Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.win32.monder.gen


  • This topic is locked This topic is locked
2 replies to this topic

#1 bopman

bopman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 25 December 2008 - 02:18 PM

Symptomps: Trojan.Win32.Monder.gen is found by Zone Alarm, but cannot be removed (even in safe mode). My computer is constantly popping up web pages. All of the recovery points I previously saved are gone. I need some help. I am including the DDS report.

- Rob
---

DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 13:51:21.10 on Thu 12/25/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.435 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\QNAP\QGet\QGetIEMenuExt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2F.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {b60f260d-c086-08eb-e544-b89bbfd5add1}: {1dda5dfb-b98b-445e-be80-680cd062f06b} - c:\windows\system32\zwbdjd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: {c3d882ec-f634-4348-b389-051460751e1a} - c:\windows\system32\tuvVMCVL.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: {a33fa729-d155-4b23-842b-2c665ecabdb6} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [EPSON PictureMate Deluxe] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9TA.EXE /P24 "EPSON PictureMate Deluxe" /O6 "USB002" /M "PictureMate Deluxe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QNAP_NASNetBak] c:\program files\qnap\netbak\NetBak.exe /min
mRun: [QGetIEMenuExt] c:\program files\qnap\qget\QGetIEMenuExt.exe /standard
mRun: [VMConsole.exe] c:\program files\sony\vaio media integrated server\platform\VMConsole.exe /windowmin
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [b4948338] rundll32.exe "c:\windows\system32\ihgbupvp.dll",b
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: Download by QGet - c:\program files\qnap\qget\QGetCatch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\web2~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: fccdeffG - fccdeffG.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: zwbdjd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvVMCVL

============= SERVICES / DRIVERS ===============

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2006-3-11 18110]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2006-3-11 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2006-3-11 423454]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-6-28 394192]
R3 KLIF;KLIF;\??\c:\windows\system32\zonelabs\avsys\KLIF.SYS [2007-6-28 174864]
S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys []
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;c:\windows\system32\drivers\fa410nd5.sys []
S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys []
S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys []
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\rdwm1061.sys [2008-12-11 174834]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys []

