Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Virtumonde Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 thegreekie

thegreekie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 04 April 2009 - 05:30 PM

I've tried to get rid of the Virtumonde trojan numerous times and it just keeps coming back. Also, I think there might be a new one. I've just been having problems ever since I got Virtumonde. It causes Internet Explorer to crash and I keep getting an annoying "IE has stopped working message". However, I don't use IE and this still happens. Also I get link redirects occasionally and generally it eats up my cpu. I also did scans with spybot S&D and tried to remove them but it never worked.

My problem is very similar to the one amnesia describes (http://www.bleepingcomputer.com/forums/topic208781.html)



Any help would be greatly appreciated. I really don't want to have to reformat my computer. I'm running Vista btw. THANKS!!!



DDS (Ver_09-03-16.01) - NTFSx86
Run by thegreekie at 17:53:55.41 on Sat 04/04/2009
Internet Explorer: 7.0.6000.16386 BrowserJavaVersion: 1.6.0_03
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.786 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\reader_s.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\THEGRE~1\AppData\Local\Temp\362314529.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\thegreekie\Desktop\VundoFix.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\thegreekie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: {3b8a71f5-947b-4675-bc84-6947ad636436} - c:\windows\system32\yagegedo.dll
BHO: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [NoteZilla] c:\program files\conceptworld\notezilla\NoteZilla.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Diagnostic Manager] c:\users\thegre~1\appdata\local\temp\362314529.exe
uRun: [reader_s] c:\users\thegreekie\reader_s.exe
uRunOnce: [SpybotDeletingB477] command.com /c del "c:\windows\system32\buhuzopo.dll_old"
uRunOnce: [SpybotDeletingD1646] cmd.exe /c del "c:\windows\system32\buhuzopo.dll_old"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [lahuvoyipe] Rundll32.exe "c:\windows\system32\tibajamu.dll",s
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CPMb1ef7036] Rundll32.exe "c:\windows\system32\buhuzopo.dll",a
mRun: [Tvosisuwaqiqama] rundll32.exe "c:\windows\ndulso.dll",e
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA6449] command.com /c del "c:\windows\system32\buhuzopo.dll_old"
StartupFolder: c:\users\thegre~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: nvtpm32 c:\windows\system32\nowidami.dll c:\windows\system32\buhuzopo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\buhuzopo.dll
STS: c:\windows\system32\nhser43uhjnefr.dll: {c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\buhuzopo.dll
LSA: Notification Packages = scecli c:\windows\system32\nowidami.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\thegre~1\appdata\roaming\mozilla\firefox\profiles\kxtgpqd1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\thegreekie\appdata\roaming\mozilla\firefox\profiles\kxtgpqd1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll

============= SERVICES / DRIVERS ===============

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2009-4-4 6656]

