|
|
|
virtumonde jam job
|
|
|
amst1d
Newbie
|
23. May 2008 @ 19:43 |
Link to this message
|
I have tried to solve this problem by searching the forums and have done numerous virus scans and registry clean ups and still don't have full functionality. I get some shaky up time and then massive slow downs and restarts. It seems to have improved slightly but hope someone will look at the attached logfile and respond with recommendations. Thanks. This is a serious pain.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:52 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Attitude POSitive\apmanage.exe
C:\Program Files\Intuit\QuickBooks 2005\qbw32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {042C1612-0655-457D-A5C2-9ACD2C177B0F} - C:\WINDOWS\system32\cbXOHwWo.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF5CA7E-6D52-4D1E-86D8-B5227F96AF22} - (no file)
O2 - BHO: (no name) - {1349A749-9FAE-450A-9121-AB571DDD20EF} - (no file)
O2 - BHO: (no name) - {27EA5D36-BA1A-45D8-847D-644C0C7276D9} - C:\WINDOWS\system32\opnonkIY.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 673351 helper - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - C:\WINDOWS\system32\673351\673351.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {5BF6E0E0-E5E8-4444-899D-74F9CB74B3F4} - C:\WINDOWS\system32\vtUlJyWN.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {744ED899-9428-4EDB-9658-E5E3272D7D39} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A40E507D-8BAD-4104-997D-FE62038D545B} - C:\WINDOWS\system32\ssqOGvvw.dll (file missing)
O2 - BHO: (no name) - {A92D9D88-B39F-4204-9D47-51707E0B2EB2} - C:\WINDOWS\system32\urqrrqNE.dll (file missing)
O2 - BHO: (no name) - {B0F5FDA3-4C0A-47E1-9D18-3062F77196B6} - (no file)
O2 - BHO: (no name) - {BE0FF150-C7FC-4E37-8F92-4E9AF1389238} - C:\WINDOWS\system32\ljJBsTmN.dll
O2 - BHO: (no name) - {D3D28370-D73B-4486-A2CB-B8FF73382168} - C:\WINDOWS\system32\yaywtSKA.dll (file missing)
O2 - BHO: (no name) - {D77F08C7-C1F9-4682-98B6-86E3DC2D5D86} - (no file)
O2 - BHO: (no name) - {E1D0C321-2D76-4C57-8C1D-55260B0ADFD6} - C:\WINDOWS\system32\efcAQHxy.dll (file missing)
O2 - BHO: (no name) - {F0EAA909-F919-44C8-B51F-1C0614F17CD3} - C:\WINDOWS\system32\ddcCUlMg.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [3cc62129] rundll32.exe "C:\WINDOWS\system32\rqegsvvk.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2684] command /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1884] cmd /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9191] command /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1063] cmd /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Go - http://download2.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Reversi - http://download2.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ? Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default...rs.1.0.0.39.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games ? Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games ? Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://zone.msn.com/bingame/zpagames/ZPA_JGS2.cab61895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default...ersion=1,0,0,10
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ? Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attitudepositive.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
O20 - Winlogon Notify: ljJBsTmN - C:\WINDOWS\SYSTEM32\ljJBsTmN.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 12789 bytes
|
|
Advertisement
|
|
|
|
Member
|
23. May 2008 @ 22:58 |
Link to this message
|
I think I saw how you got the bugs you are using IE6 which has tons of security problems, I would advice you to get IE7 and or Firefox, if I were you I wouldn't either bother trying to remove this stuff because you can run as many security programs as you can and all together they more then likely will not get all of it, and if there is malware etc on your computer it just opens the door to more of that crap, also lots of time AV, and antispyware software can't remove the stuff because they attach themselves to for example the Windows kernel, and if the AV tries to remove it it will lie to you saying it removed it, or it will remove it but you wont have a working computer, so in my opinion what you should do is backup your data to cds, dvds, a usb harddrive etc, format your drive and reinstall windows, once you reinstall make sure you get all the Windows updates, then get IE7, I saw you had Norton AV get rid of that piece of crap and get nod32 from eset.com, or AVG 8.0 from free.grisoft.com, then get a few antispyware programs like windows defender adaware etc, then get firefox, and for firewalls just keep the windows one on for inbound traffic, if you don't already have a router then get one it is a good firewall, and it blocks outbound connections, after all that you should be 100% clean and secure, now to make sure this stuff doesn't get back on the computer no clicking links in emails, using p2p, looking at p0rn oh yeah and Turn On Automatic Windows Update!
