Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Win32/virtumonde.gen


  • Please log in to reply
1 reply to this topic

#1 rudesboyz

rudesboyz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 03 November 2007 - 08:21 AM

i have a Win32/virtumonde.gen virus or Trojan i don't know and i read gnasher123 problem and i did what u told me to do till
the hijack! part. so the log for the combo fix is
ComboFix 07-11-02.3 - User 2007-11-02 17:23:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b103.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\gebxvuv.dll
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\hgghfca.dll
C:\WINDOWS\system32\hgghgdd.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak2
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\knnmp.bak1
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\ljjklmj.dll
C:\WINDOWS\system32\mljklml.dll
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nnnljjj.dll
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\opnlkjh.dll
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\rqrpmll.dll
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tuvtqoo.dll
C:\WINDOWS\system32\tuvtspq.dll
C:\WINDOWS\system32\tuvurpo.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\wvurpnm.dll
C:\WINDOWS\system32\wvusqnm.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.ini
C:\z.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.

2007-11-02 17:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 08:24 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-30 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-30 08:02 32,256 --a------ C:\WINDOWS\system32\mljkkij.dll
2007-10-29 18:32 32,256 --a------ C:\WINDOWS\system32\opnkhfg.dll
2007-10-29 18:32 28,672 --a------ C:\Documents and Settings\User\update.exe
2007-10-29 16:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-28 18:34 <DIR> d-------- C:\Program Files\Logitech
2007-10-28 18:34 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-28 18:34 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-10-28 18:34 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-10-28 18:34 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-10-28 18:34 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-10-28 18:34 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-10-28 18:33 152,064 --a------ C:\WINDOWS\system32\lmoufrc.dll
2007-10-28 18:33 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-10-28 18:33 51,729 --a------ C:\WINDOWS\system32\drivers\L8042pr2.Sys
2007-10-28 18:33 37,887 --a------ C:\WINDOWS\system32\drivers\LHIDUSB.SYS
2007-10-28 18:33 25,505 --a------ C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
2007-10-28 18:33 23,375 --a------ C:\WINDOWS\system32\LCoInst.Dll
2007-10-28 18:33 14,095 --a------ C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-10-28 17:45 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-28 17:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-28 17:29 <DIR> d-------- C:\Program Files\AdwareAlert
2007-10-28 17:29 <DIR> d-------- C:\Documents and Settings\User\Application Data\AdwareAlert
2007-10-25 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-25 18:52 <DIR> d-------- C:\Program Files\Trymedia
2007-10-25 18:12 <DIR> d-------- C:\Downloads
2007-10-25 18:02 82 --a------ C:\n.bat
2007-10-25 18:02 0 --a------ C:\z.dat
2007-10-25 17:55 <DIR> d-------- C:\Program Files\ContextTool
2007-10-25 17:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-10-25 14:38 35,840 -ra------ C:\WINDOWS\mrofinu1188.exe
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-23 18:02 <DIR> d-------- C:\Program Files\OGPlanet
2007-10-23 17:48 1,540 --a------ C:\WINDOWS\mozver.dat
2007-10-11 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2007-10-06 15:00 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-06 15:00 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-06 15:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-06 15:00 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 22:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 12:02 --------- d-----w C:\Program Files\DriftCity
2007-10-21 20:23 --------- d-----w C:\Program Files\Real
2007-10-21 20:22 --------- d-----w C:\Program Files\Common Files\Real
2007-10-02 12:05 --------- d-----w C:\Program Files\Scions of Fate
2007-09-22 23:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-22 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-14 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-14 21:25 --------- d-----w C:\Program Files\GALA-NET
2007-09-14 21:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-09 22:58 --------- d-----w C:\Program Files\Steam
2007-09-09 22:09 --------- d-----w C:\Program Files\Alwil Software
2007-09-09 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-09-08 19:36 --------- d-----w C:\Program Files\Google
2007-09-07 22:40 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2007-09-07 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-06 15:34 --------- d-----w C:\Program Files\Common Files\DirectX
2007-09-06 15:33 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 11:48 209 ----a-w C:\Documents and Settings\User\2172.bat
2007-08-28 11:47 32,768 ----a-w C:\Documents and Settings\User\setup9x.exe
2007-08-27 21:43 209 ----a-w C:\Documents and Settings\User\8987.bat
2007-08-27 21:07 209 ----a-w C:\Documents and Settings\User\8791.bat
2007-08-26 22:14 209 ----a-w C:\Documents and Settings\User\8904.bat
2007-08-26 20:47 209 ----a-w C:\Documents and Settings\User\7428.bat
2007-08-26 13:36 209 ----a-w C:\Documents and Settings\User\7662.bat
2007-08-25 21:05 209 ----a-w C:\Documents and Settings\User\2951.bat
2007-08-25 20:57 209 ----a-w C:\Documents and Settings\User\8193.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 16:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 10:43 C:\WINDOWS\AGRSMMSG.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaxv]
fccyaxv.dll

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 21:29:26 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-02 21:38:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 17:35:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 17:42:45 - machine was rebooted
.
--- E O F ---

so can u please help me out sad.gif :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 PM

Posted 23 November 2007 - 10:33 AM

I apologize for the very long delay. We have been very busy and it has been taking us greater time than normal to get the logs caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. DO not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users