=============== Created Last 30 ================

2009-04-04 17:39 <DIR> --d----- C:\HJT
2009-04-04 17:28 <DIR> --d----- c:\program files\Trend Micro
2009-04-04 13:35 0 a------- c:\windows\mqcd.dbt
2009-04-04 12:56 32,768 a------- c:\windows\system32\fe3.wa
2009-04-04 12:56 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-04-04 12:56 32,768 a------- c:\windows\system32\kei1w.an
2009-04-04 12:56 77,312 a------- c:\windows\system32\er3r.pxf
2009-04-04 12:56 28,672 a------- c:\windows\system32\doqkm.zt
2009-04-04 12:52 6,656 a------- c:\windows\system32\drivers\restore.sys
2009-04-04 12:51 30,208 a------- c:\windows\system32\reader_s.exe
2009-04-04 12:51 30,208 a------- c:\users\thegreekie\reader_s.exe
2009-04-04 12:51 249,856 a------- c:\windows\system32\nvtpm32.dll
2009-04-04 12:51 125,440 a------- c:\windows\system32\azton.mt
2009-04-04 12:51 2 a------- C:\-1294187771
2009-04-04 12:51 15,000 a------- c:\windows\system32\nhser43uhjnefr.dll
2009-03-30 03:20 122 ---sh--- c:\windows\system32\uhidoman.ini
2009-03-30 02:58 122 ---sh--- c:\windows\system32\ikayobon.ini
2009-03-30 02:35 122 ---sh--- c:\windows\system32\odudizid.ini
2009-03-30 02:13 122 ---sh--- c:\windows\system32\onayemik.ini
2009-03-30 01:50 122 ---sh--- c:\windows\system32\ukonadar.ini
2009-03-30 01:27 122 ---sh--- c:\windows\system32\isawegun.ini
2009-03-30 01:05 122 ---sh--- c:\windows\system32\afezalaf.ini
2009-03-29 13:00 122 ---sh--- c:\windows\system32\ujedajew.ini
2009-03-29 12:37 122 ---sh--- c:\windows\system32\enavedaw.ini
2009-03-29 02:34 122 ---sh--- c:\windows\system32\eveyafuy.ini
2009-03-29 02:12 122 ---sh--- c:\windows\system32\owoyuwov.ini
2009-03-26 19:42 <DIR> --d----- c:\users\thegre~1\appdata\roaming\Binary Fortress Software
2009-03-26 19:26 <DIR> --d----- c:\program files\DisplayFusion
2009-03-23 18:39 197,016,183 a------- c:\windows\MEMORY.DMP
2009-03-22 18:53 0 a---h--- C:\ntuser.dat.LOG2
2009-03-22 18:53 0 a---h--- C:\ntuser.dat.LOG1
2009-03-21 16:41 181,248 a------- c:\windows\SWREG.exe
2009-03-21 16:41 117,760 a------- c:\windows\sed.exe
2009-03-21 16:40 <DIR> --d----- C:\ComboFix
2009-03-21 15:24 <DIR> --d----- C:\VundoFix Backups
2009-03-21 02:14 <DIR> --d----- C:\QUARANTINE
2009-03-21 01:42 34,152 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-21 01:39 <DIR> --d----- c:\windows\35C03C043F1F42C2A989A757EE691F65.TMP
2009-03-21 01:38 <DIR> --d----- C:\McAfee8.5iP1
2009-03-21 01:16 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-03-21 01:16 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-03-21 01:16 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-03-21 01:15 64,360 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-03-21 01:15 72,264 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-21 01:15 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-03-21 01:15 170,408 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-21 01:13 <DIR> --d----- c:\program files\McAfee
2009-03-21 01:13 <DIR> --d----- c:\program files\common files\McAfee
2009-03-21 01:12 <DIR> --d----- C:\McAfee8.5i
2009-03-20 22:18 <DIR> --d----- c:\program files\CCleaner
2009-03-20 22:00 1,078 a------- c:\windows\wininit.ini
2009-03-20 21:25 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-20 21:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-20 21:25 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-03-20 16:00 <DIR> --d----- c:\program files\a-squared Free
2009-03-19 11:00 79,872 a------- c:\windows\system32\lelizomo.dll
2009-03-16 13:50 <DIR> --d----- c:\users\thegre~1\appdata\roaming\XemiComputers
2009-03-16 13:50 <DIR> --d----- c:\programdata\XemiComputers
2009-03-16 13:50 <DIR> --d----- c:\progra~2\XemiComputers
2009-03-16 13:50 <DIR> --d----- c:\program files\XemiComputers
2009-03-05 21:55 <DIR> --d----- c:\program files\BFG
2009-03-05 21:34 <DIR> --d----- c:\program files\Catan
2009-03-05 21:34 346,112 a------- c:\windows\IsUn0413.exe

