Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirus 360 Ad Popup / Vundo Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 sharper333

sharper333

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 05 March 2009 - 12:14 AM

Hi I have a problem with Vundo / Virtumonde on my computer. I have tried several different programs to try and delete it: Mcafee, Ad-Aware, Spybot, and VundoFix. None of them have worked. I downloaded Hijackthis, and it said to post my results in these forums. When I did the run-through to see what I should post it also said I should use DDS.

I'm getting statements saying : Warning! Security Report: Your computer is infected! It is recommended to start spyware cleaner tool.

Along with that I have a strobed background that says WARNING SPYWARE: Many viruses were found on your computer such as: Trojan Horse, Passcapture, etc. Your personnel information can fall into "third hands". Please check up on your computer with a special software. Thank.

And i'm constantly getting rerouted when using Internet Explorer.

Any help would be greatly appreciated :thumbup2: And if I should post the Hijackthis thread I would be more then happy to.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Richard at 20:53:42.46 on Wed 03/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2097 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1c6ecee4-3384-4fa2-bba6-b6697f263f75} - c:\windows\system32\woragofi.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {a5f6a131-1f41-cbcb-fb54-677af70b0ebb}: {bbe0b07f-a776-45bf-bcbc-14f1131a6f5a} - c:\windows\system32\gzltoz.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\richard\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hajuresumi] Rundll32.exe "c:\windows\system32\rerifedo.dll",s
mRun: [Framework Windows] frmwrk32.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [50a3b9cd] rundll32.exe "c:\windows\system32\buyenayo.dll",b
mRun: [CPM53908a51] Rundll32.exe "c:\windows\system32\pajohebu.dll",a
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg121 configuration utility\wlancfg8.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\temp\ntdll64.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208671063046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\zewamako.dll c:\windows\system32\pajohebu.dll gzltoz.dll c:\windows\system32\fozehuka.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pajohebu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pajohebu.dll
LSA: Notification Packages = scecli c:\windows\system32\zewamako.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-3 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-19 201320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-19 359248]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-4-19 37376]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys [2008-4-20 337216]
S0 Cdr4vsd;Cdr4vsd; [x]
S2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-4-19 144704]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-4-19 84992]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-19 695624]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-19 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-19 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-19 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-19 40488]

=============== Created Last 30 ================

2009-03-04 20:20 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 19:17 <DIR> --d----- C:\VundoFix Backups
2009-03-04 19:10 1,799,350 ---sh--- c:\windows\system32\oyaneyub.ini
2009-03-04 19:09 129,024 a--sh--- c:\windows\system32\gzltoz.dll
2009-03-03 23:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-03 22:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-03 22:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-03 22:39 <DIR> --d----- c:\program files\Lavasoft
2009-03-03 22:24 121 ---sh--- c:\windows\system32\ayozakos.ini
2009-03-03 21:14 129,024 a--sh--- c:\windows\system32\ajudsu.dll
2009-03-03 13:02 104,960 a------- c:\windows\system32\ntdll64.exe
2009-03-03 12:32 439 a------- c:\windows\system32\win32hlp.cnf
2009-03-03 12:32 4,785 a------- c:\windows\system32\warning.gif
2009-03-03 12:32 1,394 a------- c:\windows\system32\ahtn.htm
2009-03-03 12:31 1,060 a------- c:\windows\system32\test.ttt
2009-03-03 12:31 1 a------- c:\windows\system32\uniq.tll
2009-03-03 12:31 30,208 a------- c:\windows\system32\frmwrk32.exe
2009-03-03 12:31 30,208 a------- c:\windows\system32\1000.exe
2009-03-03 08:17 129,024 a--sh--- c:\windows\system32\btxdyj.dll
2009-03-02 22:06 268 a---h--- C:\sqmdata04.sqm
2009-03-02 22:06 244 a---h--- C:\sqmnoopt04.sqm
2009-03-02 18:16 69,632 a------- c:\windows\system32\~.exe
2009-03-02 13:51 129,024 a--sh--- c:\windows\system32\uhicek.dll
2009-03-01 14:44 129,024 a--sh--- c:\windows\system32\jbqhol.dll
2009-02-09 09:12 268 a---h--- C:\sqmdata03.sqm
2009-02-09 09:12 244 a---h--- C:\sqmnoopt03.sqm

==================== Find3M ====================

2009-03-04 19:09 84,992 a--sh--- c:\windows\system32\fozehuka.dll
2009-03-04 19:09 129,024 a--sh--- c:\windows\system32\tawagifi.dll
2009-03-04 19:09 79,872 a--sh--- c:\windows\system32\buyenayo.dll
2009-03-03 21:14 79,872 a--sh--- c:\windows\system32\sokazoya.dll
2009-03-03 21:14 129,024 a--sh--- c:\windows\system32\feyujafi.dll
2009-03-03 21:14 84,992 a--sh--- c:\windows\system32\pajohebu.dll
2009-03-03 12:31 104,960 a------- c:\windows\system32\userinit.exe
2009-03-03 08:17 129,024 a--sh--- c:\windows\system32\fibikavi.dll
2009-03-03 08:17 84,992 a--sh--- c:\windows\system32\lojaloke.dll
2009-03-02 13:51 129,024 a--sh--- c:\windows\system32\rutihuku.dll
2009-03-02 13:51 84,992 a--sh--- c:\windows\system32\kasiyebo.dll
2009-03-01 14:44 84,992 a--sh--- c:\windows\system32\patezezo.dll
2009-03-01 14:44 129,024 a--sh--- c:\windows\system32\fusamuzo.dll
2009-03-01 14:44 79,872 a--sh--- c:\windows\system32\sejiralo.dll
2009-01-26 18:07 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-16 11:41 163 a------- c:\program files\Anthem.m3u
2008-07-31 09:33 1,589 a------- c:\program files\limewire2.m3u
2008-06-03 20:28 2,088 a------- c:\program files\limewire.m3u
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\rerifedo.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\woragofi.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\zewamako.dll

============= FINISH: 20:54:36.46 ===============

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 18 March 2009 - 12:55 PM

Hello sharper333,

I apologise for the delay, the forum is extremely busy.

If you still need help run HijackThis, and post the report here.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 23 March 2009 - 10:43 AM

Due to the lack of feedback, this Topic is now closed and will not be reopened.
If you still need help, begin a new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users