Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan, Virtumonde, Hijacker Keep Showing Up In Avg Scan

  • Please log in to reply
4 replies to this topic

#1 gracecarriveau


  • Members
  • 12 posts
  • Location:Midwest, United States
  • Local time:10:06 PM

Posted 17 May 2008 - 12:07 AM

I've tried to find the answers for this problem in every possible place I could look and I'm not having any luck.

Since yesterday, my AVG free software performs a scan and it shows that I have numerous infections and tracking cookies. But after the scan they're not listed as viruses but as potential threats or warnings. Even after I've cleaned them out, they still show up with the next scan. I also did the online scanner at TrendMicro and Kaspersky, and they both show no infections. But the warning files have attachments like, trojan.bomka and adware.virtumonde. Am I just not understanding what AVG is telling me? This computer is only about two weeks old and does not have very much on it yet.

I have a gateway fx 6860 operating on windows vista 64 bit. I'm using the free version of Avg 8.0 anti-virus and Spyware blaster.

This is just part of the file that was in the virus vault:

"Scan ""Scheduled scan"" was finished."
"Infections found:";"0"
"Infected objects removed or healed";"0"
"Not removed or healed.";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"196"
"Information count:";"0"
"Scan started:";"Friday, May 16, 2008, 12:00:00 PM"
"Total object scanned:";"1588032"
"Time needed:";"1 hour(s) 3 minute(s) 25 second(s) "
"Errors encountered:";"0"

"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{00000001-C003-4A2F-9142-7CB1D78DE6C1}";"Found Adware.InternetOptimizer";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{00000049-8F91-4D9C-9573-F016E7626484}";"Found Adware.Isearch";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{00110011-4B0B-44D5-9718-90C88817369B}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{002AF282-E42D-4B51-9F70-F1570C02FAAD}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{00C9C6A4-1889-46BC-B73A-F4DDCC042735}";"Found Adware.Vundo";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}";"Found Downloader.ConHook.l";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{01E69986-A054-4C52-ABE8-EF63DF1C5211}";"Found Adware.CramToolbar";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{01EB5130-FC0C-4d75-B9CE-4801B1B854F5}";"Found Adware.Begin2Search";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{037CE595-57CB-4EB5-9775-97BC112F3BB3}";"Found Trojan.Bomka";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{06EECACB-F7C6-4ab9-B6AE-2DC4ED4588BB}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{086AE192-23A6-48D6-96EC-715F53797E85}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{08A312BB-5409-49FC-9347-54BB7D069AC6}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0A51FD8D-6835-4212-B796-AFC24F4D108A}";"Found Adware.CreatrixMedia";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0D4C7057-EAD2-44C6-AD18-9092905F28F1}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}";"Found Adware.RogueSuspect";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{11111111-2222-3333-4444-555555555555}";"Found Adware.Casino";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{11904CE8-632A-4856-A7CC-00B33FE71BD8}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6}";"Found Adware.Shorty";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{13146842-6251-5625-3072-548536364311}";"Found Logger.Goldun.an";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{13589181-4F0D-4553-B9F8-B4B72172C139}";"Found Adware.Vundo";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{150FA160-130D-451F-B863-B655061432BA}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{16DF666F-BA95-4F41-B396-1381C2BA66F4}";"Found Adware.Virtumonde";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{1C78AB3F-A857-482E-80C0-3A1E5238A565}";"Found Adware.Isearch";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{1CA480CD-C0E5-4548-874E-B85B17905B3A}";"Found Trojan.Zlob.f";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{1E6CE4CD-161B-4847-B8BF-E2EF72299D69}";"Found Logger.Sters";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}";"Found Adware.Begin2search";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{2305D8B7-B649-4C65-BA03-4C8B05213E1A}";"Found Adware.Virtumonde";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{2353FCBC-012D-487B-8BF3-865C0929FBEB}";"Found Adware.Virtumonde";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{2513A321-CB50-4C5F-91C5-80342AFACFB1}";"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{25E1A054-1262-459F-9F14-BF06148F4253}";"Found Trojan.Bomka";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF}";"Found Adware.Generic";"Potentially dangerous object"
"HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E}";"Found Adware.Virtumonde";"Potentially dangerous object"

