Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Trojan.vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 kaido

kaido

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 27 December 2007 - 05:17 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:12:57, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Kaidoo\Desktop\virusprotect!\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kaidoo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reporter.ee/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0293C35-6A3A-423B-9411-E14FEF5C4837}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcaywt - C:\WINDOWS\
O20 - Winlogon Notify: mljiiij - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 2477 bytes

-- Files created between 2007-11-28 and 2007-12-28 -----------------------------

2007-12-28 00:08:33 30720 -r-hs---- C:\WINDOWS\System32\svshost.exe
2007-12-28 00:08:29 30720 --a------ C:\WINDOWS\System32\setup_03283.exe
2007-12-28 00:08:29 69 --a------ C:\WINDOWS\System32\i
2007-12-27 19:57:40 0 dr-h----- C:\Documents and Settings\Kaidoo\Recent
2007-12-27 13:25:17 0 d-------- C:\ijji
2007-12-27 13:23:53 692224 --a------ C:\WINDOWS\System32\ijjiSetup.exe <Not Verified; NHN USA; ijjiSetup Application>
2007-12-27 13:23:53 0 d-------- C:\Program Files\NHN USA
2007-12-27 12:49:40 0 d-------- C:\Program Files\DriftCity
2007-12-27 08:36:05 32768 --a------ C:\WINDOWS\System32\udaprop.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2007-12-27 08:36:05 755392 --a------ C:\WINDOWS\System32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2007-12-27 08:36:05 118784 --a------ C:\WINDOWS\System32\cmuda.dll <Not Verified; C-Media; C-Media cmuda.dll>
2007-12-27 08:36:05 233472 --a------ C:\WINDOWS\System32\cmirmdrv.exe <Not Verified; ; CmiRemoveDriver Application>
2007-12-27 08:36:05 28672 --a------ C:\WINDOWS\System32\cmirmdrv.dll
2007-12-27 08:36:05 712704 --a------ C:\WINDOWS\System32\Audio3D.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-12-27 08:36:05 712704 --a------ C:\WINDOWS\System32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-12-27 08:36:05 1454080 --a------ C:\WINDOWS\system\SmWizard.exe <Not Verified; C-Media Electronics Inc.; SmartWizard Application>
2007-12-27 08:36:05 917504 --a------ C:\WINDOWS\system\cmids3d.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2007-12-27 08:05:22 0 d-------- C:\Program Files\C-Media
2007-12-27 06:39:56 0 d-------- C:\NVIDIA Display Driver
2007-12-27 04:52:53 0 d-------- C:\Program Files\Rockstar Games
2007-12-26 02:58:57 0 d-------- C:\Documents and Settings\Kaidoo\DoctorWeb
2007-12-25 21:00:13 0 d-------- C:\VundoFix Backups
2007-12-25 20:37:35 0 d-------- C:\WINDOWS\CSC
2007-12-24 04:49:53 0 d-------- C:\Program Files\CCleaner
2007-12-24 02:46:35 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-24 02:46:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-24 02:46:28 0 d-------- C:\Documents and Settings\Kaidoo\Application Data\SUPERAntiSpyware.com
2007-12-24 02:46:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 02:28:15 0 d-------- C:\Program Files\Trend Micro
2007-12-22 02:54:21 0 d-------- C:\WINDOWS\ERUNT
2007-12-20 15:50:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-12-11 21:44:28 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 21:44:28 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 21:44:18 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 21:44:18 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-12-11 21:44:18 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-12-11 21:44:18 682496 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2007-12-11 21:43:44 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-12-27 14:21:04 0 d--h----- C:\Documents and Settings\Kaidoo\Application Data\ijjigame
2007-12-27 13:23:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 13:04:06 0 d-------- C:\Program Files\Winamp
2007-12-26 02:59:46 0 d-------- C:\Program Files\PowerISO
2007-12-26 02:59:39 0 d-------- C:\Program Files\MSN Messenger
2007-12-26 02:43:32 0 d-------- C:\Program Files\DivX
2007-12-24 02:46:09 0 d-------- C:\Program Files\Common Files
2007-12-22 01:38:03 0 d-------- C:\Program Files\Opera
2007-12-22 01:36:50 0 d-------- C:\Program Files\Webteh
2007-12-22 01:36:49 0 d-------- C:\Documents and Settings\Kaidoo\Application Data\BSplayer
2007-12-21 03:13:24 0 d-------- C:\Program Files\Counter-Strike 1.6
2007-12-20 15:28:04 47849 --a------ C:\WINDOWS\System32\cjpeg.exe
2007-12-20 15:27:50 5825 --a------ C:\WINDOWS\System32\ielog.dll
2007-11-16 12:46:32 0 d-------- C:\Documents and Settings\Kaidoo\Application Data\VideoEgg
2007-11-11 13:01:40 0 d-------- C:\Program Files\Common Files\3DO Shared
2007-11-11 13:00:03 0 d-------- C:\Program Files\3DO
2007-11-09 01:32:11 942 --a------ C:\WINDOWS\eReg.dat
2007-11-09 01:32:04 0 d-------- C:\Program Files\EA Games
2007-11-07 14:46:22 0 d-------- C:\Documents and Settings\Kaidoo\Application Data\Opera
2007-10-28 23:39:49 0 d-------- C:\Documents and Settings\Kaidoo\Application Data\BitTorrent
2007-10-21 16:37:20 21840 --a-----t C:\WINDOWS\System32\SIntfNT.dll
2007-10-21 16:37:20 17212 --a-----t C:\WINDOWS\System32\SIntf32.dll
2007-10-21 16:37:20 12067 --a-----t C:\WINDOWS\System32\SIntf16.dll
2007-10-19 17:02:12 3392 --a------ C:\WINDOWS\mozver.dat
2007-10-18 22:06:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-18 22:05:59 100475 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-10-06 07:46:42 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22.10.2006 11:22]
"nwiz"="nwiz.exe" [22.10.2006 11:22 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaywt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljiiij]




-- End of Deckard's System Scanner: finished at 2007-12-28 00:13:36 ------------

i got dr.web, ad-aware, nod32(removed it becoz it didnt detect anything!) aswell dr.web finds them all, deletes them, after reboot theire back again(dday,mjiij,del.exe, delnew,locop.exe,nadlocop.exe,zm.exe,msu32.exe)
heres the picture whats going on in my computer!
i tried vundofix, combofix,SDFIX,cclean,virtumundobegone.exe.

Attached Files


Edited by kaido, 27 December 2007 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 kaido

kaido
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 27 December 2007 - 05:32 PM

please answer fast this time... before i get again multispammed by virus. virus multiplies until computer gets stuck...

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:50 PM

Posted 27 December 2007 - 05:47 PM

You will need to be patient and wait your turn for our all volunteer HJT Techs to assist you.

If, after 5 days you've not received a reply, post your link in this forum.

http://www.bleepingcomputer.com/forums/topic14717.html

It may even take longer.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users