[Uncut]

I have problems removing the Virtumonde Spyware from my computer..I have read all the other posts and have tried all the fixes and programs..That seemed to have removed Winfixer and the Winfixer pop-ups but I am pretty sure my system is still unstable cause my computer seems to be working on something even when I don't do anything..I am also pretty sure that the file "qopqo.dll" is the file I need to remove to get rid of Virtumonde but my comp says it's a system file that can not be removed..I can't remove it in safe-mode either and when I set hijackthis to remove files on startup that file is still there..so please I need help..How do I fix this?..Below are my current Panda Scan and Hijackthis logs..Hope someone can help...

I'm using Windows 2000



Incident Status Location Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Administrator\Lokale innstillinger\Temp\backups\backup-20050920-000421-138.dll
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Administrator\Lokale innstillinger\Temp\backups\backup-20050920-000511-783.dll
Dialer:Dialer.RV No disinfected C:\Documents and Settings\Administrator\Skrivebord\beats\backup-20040602-172450-394.inf
Adware:Adware/CssWeb No disinfected C:\Documents and Settings\Administrator\Skrivebord\beats\backup-20040602-172450-650.dll
Adware:Adware/CssWeb No disinfected C:\Documents and Settings\Administrator\Skrivebord\beats\backup-20040911-223430-738.dll
Adware:Adware/CssWeb No disinfected C:\WINNT\Downloaded Program Files\cssweb.dll
Spyware:Spyware/BetterInet No disinfected C:\WINNT\inf\banner.inf
Adware:adware/sbsoft No disinfected C:\WINNT\rdt.ini
Spyware:Spyware/Virtumonde No disinfected C:\WINNT\system32\qopqo.dll




R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINNT\System32\qopqo.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O8 - Extra context menu item: Last ned alle med FlashGet - C:\Programfiler\FlashGet\jc_all.htm
O8 - Extra context menu item: Last ned med FlashGet - C:\Programfiler\FlashGet\jc_link.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programfiler\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: http://www.danceclassics.net
O20 - Winlogon Notify: qopqo - C:\WINNT\System32\qopqo.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\System32\MsiExec.exe (file missing)

Edited by Uncut, 20 September 2005 - 09:05 AM.

[Advertisements]

No one knows?

I've been trying to search on google too for "qopqo.dll" and there's absolutely nothing there about it..a new one maybe?

[Uncut]

No one knows?

I've been trying to search on google too for "qopqo.dll" and there's absolutely nothing there about it..a new one maybe?

[Excal]

Hi Uncut and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.



Excal

[Excal]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.