Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smitfraud/gz virtumondo a couple win.***.**


  • Please log in to reply
No replies to this topic

#1 homer15908

homer15908

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 22 December 2008 - 07:54 PM

Hi all,
I'm working on a computer that seems to be infested with headache's and frustration.
I was able to install Hijack This, CCleaner, and Spybot - Search and Destroy.
When I run Hijack This, as its scanning, it gives me two errors, then restarts the computer. The first error is regarding the number of HOSTS entries there are. I deleted the HOSTS file and then ran Hijack This, but the same end result ensued. It looks like html in the hosts file regarding yahoo. I ran mbam through a clean computer with the hard drive hooked up to a usb-to-ide cable. That found about 73 entries.
I ran Spybot and it was able to fix all but one entry. I forget the entry, restarted, and its scanning before xp has completely loaded.
Here's my mbam log that was ran from my clean computer:

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

12/22/2008 2:40:20 PM
mbam-log-2008-12-22 (14-40-20).txt

Scan type: Full Scan (I:\|)
Objects scanned: 173744
Time elapsed: 1 hour(s), 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 73

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\Documents and Settings\Heriberto\Local Settings\Temp\cmdinst.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temp\prun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temp\snapsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temporary Internet Files\Content.IE5\4AOGV06K\AV2009Install_77005370[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temporary Internet Files\Content.IE5\4AOGV06K\AV2009Install_77005370[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temporary Internet Files\Content.IE5\GPKJOFKJ\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temporary Internet Files\Content.IE5\VQZ23JY8\meane[1].stf (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Heriberto\Local Settings\Temporary Internet Files\Content.IE5\VQZ23JY8\xpreload[1].ocx (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Norma\Local Settings\Temp\xpre.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Norma\Local Settings\Temp\xrun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Program Files\altcmd\almd32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0021591.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0021629.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0021645.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0021660.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022661.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022675.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022691.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022705.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022731.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022747.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022761.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022815.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022830.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022846.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022871.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022887.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022934.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022949.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022989.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023004.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023019.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023035.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023103.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023118.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023146.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023161.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0022910.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023186.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023202.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0024217.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0024257.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP53\A0023217.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP55\A0025584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\stfMeane572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\fccyaXqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\fccYOfgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\urqNHBTj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\nnnKBTnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\rhutexek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\biqhbttd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\bnlimwro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\itssjq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\motomn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mpdoyydr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\nwctcqhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\tdsslog.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\tdssmain.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\tdssserf.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\vpspig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\lyepyjmy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\xxywWnOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\yfitwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ykwcbgmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\zjvvkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\zupdkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\p\xerd2140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UK1HBE2T\taskmgr[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ES\ixp6453.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\inf\TNP43I46.exe (Trojan.BHO) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\np5\sfeth112.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mC19\mC191065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


If anyone can help me or redirect me that'd be greatly appreciated. Thank you for your time.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users