==================== Find3M ====================

2009-04-04 12:51 84,768 a--sh--- c:\windows\system32\zebelivu.exe
2009-04-03 14:45 84,768 a--sh--- c:\windows\system32\tirowefa.exe
2009-04-03 14:45 88,064 a--sh--- c:\windows\system32\fuledipu.dll.vir
2009-04-03 02:22 88,064 a--sh--- c:\windows\system32\pubufuhu.dll
2009-04-03 02:22 84,768 a--sh--- c:\windows\system32\feyavezi.exe
2009-04-03 02:22 79,872 a--sh--- c:\windows\system32\bewodanu.dll
2009-04-03 00:35 88,064 a--sh--- c:\windows\system32\limagole.dll
2009-04-03 00:35 84,768 a--sh--- c:\windows\system32\hibilore.exe
2009-04-03 00:12 88,064 a--sh--- c:\windows\system32\tivekelu.dll
2009-04-03 00:12 84,768 a--sh--- c:\windows\system32\zapovafa.exe
2009-04-02 11:52 88,064 a--sh--- c:\windows\system32\karezabu.dll
2009-04-01 23:53 59,605 a--sh--- c:\windows\system32\poziwine.dll
2009-03-30 23:46 84,768 a--sh--- c:\windows\system32\kamileva.exe
2009-03-30 15:04 84,768 a--sh--- c:\windows\system32\gutasima.exe
2009-03-30 08:06 84,768 a--sh--- c:\windows\system32\tarupoge.exe
2009-03-30 03:20 88,064 a--sh--- c:\windows\system32\devusema.dll
2009-03-30 03:20 84,768 a--sh--- c:\windows\system32\kerimeru.exe
2009-03-30 03:20 79,872 -------- c:\windows\system32\namodihu.dll
2009-03-30 02:58 88,064 a--sh--- c:\windows\system32\kuzelupu.dll
2009-03-30 02:58 84,768 a--sh--- c:\windows\system32\husihoda.exe
2009-03-30 02:58 79,872 -------- c:\windows\system32\noboyaki.dll
2009-03-30 02:35 79,872 -------- c:\windows\system32\dizidudo.dll
2009-03-30 02:35 88,064 a--sh--- c:\windows\system32\dopeziru.dll
2009-03-30 02:35 84,768 a--sh--- c:\windows\system32\yewohosi.exe
2009-03-30 02:13 88,064 a--sh--- c:\windows\system32\gimutane.dll
2009-03-30 02:13 84,768 a--sh--- c:\windows\system32\zopahuyu.exe
2009-03-30 02:13 79,872 -------- c:\windows\system32\kimeyano.dll
2009-03-30 01:50 88,064 a--sh--- c:\windows\system32\gotebode.dll
2009-03-30 01:50 84,768 a--sh--- c:\windows\system32\kanasibu.exe
2009-03-30 01:50 79,872 -------- c:\windows\system32\radanoku.dll
2009-03-30 01:27 88,064 a--sh--- c:\windows\system32\halibeyu.dll
2009-03-30 01:27 84,768 a--sh--- c:\windows\system32\jihukesa.exe
2009-03-30 01:27 79,872 -------- c:\windows\system32\nugewasi.dll
2009-03-30 01:05 88,064 a--sh--- c:\windows\system32\hizijipa.dll
2009-03-30 01:05 84,768 a--sh--- c:\windows\system32\lunekaze.exe
2009-03-30 01:05 79,872 -------- c:\windows\system32\falazefa.dll
2009-03-29 13:00 88,064 a--sh--- c:\windows\system32\todunoko.dll
2009-03-29 13:00 84,768 a--sh--- c:\windows\system32\zeyagogo.exe
2009-03-29 13:00 79,872 -------- c:\windows\system32\wejadeju.dll
2009-03-29 12:37 79,872 -------- c:\windows\system32\wadevane.dll
2009-03-29 12:37 88,064 a--sh--- c:\windows\system32\mufenudu.dll
2009-03-29 12:37 84,768 a--sh--- c:\windows\system32\lunoheba.exe
2009-03-29 02:34 88,064 a--sh--- c:\windows\system32\hilufalu.dll
2009-03-29 02:34 84,768 a--sh--- c:\windows\system32\musifuyu.exe
2009-03-29 02:34 79,872 -------- c:\windows\system32\yufayeve.dll
2009-03-29 02:12 88,064 a--sh--- c:\windows\system32\hadevori.dll
2009-03-29 02:12 84,768 a--sh--- c:\windows\system32\sehejova.exe
2009-03-29 02:12 79,872 -------- c:\windows\system32\vowuyowo.dll
2009-03-28 13:55 88,064 a--sh--- c:\windows\system32\hotowaze.dll
2009-03-28 13:55 84,768 a--sh--- c:\windows\system32\jujolipu.exe
2009-03-28 13:55 79,872 a--sh--- c:\windows\system32\rezatovu.dll
2009-03-27 01:18 88,064 a--sh--- c:\windows\system32\ragegezu.dll
2009-03-26 13:18 79,872 a--sh--- c:\windows\system32\nijufagi.dll
2009-03-23 01:45 88,064 a--sh--- c:\windows\system32\natohado.dll
2009-03-23 01:45 79,872 -------- c:\windows\system32\hakajovo.dll
2009-03-21 15:33 79,872 a--sh--- c:\windows\system32\nunajimo.dll
2009-03-21 15:33 88,064 a--sh--- c:\windows\system32\niyureva.dll
2009-03-20 15:14 88,064 a--sh--- c:\windows\system32\veyevida.dll
