Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde infection won't go!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Noce

Noce

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 12 January 2009 - 09:34 AM

After any genre of scans, virtumonde virus won't go away! tried with spybot, adaware, spyware doctor and antivir. I scanned also the hard disk on another computer with antivir, founding more than 100 infection (removed). But virtumonde is still opening stupid popups! I'll post an hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:53, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Paolorro\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c0f1a5b4-9e43-4435-a081-7380b20ebbfc} - C:\WINDOWS\system32\vumehijo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [boyaripuve] Rundll32.exe "C:\WINDOWS\system32\risowupa.dll",s
O4 - HKLM\..\Run: [CPM93c89616] Rundll32.exe "c:\windows\system32\gasowihu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Programmi\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211388119562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...ab?582203564062
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D58D99-DE1E-44FE-BDFB-54CB8AF2B2C5}: NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\wejiwulo.dll c:\windows\system32\lobebafu.dll C:\WINDOWS\system32\nehozipa.dll c:\windows\system32\funugipi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\funugipi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\funugipi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12063 bytes

BC AdBot (Login to Remove)

 


#2 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:02:21 PM

Posted 12 January 2009 - 10:28 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi Noce and welcome to Bleeping Computer :thumbsup:

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.

In the meantime could you please post back a Uninstall list from HijackThis as follows, thank you:

Run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.


#3 Noce

Noce
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 January 2009 - 09:04 AM

As you said..... thank you very much for your help!
Here is the uninstall list

18 Wheels of Steel American Long Haul 1.00
55mm v7.5 for Adobe Photoshop & Compatible Applications
Ableton Live v7.0.1
Adobe Acrobat 8 Professional - Italiano, Español, Nederlands
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8.1.2 - Italiano
Adobe Reader for Pocket PC 2.0
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Album Cover Art Downloader 1.6.6
Ambiente di runtime GTK+ versione 2.12.8 rev a (solo rimozione)
Antares Autotune VST RTAS TDM v5.08
AnyDVD
Apple Mobile Device Support
Apple Software Update
Application Suite
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
Arturia Moog Modular V2 v1.0
ASAPI Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Display Driver
Audiosurf
Autodesk DirectConnect 2.0
AutoFriend
Avid Core Runtime
Avid DIO Runtime
Avira AntiVir Personal - Free Antivirus
BitLord 1.1
BrainWave Generator
brainZapr
BtRegTweak
Carbide.ui Theme Edition 3.2.1.0
CCleaner (remove only)
Choice Guard
CloneDVD2
Collab
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorePlayer Mobile for PocketPC (remove only)
Cover Art Downloader v1.2
CuteFTP 8 Home
CuteFTP 8 Professional
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Ogg Vorbis Lancer Encoder
dBpoweramp Real Audio (Helix) Encoder
dBpoweramp Wave64 Codec
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
Derive 6 Trial Edition
DFX 8 for Windows Media Player
Download Accelerator Plus (DAP)
DreamStation DXi2
eMule
eMule Super Booster
EpsonNet Config V2
Exact Audio Copy 0.99pb4
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
FairStars CD Ripper 1.16
Finale 2009
Finale NotePad 2008
Flickr Uploadr 3.0.5
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Garritan Gofriller Cello
Garritan Instruments for Finale
Garritan Instruments for Finale 2009
GForce impOSCar v1.10 VSTi RTAS
GLOBEtrotter FLEXid Drivers
GNU Aspell 0.50-3
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK2-Runtime
HijackThis 2.0.2
I-Doser 4.50
Intellihance Pro 4.2
Interlok driver setup x32
iTunes
iZotope iDrum
iZotope iDrum Factory Content
iZotope Ozone 3
iZotope RX
Java™ 6 Update 11
K-Lite Codec Pack 3.9.0 Full
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 4.18.3
Live 7.0.3
Logitech ImageStudio
Loquendo TTS SDK 6.5.5
Macromedia FreeHand MXa
MAGIX Audio Cleaning Lab 12 8.0.1.0 (US)
Maya 2008
Maya 2008 Documentation (en_US)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 - Language Pack (italiano)
Microsoft .NET Framework 3.5 Language Pack - ita
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
minimoog V
Monkey's Audio
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.14)
MSVC80_x86
MSVCRT
MSXML 6.0 Parser
Native Instruments B4 II
Native Instruments Kontakt 3
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
Nero 8
neroxml
NI Service Center
nik Sharpener Pro 2.0 Complete
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
OhmForce Ohmboyz VST2
OpenOffice.org 2.4
Pacchetto driver Windows - Nokia Modem (05/22/2008 3.8)
Pacchetto driver Windows - Nokia Modem (10/27/2008 3.9)
Pacchetto driver Windows - Nokia Modem (10/27/2008 7.01.0.1)
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Pacchetto driver Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Panopticum Lens Pro
PC Connectivity Solution
PDF Settings
PhotoKit Color 2 Plug-In Module
PhotoKit Plug-in Module
Pianos 1.0
Poigps GO
PoiZone
Portraiture Plug-in
PowerISO
PrintServer Driver
PSP 608 MultiDelay 1.1.2
QuickTime
RAR Password Cracker 4.12
RealGrain Plug-in
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 8.0
SBaGen 1.4.4
Segoe UI
Sentinel System Driver
Sibelius Scorch
Skype™ 3.6
SmartTRAK
Software per stampante EPSON
Sonalksis Plug-Ins for Windows 2.06
Sonnox Oxford Limiter Native VST v1.1.1
Sony ACID Pro 6.0
Sony CD Architect 5.2
Sony Media Manager 2.2
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Sony Vegas Pro 8.0
Spybot - Search & Destroy
Total Video Converter 3.12 080330
Toxic Biohazard
T-RackS 3 Deluxe
TravelTrak CE
Trillian
Ultra Hal Assistant 6.1
vanBasco's Karaoke Player
VCRedistSetup
Vector Magic
Vintage Vocoder 1.03 Build 1
VLC media player 0.9.8a
Voipwise
Wave Arts MasterVerb
Winamp
WinAVI Video Converter
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8 Beta 2
Windows Live Beta (tutti i programmi)
Windows Live Beta (tutti i programmi)
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1 beta3
WinRAR gestione archivi
Xiph QuickTime Components
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Install Manager

