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D

}: NameServer = 203.146.251.58
O17 -

HKLM\System\CCS\Services\Tcpip\..\{690223BF-71F6-461C-9D13-B05E2C9A9C4D

}: NameServer = 203.146.251.58
O17 -

HKLM\System\CCS\Services\Tcpip\..\{B8E338B8-64CC-4FF1-9574-421170533AF6

}: NameServer = 203.146.251.58
O17 -

HKLM\System\CS1\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D

}: NameServer = 203.146.251.58
O17 -

HKLM\System\CS2\Services\Tcpip\..\{0D66CDAA-45C8-4E87-B065-84D813B0F02D

}: NameServer = 203.146.251.58
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies

CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,

s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Conectiv Installer (MAudioConectivService) -

Avid Technology, Inc. - C:\Program

Files\M-Audio\Conectiv\MAUSBCVInst.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) -

SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite

XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -

SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite

XIb\RpcSandraSrv.exe

--
End of file - 5111 bytes
  • 0

Advertisements


#2
WRECKON

WRECKON

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is my Uninstall List for your convenience!!

Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Reader Japanese Fonts
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avant DVD/DivX Player
AVG Free 8.0
AviSynth 2.5
BitTorrent 5.0.8
Bonjour
Conectiv
Conexant AC-Link Audio
DesignPro 5.0 Media Edition
Digidesign Shared Plug-Ins
DivX
DivX Content Uploader
DivX Player
DivX Web Player
Easy Adder 1.14
Elasto Mania
ExtractNow
HijackThis 2.0.2
iTunes
Java 2 Runtime Environment, SE v1.4.2_13
Java 2 SDK, SE v1.4.2_13
Java™ 6 Update 3
KODAK Gallery Upload Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
OpenOffice.org 2.3
PACE System Files
PCFriendly
QuickTime
Realtek AC'97 Audio
Reason 3.0
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB951376-v2)
SiSoftware Sandra Lite XIb (Win64/32/CE)
Skype™ 3.6
Soft Data Fax Modem with SmartCP
Sonic Foundry Sound Forge 6.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Torq 1.0.4 (build 001 -- Wed Apr 18 2007)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Videora iPod Converter 3.07
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP