Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help virus believe fundo


  • Please log in to reply

#1
rinconjoe

rinconjoe

    Member

  • Member
  • PipPip
  • 91 posts
ok tried fundo removeal; tools various scanner system crash before scans are finish :

[01/08/2009, 3:43:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Russell's Seafood\Desktop\VirtumundoBeGone.exe" )
[01/08/2009, 3:43:04] - Detected System Information:
[01/08/2009, 3:43:04] - Windows Version: 5.1.2600, Service Pack 3
[01/08/2009, 3:43:04] - Current Username: Russell's Seafood (Admin)
[01/08/2009, 3:43:04] - Windows is in NORMAL mode.
[01/08/2009, 3:43:04] - Searching for Browser Helper Objects:
[01/08/2009, 3:43:04] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - No filename found. Continuing.
[01/08/2009, 3:43:04] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2009, 3:43:04] - BHO 3: {6D639B97-17D2-48BC-8AC7-7B725348C610} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - Checking for HKLM\...\Winlogon\Notify\geBtRlME
[01/08/2009, 3:43:04] - Key not found: HKLM\...\Winlogon\Notify\geBtRlME, continuing.
[01/08/2009, 3:43:04] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - Checking for HKLM\...\Winlogon\Notify\efcBrRIb
[01/08/2009, 3:43:04] - Found: HKLM\...\Winlogon\Notify\efcBrRIb - This is probably Virtumundo.
[01/08/2009, 3:43:04] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[01/08/2009, 3:43:04] - BHO list has been changed! Starting over...
[01/08/2009, 3:43:04] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - No filename found. Continuing.
[01/08/2009, 3:43:04] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2009, 3:43:04] - BHO 3: {6D639B97-17D2-48BC-8AC7-7B725348C610} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - Checking for HKLM\...\Winlogon\Notify\geBtRlME
[01/08/2009, 3:43:04] - Key not found: HKLM\...\Winlogon\Notify\geBtRlME, continuing.
[01/08/2009, 3:43:04] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[01/08/2009, 3:43:04] - ALERT: Found MSEvents Object!
[01/08/2009, 3:43:04] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[01/08/2009, 3:43:04] - BHO 6: {a1d54b93-8582-43fa-9dbf-014ecb42597a} ()
[01/08/2009, 3:43:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:04] - Checking for HKLM\...\Winlogon\Notify\qqvztq
[01/08/2009, 3:43:04] - Key not found: HKLM\...\Winlogon\Notify\qqvztq, continuing.
[01/08/2009, 3:43:04] - BHO 7: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[01/08/2009, 3:43:04] - BHO 8: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl Class)
[01/08/2009, 3:43:04] - Finished Searching Browser Helper Objects
[01/08/2009, 3:43:04] - *** Detected MSEvents Object
[01/08/2009, 3:43:04] - Trying to remove MSEvents Object...
[01/08/2009, 3:43:05] - Terminating Process: IEXPLORE.EXE
[01/08/2009, 3:43:05] - Terminating Process: RUNDLL32.EXE
[01/08/2009, 3:43:06] - Disabling Automatic Shell Restart
[01/08/2009, 3:43:06] - Terminating Process: EXPLORER.EXE
[01/08/2009, 3:43:06] - Suspending the NT Session Manager System Service
[01/08/2009, 3:43:06] - Terminating Windows NT Logon/Logoff Manager
[01/08/2009, 3:43:07] - Re-enabling Automatic Shell Restart
[01/08/2009, 3:43:07] - File to disable: C:\WINDOWS\system32\efcBrRIb.dll
[01/08/2009, 3:43:07] - Renaming C:\WINDOWS\system32\efcBrRIb.dll -> C:\WINDOWS\system32\efcBrRIb.dll.vir
[01/08/2009, 3:43:07] - File successfully renamed!
[01/08/2009, 3:43:07] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/08/2009, 3:43:07] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/08/2009, 3:43:07] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/08/2009, 3:43:07] - Deleting ATLEvents/MSEvents Registry entries
[01/08/2009, 3:43:07] - Removing HKLM\...\Winlogon\Notify\efcBrRIb
[01/08/2009, 3:43:07] - Searching for Browser Helper Objects:
[01/08/2009, 3:43:07] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
[01/08/2009, 3:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:07] - No filename found. Continuing.
[01/08/2009, 3:43:07] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2009, 3:43:07] - BHO 3: {6D639B97-17D2-48BC-8AC7-7B725348C610} ()
[01/08/2009, 3:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:07] - Checking for HKLM\...\Winlogon\Notify\geBtRlME
[01/08/2009, 3:43:07] - Key not found: HKLM\...\Winlogon\Notify\geBtRlME, continuing.
[01/08/2009, 3:43:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[01/08/2009, 3:43:07] - BHO 5: {a1d54b93-8582-43fa-9dbf-014ecb42597a} ()
[01/08/2009, 3:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:43:07] - Checking for HKLM\...\Winlogon\Notify\qqvztq
[01/08/2009, 3:43:07] - Key not found: HKLM\...\Winlogon\Notify\qqvztq, continuing.
[01/08/2009, 3:43:07] - BHO 6: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[01/08/2009, 3:43:07] - BHO 7: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl Class)
[01/08/2009, 3:43:07] - Finished Searching Browser Helper Objects
[01/08/2009, 3:43:07] - Finishing up...
[01/08/2009, 3:43:07] - A restart is needed.
[01/08/2009, 3:43:07] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/08/2009, 3:43:13] - Attempting to Restart via STOP error (Blue Screen!)