The firewall scan I ran also came back with this log:

TrojWare.Win32.TrojanDownloader.Small.AAC(ID = 0x45b12) C:\WINDOWS\System32\rpcnetp.exe
TrojWare.Win32.TrojanDownloader.Small.AAC(ID = 0x45b12) C:\WINDOWS\SysWOW64\rpcnetp.dll
TrojWare.Win32.TrojanDownloader.Small.AAC(ID = 0x45b12) C:\WINDOWS\SysWOW64\rpcnetp.exe

The last thing I did before posting here, was scan at Kaspersky where it told me no infections were found and then I did another scan with avg, and got the same results as this morning. I apologize if I haven't posted all of this correctly, this is the first serious problem I've had. Thank you in advance for any help you give me.

Edited by gracecarriveau, 17 May 2008 - 12:34 AM.

BC AdBot (Login to Remove)


#2 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:04:06 AM

Posted 17 May 2008 - 06:08 AM

may I suggest you have a nosey at this thread on here?


on MY squeeky clean XP machine (which has NOT been on line for some time) I installed the AVGFREE8.0 version ;updated it, ran a full computer scan with it


I did not complete the scan due to lack of time BUT apparently I have trojans, worms, back door thingis and the like...................no comment :trumpet:

if you wish to run a tool that will check you out FOR some rubbish on there?

try this

I THINK your result with be a negative

Superantispyware; guide on how to install and run

If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


Download to the Downloads folder the free exe to superantispyware from here


you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure

please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’

A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu

If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

I THINK YOUR 'report' will be brief and very concise :thumbsup:

(if not, I will have to get me sun hat out of me car and eat it :flowers: )

#3 gracecarriveau

  • Topic Starter

  • Members
  • 12 posts
  • Location:Midwest, United States
  • Local time:10:06 PM

Posted 23 May 2008 - 07:54 AM

Hey Ruby,

Thanks for replying to my plea. I'm sorry it took me so long to reply. After reading your post, I got to thinking about it, and remembered that there are some spyware programs that don't interact with AVG very well. So I removed the spyware and ran another scan, and it come up clean. Or at least came up with what I expected. The AVG was picking up on the files from the spyware, that the spyware was programmed to block.

Once again, thank you for the help!

#4 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:04:06 AM

Posted 23 May 2008 - 08:25 AM

you are most welcom :thumbsup:
this is where ' know thy machine' comes into play me thinks!!

I finally managed to run a FULL computer scan with avg 8.0 just for the 'eck of it;

of course I am infected with trojans, worms, back door products, ............

if I did not 'know' that computer I would be getting ready for a reinstalation of XP as the only safe way forward

avg8.0 is NOT going on my recommended list of programs :trumpet:

I AM glad YOU have a clean report; lets keep it that way :flowers:

#5 gracecarriveau

  • Topic Starter

  • Members
  • 12 posts
  • Location:Midwest, United States
  • Local time:10:06 PM

Posted 25 May 2008 - 07:59 AM

Boy, you're not kidding about know thy computer! Last month my other laptop was sent in for repair so I borrowed my grandmother's laptop which had vista basic. (mine had xp) So I spent a good week learning all the new things that had to do with that. Then the first week of May, the repair center decided that my laptop was unfixable, so I received the new gateway fx 6860 with vista premium. So I've spent the last two weeks learning about that vista as well as learning about this new laptop and trying to get it protected as well as possible. (I'll be glad when I can finally just use it/play with it and not worry).

The irony here is that apparently there was a trojan horse download file on the old laptop, which was on one of the backup disks I had made. The other day I put those disks in this laptop to organize the files, and now it's on this laptop. Posted Image :thumbsup:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users