=============== Created Last 30 ================

2008-12-25 11:02 552 a------- c:\windows\system32\d3d8caps.dat
2008-12-23 22:31 29,696 a------- C:\Ross Muchnik Resume - 2008.doc
2008-12-20 21:19 135,168 a------- c:\windows\system32\zwbdjd.dll
2008-12-20 21:19 135,168 a------- c:\windows\system32\ayywxkwq.dll
2008-12-20 21:16 1,661,209 a--sh--- c:\windows\system32\pvpubghi.ini
2008-12-20 21:16 93,696 a------- c:\windows\system32\ihgbupvp.dll
2008-12-20 21:13 1,468 a--sh--- c:\windows\system32\LVCMVvut.ini2
2008-12-20 21:13 1,468 a--sh--- c:\windows\system32\LVCMVvut.ini
2008-12-20 20:02 70,656 a------- c:\windows\system32\prunnet.exe
2008-12-20 20:00 <DIR> --d----- c:\program files\LG Software Innovations
2008-12-20 09:01 34,308 a------- c:\windows\system32\Chip.dll
2008-12-20 09:00 <DIR> --d----- c:\program files\MagicDVDRipper
2008-12-18 19:57 87,608 a------- c:\docume~1\admini~1\applic~1\inst.exe
2008-12-18 19:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-18 19:57 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys
2008-12-11 20:43 767,023 a------- C:\sl880.pdf
2008-12-11 19:56 217,088 a------- c:\windows\system32\RDDP1061.DAT
2008-12-11 19:56 174,834 a------- c:\windows\system32\drivers\Rdwm1061.sys
2008-12-11 19:56 57,344 a------- c:\windows\system32\RDCP1061.CPL
2008-12-11 19:56 32,359 a------- c:\windows\system32\RdCi1061.dll
2008-12-11 19:56 4,088 a------- c:\windows\system32\RD3T1061.DAT
2008-12-11 19:56 81,920 a------- c:\windows\system32\rdas1061.dll
2008-12-11 19:56 <DIR> --d----- c:\program files\RdDrv001
2008-12-08 18:04 <DIR> --d----- c:\windows\system32\scripting
2008-12-08 18:04 <DIR> --d----- c:\windows\l2schemas
2008-12-08 18:04 <DIR> --d----- c:\windows\system32\en
2008-12-08 18:04 <DIR> --d----- c:\windows\system32\bits
2008-12-08 18:00 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-08 08:32 7,988,435 a------- C:\QNAP_TS-409-PRO_UserManual.pdf
2008-12-07 17:26 1,184 a------- c:\windows\PL_MMP.INI
2008-12-07 17:26 401 a------- c:\windows\PL.FAV
2008-12-07 17:26 251 a------- c:\windows\PL_MMP.CFG
2008-12-07 16:32 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2008-12-07 16:32 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-07 16:01 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-07 15:49 675,883,008 a------- C:\Image_081207_1548.iso
2008-12-07 11:54 1,131 a------- c:\windows\GL_MMP.INI
2008-12-07 11:54 401 a------- c:\windows\GL.FAV
2008-12-07 11:54 251 a------- c:\windows\GL_MMP.CFG
2008-12-07 11:22 <DIR> --d----- c:\program files\begin_g
2008-12-07 11:15 1,409 a------- c:\windows\system\PGTEXT.FOT
2008-12-07 11:14 1,409 a------- c:\windows\system\PGMUS.FOT
2008-12-07 11:14 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2008-12-07 11:07 <DIR> --d----- c:\program files\begin_p
2008-12-07 10:22 146 a------- c:\windows\KMDPref.ini
2008-12-07 10:05 <DIR> --d----- c:\program files\eMedia Piano and Keyboard Method Demo
2008-12-06 16:49 1,409 a------- c:\windows\system32\PGTEXTJE.FOT
2008-12-06 15:03 <DIR> --d----- C:\RealBand
2008-12-06 14:38 1,409 a------- c:\windows\system32\PGTEXTJ_.FOT
2008-12-06 14:38 1,409 a------- c:\windows\system32\PGCHORDS.FOT
2008-12-06 08:44 <DIR> --d----- c:\program files\Jazz_Guitar_Solos_Vol_1-4
2008-12-05 07:07 <DIR> --d----- c:\program files\common files\Native Instruments
2008-12-05 06:11 <DIR> --d----- c:\program files\common files\Digidesign
2008-12-05 05:49 1,409 a------- c:\windows\system32\pgjazz__.FOT
2008-12-05 05:48 <DIR> --d----- c:\program files\PowerTracks DirectX Plugins
2008-12-04 20:29 <DIR> --d----- c:\program files\ASIO4ALL v2
2008-12-03 19:02 1,700,352 a------- c:\windows\system32\gdiplus.dll
2008-12-03 10:28 <DIR> --d----- c:\program files\Native Instruments

==================== Find3M ====================

2008-12-25 13:51 26,716,960 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-25 13:39 1,238,304 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2008-12-25 10:52 512 a------- C:\ScanSectorLog.dat
2008-12-25 10:44 359,384 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-25 10:44 116,996 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-23 19:37 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-12-08 18:08 86,665 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 04:43 6,508,375 a------- C:\LearningWCFVS2008.zip
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-10 14:08 70,157,448 a------- C:\All_Files.zip
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2005-09-09 19:55 7,155,864 a------- c:\program files\NGhost10.msi
2005-09-09 19:55 4,588,454 a------- c:\program files\setup.exe
2005-09-09 19:55 35 a------- c:\program files\SCSSDist.ini
2005-09-09 19:55 37,766,164 a------- c:\program files\Data1.cab

============= FINISH: 13:54:41.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bopman

bopman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 29 December 2008 - 01:13 PM

Never mind. I'm going to reinstall the OS. I don't have anything important on that computer, except for software, which I can reload. I'll take it as a lesson to try harder not to get into this situation in the future.

- Rob

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 05 January 2009 - 09:29 AM

Thank you for notify us.. I will now close this topic.. Please pm any Moderator or HijackThis Team should you need to re-open this topic..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users