#4 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:02:21 PM

Posted 14 January 2009 - 08:30 AM

Hi :thumbsup:

We need to address a few primary steps before we begin the malware removal process. You also have numerous applications installed which I advise you remove for the following reasons:

IE8(Internet Explorer v8):

You have installed and active the the Innernet Browser v8. This is actually still in the Beta stage of development and will be prone to problems whilst still in the testing stage.

Because of this and the good chance it may cause a problem and or create a system conflict my advice is to uninstall this application until it has been fully tested and released as a stand alone software browser application.

Download Accelerator Plus:

DAP is not technically malware, but it may include malware and allow it into your system. Note that the free version is adware based.

Peer to Peer:

You have several of this type of application installed, I highly advise you uninstall them for the following reasons. No doubt the use of these is a source for your current malware infections:

P2P may be a great way to get lots of stuff, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Note: if you choose not to uninstall these, please refrain from using them at all during the malware removal process, thank you.

RegistryMechanic:

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Download Accelerator Plus
eMule
eMule Super Booster
Internet Exployer 8 <---after uninstall this will rollback to either IE6/7 depending on which version you had previously.
LimeWire PRO 4.18.3
RegistryMechanic


Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

We need to disable the registry guard feature of Spybot S&D as follows as it may interfere with the malware removal process.

Disable Spybot's TeaTimer:

This is a two step process.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Second step, For Either Version:
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
When completed the above, please post back the following:
  • How is you computer performing now, any problems encountered and or symptoms ?
  • A new HijackThis Log.


#5 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:02:21 PM

Posted 16 January 2009 - 05:20 AM

Hi :thumbsup:

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

#6 Noce

Noce
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 January 2009 - 09:14 AM

Sorry, but I've been out for 4 days so I didn't found the time to read. You are very kind, thank you for your help. I'll let you know within the next day if everything has worked right. sorry for bad english!!! Thank you!!!!!!!!!!!!!

#7 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:02:21 PM

Posted 16 January 2009 - 10:36 AM

Hi :)

Not a problem and thank you for informing myself. Your English is fine I assure you :thumbsup: and you are welcome!

When completed the tasks from Post #4 , post back what I requested please and we will continue with the malware removal process.

#8 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:02:21 PM

Posted 18 January 2009 - 08:49 AM

Hi :thumbsup:

Still with myself, require assistance?

#9 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:10:21 PM

Posted 22 January 2009 - 08:29 AM

Due to a lack of feedback, this topic is now closed.

If you need it re-opened, please send a message to a member of the moderating team.

This applies only to the topic starter. Everyone else please start a new topic.
Posted Image

Done your best? Really?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users