Kindle Fire 1st Gen running Jelly Bean
Nexus S 4G running 4.1.1 Jelly Bean
PS3 Slim 3000 Model 4.3.1
PS3 ID: killbarney1123
|
AfterDawn Addict
|
24. May 2008 @ 21:30 |
Link to this message
|
Wow, that is a GIGANTIC log! Here we go:
O2 - BHO: (no name) - {042C1612-0655-457D-A5C2-9ACD2C177B0F} - C:\WINDOWS\system32\cbXOHwWo.dll (file missing)
O2 - BHO: (no name) - {0CF5CA7E-6D52-4D1E-86D8-B5227F96AF22} - (no file) File Missing
O2 - BHO: (no name) - {1349A749-9FAE-450A-9121-AB571DDD20EF} - (no file)File Missing
O2 - BHO: (no name) - {27EA5D36-BA1A-45D8-847D-644C0C7276D9} - C:\WINDOWS\system32\opnonkIY.dll (file missing)
O2 - BHO: (no name) - {5BF6E0E0-E5E8-4444-899D-74F9CB74B3F4} - C:\WINDOWS\system32\vtUlJyWN.dll (file missing)
O2 - BHO: (no name) - {744ED899-9428-4EDB-9658-E5E3272D7D39} - (no file)
O2 - BHO: (no name) - {A40E507D-8BAD-4104-997D-FE62038D545B} - C:\WINDOWS\system32\ssqOGvvw.dll (file missing)File Missing
O2 - BHO: (no name) - {A92D9D88-B39F-4204-9D47-51707E0B2EB2} - C:\WINDOWS\system32\urqrrqNE.dll (file missing)File Missing
O2 - BHO: (no name) - {B0F5FDA3-4C0A-47E1-9D18-3062F77196B6} - (no file)
O2 - BHO: (no name) - {D3D28370-D73B-4486-A2CB-B8FF73382168} - C:\WINDOWS\system32\yaywtSKA.dll (file missing)File Missing
O2 - BHO: (no name) - {D77F08C7-C1F9-4682-98B6-86E3DC2D5D86} - (no file)File Missing
O2 - BHO: (no name) - {E1D0C321-2D76-4C57-8C1D-55260B0ADFD6} - C:\WINDOWS\system32\efcAQHxy.dll (file missing) File Missing
O2 - BHO: (no name) - {F0EAA909-F919-44C8-B51F-1C0614F17CD3} - C:\WINDOWS\system32\ddcCUlMg.dll (file missing)
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\RunOnce: [SpybotDeletingA2684] command /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1884] cmd /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9191] command /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1063] cmd /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O20 - Winlogon Notify: ljJBsTmN - C:\WINDOWS\SYSTEM32\ljJBsTmN.dll
I am tired now :/
|
Senior Member
|
27. May 2008 @ 09:23 |
Link to this message
|
O2 - BHO: (no name) - {042C1612-0655-457D-A5C2-9ACD2C177B0F} - C:\WINDOWS\system32\cbXOHwWo.dll (file missing)
O2 - BHO: (no name) - {0CF5CA7E-6D52-4D1E-86D8-B5227F96AF22} - (no file)
O2 - BHO: (no name) - {1349A749-9FAE-450A-9121-AB571DDD20EF} - (no file)
O2 - BHO: (no name) - {27EA5D36-BA1A-45D8-847D-644C0C7276D9} - C:\WINDOWS\system32\opnonkIY.dll (file missing)
O2 - BHO: 673351 helper - {570EE2A3-039B-4E5F-AE6A-D7949F9D356B} - C:\WINDOWS\system32\673351\673351.dll
O2 - BHO: (no name) - {5BF6E0E0-E5E8-4444-899D-74F9CB74B3F4} - C:\WINDOWS\system32\vtUlJyWN.dll (file missing)
O2 - BHO: (no name) - {744ED899-9428-4EDB-9658-E5E3272D7D39} - (no file)
O2 - BHO: (no name) - {A40E507D-8BAD-4104-997D-FE62038D545B} - C:\WINDOWS\system32\ssqOGvvw.dll (file missing)
O2 - BHO: (no name) - {A92D9D88-B39F-4204-9D47-51707E0B2EB2} - C:\WINDOWS\system32\urqrrqNE.dll (file missing)
O2 - BHO: (no name) - {B0F5FDA3-4C0A-47E1-9D18-3062F77196B6} - (no file)
O2 - BHO: (no name) - {BE0FF150-C7FC-4E37-8F92-4E9AF1389238} - C:\WINDOWS\system32\ljJBsTmN.dll
O2 - BHO: (no name) - {D3D28370-D73B-4486-A2CB-B8FF73382168} - C:\WINDOWS\system32\yaywtSKA.dll (file missing)
O2 - BHO: (no name) - {D77F08C7-C1F9-4682-98B6-86E3DC2D5D86} - (no file)
O2 - BHO: (no name) - {E1D0C321-2D76-4C57-8C1D-55260B0ADFD6} - C:\WINDOWS\system32\efcAQHxy.dll (file missing)
O2 - BHO: (no name) - {F0EAA909-F919-44C8-B51F-1C0614F17CD3} - C:\WINDOWS\system32\ddcCUlMg.dll (file missing)
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\Run: [3cc62129] rundll32.exe "C:\WINDOWS\system32\rqegsvvk.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA2684] command /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1884] cmd /c del "C:\WINDOWS\system32\efcAQHxy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9191] command /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1063] cmd /c del "C:\WINDOWS\system32\vtUlJyWN.dll_old"
Hi amst1d. I agree with svtstang in that your log is gigantic and partly with tucker001 in that you should upgrade to internet explorer 7. I have detected a few more suspicious entries than svtstang, and being too lazy to compare and contrast, I will leave it to you.
