Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Kapersky says: Trojan.Win32.Monder.cgym....now what?


  • Please log in to reply

#1
RamonaSophia

RamonaSophia

    New Member

  • Member
  • Pip
  • 1 posts
Something has taken over.....but, it will not defeat me....with your help that is.

I just joined after reading all night through your helpful solutions you have provided many, many other folks. I just hope you can walk me through this before the computer just stops functioning.

I have Windows Vista, and first noticed being redirected to other sites when doing an internet search. Then, it's progressed to the lovely black "Warning!" screen....Now, I am panicked. I am not able to update Malwarebytes, or Windows Defender for some reason. But, my Kapersky scan tonight indicated three trojans:
Trojan.Win32.Monder.cgym
Trojan.Win32.Monderb.asqi
Trojan-Downloader.WMA.GetCodec.u

Below is the latest Malwarebytes scan log and the Kapersky results. Whatever you might be able to do would be great. THANK YOU!


Kapersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 18, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 23:26:31
Records in database: 2358581
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 117454
Threat name: 7
Infected objects: 58
Suspicious objects: 0
Duration of the scan: 01:09:33


File name / Threat name / Threats count
C:\Users\terrellisaiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E386M0HQ\form[1] Infected: Trojan.Win32.Monder.cgym 1
C:\Users\terrellisaiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMP8KEZ3\form[1] Infected: Trojan.Win32.Monder.cgym 1
C:\Users\terrellisaiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMP8KEZ3\form[2] Infected: Trojan.Win32.Monder.cgym 1
C:\Users\terrellisaiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UI8YNBAP\form[1] Infected: Trojan.Win32.Monder.cgym 1
C:\Users\terrellisaiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UI8YNBAP\form[2] Infected: Trojan.Win32.Monder.cgym 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000dee9 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000e501 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000e619 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000e973 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000ecae Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000ed1b Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0000fe1c Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0001005d Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0001031b Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00013745 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00014b51 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00016354 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp000183a0 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0001c82e Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0001f42d Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0001f4aa Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00032589 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00080260 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp000979a1 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp000a39d4 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp000cc38c Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp000cfa17 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0021621c Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp002e73e8 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00414b62 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0045a94a Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0047078f Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp005191c5 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp00971834 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp01330321 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp01aa2dad Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp04f8f14a Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp05944b2f Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\tmp0aab44c4 Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\AppData\Local\Temp\vtULcYop.dll Infected: Trojan.Win32.Monderb.asqi 1
C:\Users\terrellisaiah\Desktop\Incomplete\Preview-T-5109030-saving private ryan captain [club mix].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Incomplete\Preview-T-5872441-saving private ryan captain extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Incomplete\Preview-T-5872441-saving private ryan on lcv original studio version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Incomplete\Preview-T-5905209-dog green sector omaha beach.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Incomplete\T-3545425-fordigner.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\terrellisaiah\Desktop\Incomplete\T-3545425-los angelos.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\terrellisaiah\Desktop\Incomplete\T-5109030-saving private ryan captain [club mix].mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Incomplete\T-5745425-abc muder [unreleased rare track].mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\terrellisaiah\Desktop\Incomplete\T-5872441-saving private ryan captain extended version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\airbourne plane sound effects (unreleased live record).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\laser sounds.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\mos eisley cantina song.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\saving private ryan omaha tom original studio version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\saving private ryan on lcv original studio version.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\soul town.mpg Infected: Trojan-Downloader.WMA.GetCodec.x 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\sound effects.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\terrellisaiah\Desktop\Limewire Stuff\starwars cantina song.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\ybnmhokr.exe Infected: Trojan-Downloader.Win32.FraudLoad.wblj 1

The selected area was scanned.


MALWAREBYTES:
Malwarebytes' Anti-Malware 1.37
Database version: 2265
Windows 6.0.6001 Service Pack 1

17/6/2009 9:24:58 Efifie
mbam-log-2009-06-17 (21-24-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 217200
Time elapsed: 31 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\31OXMIPE\nkyyzfs[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\31OXMIPE\syymmdrivw[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\31OXMIPE\xuhuvzder[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E386M0HQ\eoopz[1].htm (Trojan.Winwebsec) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E386M0HQ\ibcpduuv[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OMP8KEZ3\nkyyzfs[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Users\terrellisaiah\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\OMP8KEZ3\pzzmne[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP