Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virtumonde And Privacy Remover

  • Please log in to reply
1 reply to this topic

#1 Theebs


  • Members
  • 10 posts
  • Local time:07:58 AM

Posted 22 August 2008 - 10:19 AM

HI I have the virtumonde and privacy reomver issue. My mcafee virus scan detects them and removes them, but every restart they are back. It has taken over my desktop background and my settings.

here is the screenshot.
Posted Image


Any ideas on how to get rid of it?



BC AdBot (Login to Remove)


#2 Theebs

  • Topic Starter

  • Members
  • 10 posts
  • Local time:07:58 AM

Posted 22 August 2008 - 12:26 PM

I ran my virus scan again. I ran adaware again. And then I ran a full malware scan.

After the reboot the malware is gone. I guess I am in the clear? Is there anything else I should do. Here is the log from the malwarebytes.

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

11:48:05 AM 8/22/2008
mbam-log-08-22-2008 (11-47-58).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 191319
Time elapsed: 1 hour(s), 18 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4e7bd74f-2b8d-469e-defa-eb76b1d5fa7d} (Adware.BetterInternet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wintools (Trojan.WinTools) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RunDll (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysUpd (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcteaj0el2a (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.
C:\Program Files\3721 (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Common Files\WinTools (Trojan.WinTools) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.

Files Infected:
C:\Program Files\Common Files\WinTools\WSUP.EXE (Trojan.WinTools) -> No action taken.
C:\Program Files\Common Files\WinTools\WTOOLSA.EXE (Trojan.WinTools) -> No action taken.
C:\Program Files\Common Files\WinTools\WToolsC.cfg (Trojan.WinTools) -> No action taken.
C:\Program Files\Common Files\WinTools\WToolsD.cfg (Trojan.WinTools) -> No action taken.
C:\Program Files\Common Files\WinTools\WToolsP.cfg (Trojan.WinTools) -> No action taken.
C:\Program Files\Microsoft Common\wuauclt.exe (Trojan.Agent) -> No action taken.
C:\WinXp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lphcteaj0el2a.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcteaj0el2a.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Todd \Application Data\tvmknwrd.dll (Trojan.Agent) -> No action taken.

Edited by Orange Blossom, 22 August 2008 - 02:14 PM.
Move to more appropriate forum. ~ OB

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users