However, before fixing the problems in HijackThis, I have studied your problem, and see that you have tried using Symantec and Bitdefender online scans. I also see that you have not cleared your internet explorer cache in a long time (at least not the download activex and java controls). I would recommend that you clear your cache and clean your disk with something like CCleaner, and also download Antivir, which is a superior scanner to both Symantec and Bitdefender. Boot into safe mode, and then scan with Antivir. The reason I choose Antivir for now is because it is one of few that can detect the particular malware I think you have, and also it is the only free one out of the few.
Best Regards :D
Edit: Also, as you mention in your title a virtumonde problem, I recommend downloading virtumundebegone and running it.
This message has been edited since posting. Last time this message was edited on 27. May 2008 @ 09:27
|
|
amst1d
Newbie
|
27. May 2008 @ 11:55 |
Link to this message
|
|
Thanks so much for the advice. I will follow your receomendations and still have another question. You listed a number of entries from my hijack this log file - I assume I should remove these but don't know how. Can you give me info on how to remove or what exactly I should do with these 'entries'. Same with the cache files - where do I delete these? Thanks again for your assistance.
|
Senior Member
|
28. May 2008 @ 05:09 |
Link to this message
|
Hi amst1d. You can remove the entries I mentioned using Hijack This,as you can check the box next to the entries and select to fix. You can clear your cache by : Opening IE, Tools-Internet Options-Delete Cookies/Delete Files. Then, you can proceed by downloading CCleaner and running it to clean out your system.
Best Regards :D
|
|
amst1d
Newbie
|
28. May 2008 @ 12:23 |
Link to this message
|
Thanks - I should have figured the Hijack this process. Good to know the 'tool' option - thanks again.
I have a new problem - I can not get any of the software packages to run. The icon is on the desktop, the hourglass appears then nothing happens. When I open Mozilla it gives me a warning that it could not set the security protocols or something like that. I can not open Hijack this to remove the listings you posted. Can I remove these items in safe mode? Thanks again for all your help.
Am
|
|
amst1d
Newbie
|
28. May 2008 @ 14:47 |
Link to this message
|
I was able to open and run Hijack this and seem to have things back in what appears to be good order. Now I get an error message when I open Mozilla that says:
"Could not initalize the browser?s security component. The most likely cause is problems with files in your browser?s profile directory. Please check that this directory has no read/write restrictions and your hard disk in not full or close to full. It is recommended that you exit the browser fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features."
Any advice on this situation? Thanks tons. I appreciate any help you can provide.
Am
|
Member
|
28. May 2008 @ 15:48 |
Link to this message
|
|
I still suggest wiping your drive thats the only way to make sure all this crap is gone.
Kindle Fire 1st Gen running Jelly Bean
Nexus S 4G running 4.1.1 Jelly Bean
PS3 Slim 3000 Model 4.3.1
PS3 ID: killbarney1123
|
Senior Member
|
29. May 2008 @ 10:10 |
Link to this message
|
Hi amst1d. Your problem with Mozilla can be due to quite a number of things (see here http://support.mozilla.com/fr/kb/Could+n...ity+component), and most probably because your hard drive is full or that your cache is full. Can you double check both, to make sure that the hard drive has sufficient space and that you have emptied your internet file cache? Do also run CCleaner.
How about your original problem? Is it solved? If it is, is Mozilla the only program showing problems now? If so, I recommend reinstalling Mozilla, unless you have extremely configured Firefox to your personal taste :)
Next, you should run something like Antivir, A-squared, or Spybot on your system in safe mode. This will help with your possible malware problem, and also because I think that they will make a great defense team working on your computer. Better than Symantec, that is.
How long has it been since your last defrag? If it is long, I recommend you do on soon. It will help with the speed, and I highly recomend diskeeper, which has an amazingly fast engine, much much much faster than windows, but it isn't free. Also, what registry clean-ups have you done? With what software?
Best Regards :D
|
Member
|
29. May 2008 @ 22:38 |
Link to this message
|
try esets online scanner to its free I suggest an online scanner because if your machine is infected badly malware can tell your av to lie to you
Kindle Fire 1st Gen running Jelly Bean
Nexus S 4G running 4.1.1 Jelly Bean
PS3 Slim 3000 Model 4.3.1
PS3 ID: killbarney1123
|
|
amst1d
Newbie
|
30. May 2008 @ 12:56 |
Link to this message
|
|
Alas no my virtumonde problems still exist. It seems to have stopped redirecting the browser but it still apears in 3 or 6 locations on every scan. I have browsed the forums and followed the regimen described there in and have noticed improvement but not satisfactory results. It seems most affected while on line although I notice some applications simply won't open when requested to do so. I will attempt to do an online scan though I believe I have done this in the recent pass. I can not log onto the internet in safe mode so I will need to do this while fully logged on. Thanks for the help. Would a new Hijack this log provide any additional insight? Thanks again for your persistant assistance.
Am
|
|
amst1d
Newbie
|
30. May 2008 @ 13:00 |
Link to this message
|
One more thing I have uninstalled/installed Mozilla and still get the security config warning.
I followed instructions in another thread and got the permissions noted there and have ample disc space. RAM gets jammed up to red line and causes clocking.
I think the malware fires up a bunch of applications that take all available RAM. That's much more than I actually know for sure.
Am
|
Member
|
30. May 2008 @ 17:52 |
Link to this message
|
|
sounds like your computer is a zombie
Kindle Fire 1st Gen running Jelly Bean
Nexus S 4G running 4.1.1 Jelly Bean
PS3 Slim 3000 Model 4.3.1
PS3 ID: killbarney1123
|
Senior Member
|
31. May 2008 @ 05:09 |
Link to this message
|
Hi amst1d. I still recommend downloading A-squared, SPybot, and Antivir (listed respectively in order of their importance, a-squared having the highest priority). Please scan with a-squared, but do not remove anything, only post the log here. You may want to scan in safe mode.
Also run Vundofix and Virtumundebegone, to remove your virtumonde problem.
Best Regards :D
|
|
edmund085
Suspended permanently
|
5. June 2008 @ 07:15 |
Link to this message
|
Hello!!
Welcome to my world.
I have also that kind of problem I created a thread of it(Help! My computer is infected with Win32.Adware.Virtumonde).
My advise for is Find your solution quickly so it ain't get worst like mine. You would not like its result if you ignore it. And also, you have deleted it's source but I tell you! it will come back again. It's like a ghost creping in the night, a thief without no warning, goes to your computer and stay their permanently. I have been researching it's script or whatever it is running. It's terrible. I tell you your computer will be never be the same again. But don't worry, I am finding the virtumonde's creator and give him his own medicine. Don't worry I will force him to fin the solution. Good Luck. And If you have probably deleted it permanently, just tell me. And also If it get's worst It's sysptoms are:
1. Slow processing-runs like hell!!!!!
2. 5 rundll.exe running in your taskmanager.
3. You explorer get's funny- when you reboot, chances are explorer.exe will not run.
4. Automatic Updates, Firewall are turned off.
5. Many warnings like Your computer is infected or whatever it say's. every time you click back-forward-up-refresh-click or open folders.
6. Restarts suddenly!!!!!!! Without prior notice.
This message has been edited since posting. Last time this message was edited on 5. June 2008 @ 07:17
|
|
edmund085
Suspended permanently
|
5. June 2008 @ 07:28 |
Link to this message
|
|
After signing out of afterdawn.com i went to google. Hell maybe this will workhttp://www.auditmypc.com/virtumonde-remove.asp just read it it's a good advice
|
|
Advertisement
|
|
|
Member
|
6. June 2008 @ 13:25 |
Link to this message
|
|
if i was you i would seriously format the drive, once your machine is compromised you can never trust it again it is next to impossible to remove viruses and spyware with software these days because they dig so deep in your system the only defense against this stuff is not to get it in the first place its called Safe computing
Kindle Fire 1st Gen running Jelly Bean
Nexus S 4G running 4.1.1 Jelly Bean
PS3 Slim 3000 Model 4.3.1
PS3 ID: killbarney1123
|
|