[01/08/2009, 3:45:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Russell's Seafood\Desktop\VirtumundoBeGone.exe" )
[01/08/2009, 3:45:21] - Detected System Information:
[01/08/2009, 3:45:21] - Windows Version: 5.1.2600, Service Pack 3
[01/08/2009, 3:45:21] - Current Username: Russell's Seafood (Admin)
[01/08/2009, 3:45:21] - Windows is in NORMAL mode.
[01/08/2009, 3:45:21] - Searching for Browser Helper Objects:
[01/08/2009, 3:45:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} ()
[01/08/2009, 3:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:45:21] - No filename found. Continuing.
[01/08/2009, 3:45:21] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[01/08/2009, 3:45:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[01/08/2009, 3:45:21] - BHO 4: {a1d54b93-8582-43fa-9dbf-014ecb42597a} ()
[01/08/2009, 3:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:45:21] - Checking for HKLM\...\Winlogon\Notify\qqvztq
[01/08/2009, 3:45:21] - Key not found: HKLM\...\Winlogon\Notify\qqvztq, continuing.
[01/08/2009, 3:45:21] - BHO 5: {A562B8A6-D275-4FDB-A42E-75970B5FC00E} ()
[01/08/2009, 3:45:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/08/2009, 3:45:21] - Checking for HKLM\...\Winlogon\Notify\geBtRlME
[01/08/2009, 3:45:21] - Key not found: HKLM\...\Winlogon\Notify\geBtRlME, continuing.
[01/08/2009, 3:45:21] - BHO 6: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[01/08/2009, 3:45:21] - BHO 7: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl Class)
[01/08/2009, 3:45:21] - Finished Searching Browser Helper Objects
[01/08/2009, 3:45:21] - Finishing up...
[01/08/2009, 3:45:21] - Nothing found! Exiting...

hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:58 AM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SecurityScan\SecurityScan.exe
O9 - Extra 'Tools' menuitem: Security Scan - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SecurityScan\SecurityScan.exe
O9 - Extra button: Security Scan - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - C:\Program Files\Winferno\SecurityScan\SecurityScan.exe
O15 - Trusted Zone: *.mcafee.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...488/mcfscan.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 4085 bytes
  • 0

Advertisements


#2
rinconjoe

rinconjoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
think I got it not sure ran two scanns trend micro nothing found running a Kaspersky scan now also ran the malwarebytes all so far seem ok ,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP