Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32/fotomoto


  • Please log in to reply
1 reply to this topic

#1 Teddy P

Teddy P

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 December 2007 - 12:36 PM

I have followed the instructions on what to do from your page. Still cannot get it to go away. Keeps changing my Home page or when on line changes to new page there. Also keep getting programs it wants me to run (allow or block from my AT&T Security Suite) and I don't know what to let run or not. Am scared someone is trying to get into my computer. Any HELP greatly apreciated...

Here is my Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:45 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [14372963] rundll32.exe "C:\WINDOWS\system32\eeukufgp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193777260806
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193777222262
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10078 bytes



Here is Bit Defender log

BitDefender Online Scanner



Scan report generated at: Sat, Dec 22, 2007 - 11:54:42





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:36:13

Files
168479

Folders
4938

Boot Sectors
4

Archives
2560

Packed Files
7656




Results

Identified Viruses
4

Infected Files
46

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
43




Engines Info

Virus Definitions
883940

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP10\A0004169.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP10\A0004169.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP10\A0004169.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004230.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004230.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004230.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004231.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004231.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004231.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004232.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004232.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004232.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004233.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004233.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP13\A0004233.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004269.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004269.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004269.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004271.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004271.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004271.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004272.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004272.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004272.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004273.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004273.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004273.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004274.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004274.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004274.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004275.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004275.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004275.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004276.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004276.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004276.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004277.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004277.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004277.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004278.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004278.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004278.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004279.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004279.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004279.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004280.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004280.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP15\A0004280.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004303.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004303.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004303.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004304.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004304.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP19\A0004304.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP23\A0004365.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP23\A0004365.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP23\A0004365.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004643.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004643.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004643.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004663.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004663.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004663.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004664.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004664.exe
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP24\A0004664.exe
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP3\A0001007.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP3\A0001007.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP3\A0001007.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP7\A0002126.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP7\A0002126.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP7\A0002126.dll
Deleted

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP8\A0004126.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP8\A0004126.dll
Disinfection failed

C:\System Volume Information\_restore{A5BB71DC-1237-4CA7-AF84-AFA9775AD790}\RP8\A0004126.dll
Deleted

C:\WINDOWS\system32\aepbfhxf.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\aepbfhxf.dll
Disinfection failed

C:\WINDOWS\system32\aepbfhxf.dll
Delete failed

C:\WINDOWS\system32\biiyirbr.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\biiyirbr.dll
Disinfection failed

C:\WINDOWS\system32\biiyirbr.dll
Deleted

C:\WINDOWS\system32\bpgifrik.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\bpgifrik.dll
Disinfection failed

C:\WINDOWS\system32\bpgifrik.dll
Deleted

C:\WINDOWS\system32\earkendm.dll
Infected with: Trojan.Vundo.DRT

C:\WINDOWS\system32\earkendm.dll
Disinfection failed

C:\WINDOWS\system32\earkendm.dll
Deleted

C:\WINDOWS\system32\eeukufgp.dll
Infected with: Trojan.Vundo.DRT

C:\WINDOWS\system32\eeukufgp.dll
Disinfection failed

C:\WINDOWS\system32\eeukufgp.dll
Delete failed

C:\WINDOWS\system32\egbvydjr.dll
Infected with: Trojan.Vundo.DRT

C:\WINDOWS\system32\egbvydjr.dll
Disinfection failed

C:\WINDOWS\system32\egbvydjr.dll
Deleted

C:\WINDOWS\system32\eiriwlka.dll
Infected with: Trojan.Vundo.DRT

C:\WINDOWS\system32\eiriwlka.dll
Disinfection failed

C:\WINDOWS\system32\eiriwlka.dll
Deleted

C:\WINDOWS\system32\guaxhcyn.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\guaxhcyn.dll
Disinfection failed

C:\WINDOWS\system32\guaxhcyn.dll
Deleted

C:\WINDOWS\system32\hkwyflft.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\hkwyflft.dll
Disinfection failed

C:\WINDOWS\system32\hkwyflft.dll
Deleted

C:\WINDOWS\system32\hmdrbklv.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\hmdrbklv.dll
Disinfection failed

C:\WINDOWS\system32\hmdrbklv.dll
Deleted

C:\WINDOWS\system32\jkkkkhf.dll
Infected with: Trojan.Vundo.DTJ

C:\WINDOWS\system32\jkkkkhf.dll
Disinfection failed

C:\WINDOWS\system32\jkkkkhf.dll
Delete failed

C:\WINDOWS\system32\mobmtsln.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\mobmtsln.dll
Disinfection failed

C:\WINDOWS\system32\mobmtsln.dll
Deleted

C:\WINDOWS\system32\oxicghml.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\oxicghml.dll
Disinfection failed

C:\WINDOWS\system32\oxicghml.dll
Deleted

C:\WINDOWS\system32\qyumvitw.dll
Infected with: Trojan.Vundo.DRT

C:\WINDOWS\system32\qyumvitw.dll
Disinfection failed

C:\WINDOWS\system32\qyumvitw.dll
Deleted

C:\WINDOWS\system32\slrdhmxl.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\slrdhmxl.dll
Disinfection failed

C:\WINDOWS\system32\slrdhmxl.dll
Deleted

C:\WINDOWS\system32\vmcioqjb.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\vmcioqjb.dll
Disinfection failed

C:\WINDOWS\system32\vmcioqjb.dll
Deleted

C:\WINDOWS\system32\vtusrro(2).dll
Infected with: Trojan.Vundo.DTJ

C:\WINDOWS\system32\vtusrro(2).dll
Disinfection failed

C:\WINDOWS\system32\vtusrro(2).dll
Deleted

C:\WINDOWS\system32\wojiehse.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\wojiehse.dll
Disinfection failed

C:\WINDOWS\system32\wojiehse.dll
Deleted

C:\WINDOWS\system32\ygeqgcvf.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\ygeqgcvf.dll
Disinfection failed

C:\WINDOWS\system32\ygeqgcvf.dll
Deleted

C:\WINDOWS\system32\yldnaspe.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\yldnaspe.dll
Disinfection failed

C:\WINDOWS\system32\yldnaspe.dll
Deleted

C:\WINDOWS\system32\ytunltsk.dll
Infected with: Trojan.Vundo.DSJ

C:\WINDOWS\system32\ytunltsk.dll
Disinfection failed

C:\WINDOWS\system32\ytunltsk.dll
Deleted


Can any help, PLEASE......



THANKS, Teddy P

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:50 AM

Posted 09 January 2008 - 03:45 AM

Hi and welcome,

Sorry for delay. We are burried in logs.

If you still need help please post logs from the following:

Download Deckard's System Scanner to your Desktop.:

http://www.techsupportforum.com/sectools/Deckard/dss.exe
http://deckard.geekstogo.com/dss.exe

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt here.
A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
Please attach Extra.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

To attach a file to a new post, simply
Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:

C:\Deckard\System Scanner\Extra.txt

Click Upload.

What DSS will do:
--create a new System Restore point in Windows XP and Vista.
--clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
--check some important areas of your system and produce a report for your analyst to review.
--System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users