Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NOD32 proof virtumonde and smitfraud infections


  • Please log in to reply
1 reply to this topic

#1 gnwa3000

gnwa3000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 01 January 2009 - 02:27 AM

Cool infections that won't go away, that go undetected by NOD32 and that send me pop ups for anti virus 2009.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:26:46 AM, on 01/01/2009Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)Boot mode: NormalRunning processes:C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Systweak\Systweak CacheBoost\cbsrv.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Program Files (x86)\Java\jre6\bin\jqs.exeC:\WINDOWS\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files (x86)\Citrus Alarm Clock\citrusac.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Systweak\Systweak CacheBoost\trayicon.exeC:\WINDOWS\V0420Mon.exeC:\Program Files (x86)\Windows Live\Messenger\usnsvc.exeC:\Program Files (x86)\Java\jre6\bin\jucheck.exeC:\Program Files (x86)\foobar2000\foobar2000.exeC:\Program Files (x86)\Last.fm\LastFM.exeC:\Program Files (x86)\mIRC\mirc.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\SysWOW64\wisptis.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exeC:\Documents and Settings\Administrator\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :F2 - REG:system.ini: UserInit=userinitO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {10e34e9d-91de-4e6f-9ff6-abd84a4035cd} - C:\WINDOWS\SysWow64\tefuzagi.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~2\FlashGet\jccatch.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dllO4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [CacheBoost] "C:\Program Files (x86)\Systweak\Systweak CacheBoost\trayicon.exe"O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exeO4 - HKLM\..\Run: [tuhadesuzu] Rundll32.exe "C:\WINDOWS\SysWow64\tefuzagi.dll",sO4 - HKLM\..\Run: [CPM3b29e90a] Rundll32.exe "c:\windows\system32\jiwirido.dll",aO4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheckO4 - HKLM\..\RunOnce: [SpybotDeletingA8120] command /c del "c:\windows\system32\nureboru.dll_old"O4 - HKLM\..\RunOnce: [SpybotDeletingC4150] cmd /c del "c:\windows\system32\nureboru.dll_old"O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files (x86)\Citrus Alarm Clock\citrusac.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: c:\windows\system32\ C:\WINDOWS\system32\jisideso.dll c:\windows\system32\ c:\windows\system32\nureboru.dll c:\windows\system32\domilepo.dllO21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\domilepo.dllO22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\domilepo.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - C:\Program Files (x86)\Systweak\Systweak CacheBoost\cbsrv.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeO23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exeO23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)--End of file - 9218 bytes


BC AdBot (Login to Remove)

 


#2 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:12:42 AM

Posted 12 January 2009 - 05:56 PM

Hi gnwa3000,

Welcome to the BleepingComputer forums.

We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.

If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.

If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.NOTE: Before scanning, make sure all other running programs are closed
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • >>Follow the instructions that pop up for posting the results.<<
  • Close the program window, and delete the program from your desktop.
NOTE: Please do not use the code tags when posting your logs. It makes them very difficult to read (I am vision impaired). Instead, use Ctrl+v or Edit=>Paste to paste the logs contents into the message body. Thank you so much.

I look forward to your response. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users