2009-03-20 15:14 79,872 a--sh--- c:\windows\system32\nuvameje.dll
2009-03-20 02:46 79,872 a--sh--- c:\windows\system32\voberano.dll
2009-03-20 02:46 79,872 a--sh--- c:\windows\system32\yanovege.dll
2009-03-20 02:31 79,872 a------- c:\windows\system32\sisayomu.dll
2009-03-20 02:31 88,064 a--sh--- c:\windows\system32\sivuhulu.dll
2009-03-20 02:08 88,064 a--sh--- c:\windows\system32\givosahe.dll
2009-03-20 02:08 79,872 a------- c:\windows\system32\memilimi.dll
2009-03-20 01:46 88,064 a--sh--- c:\windows\system32\bariwobi.dll
2009-03-20 01:46 79,872 a------- c:\windows\system32\vopulife.dll
2009-03-20 01:23 88,064 a--sh--- c:\windows\system32\yevikoza.dll
2009-03-20 01:23 79,872 a------- c:\windows\system32\milenedi.dll
2009-03-20 01:01 88,064 a--sh--- c:\windows\system32\ninavepo.dll
2009-03-20 01:01 79,872 a------- c:\windows\system32\vezaliyu.dll
2009-03-20 00:38 88,064 a--sh--- c:\windows\system32\mosojani.dll
2009-03-20 00:38 79,872 a------- c:\windows\system32\sejigowe.dll
2009-03-20 00:16 88,064 a--sh--- c:\windows\system32\saparudi.dll
2009-03-20 00:16 79,872 a------- c:\windows\system32\puwenesu.dll
2009-03-19 23:53 88,064 a--sh--- c:\windows\system32\gaputaji.dll
2009-03-19 23:53 79,872 a------- c:\windows\system32\wiwesedu.dll
2009-03-19 23:31 88,064 a--sh--- c:\windows\system32\fomudaba.dll
2009-03-19 23:31 79,872 a------- c:\windows\system32\todajuku.dll
2009-03-19 23:08 88,064 a--sh--- c:\windows\system32\tatefumo.dll
2009-03-19 23:08 79,872 a------- c:\windows\system32\rujunuba.dll
2009-03-18 17:18 88,064 a--sh--- c:\windows\system32\fuworudo.dll
2009-03-18 17:18 79,872 a------- c:\windows\system32\pisomefu.dll
2008-12-16 01:27 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-16 01:27 86,016 a------- c:\windows\inf\infstor.dat
2008-12-16 01:27 51,200 a------- c:\windows\inf\infpub.dat
2008-07-21 02:07 1,890 a--sh--- c:\programdata\KGyGaAvL.sys
2008-07-21 02:07 1,890 a--sh--- c:\progra~2\KGyGaAvL.sys
2008-07-19 23:17 88 ---shr-- c:\programdata\C795D4B180.sys
2008-07-19 23:17 88 ---shr-- c:\progra~2\C795D4B180.sys
2008-04-15 19:10 4 ---shr-- c:\programdata\sysqcl0.dat
2008-04-15 19:10 4 ---shr-- c:\progra~2\sysqcl0.dat
2008-04-15 19:09 4 ---shr-- c:\programdata\sysqcl1129139270.dat
2008-04-15 19:09 4 ---shr-- c:\progra~2\sysqcl1129139270.dat
2007-04-15 05:26 0 a------- c:\program files\VDMD460.tmp
2006-11-02 08:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42:02 A------- 30,674 c:\windows\inf\perflib\0409\perfc.dat
2007-08-28 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-28 00:00 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-28 00:00 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-04-03 04:22 56 a--shr-- c:\windows\system32\80B1D495C7.sys
0000-00-00 00:00 3 a--sh--- c:\windows\system32\diyukeye.dll
0000-00-00 00:00 3 a--sh--- c:\windows\system32\fayeyeza.dll
2008-07-19 23:21 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\tibajamu.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\yagegedo.dll
2007-03-25 22:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007032520070326\index.dat
2007-03-26 05:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007032620070327\index.dat
2007-03-27 15:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007032720070328\index.dat
2007-03-29 09:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007032920070330\index.dat

============= FINISH: 17:57:28.57 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:29 AM

Posted 04 April 2009 - 09:39 PM

Hello thegreekie,

Did you run ComboFix on your own? :thumbup2:



Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)



Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\Windows\System32\reader_s.exe
      c:\users\thegreekie\reader_s.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by SifuMike, 04 April 2009 - 09:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:29 AM

Posted 11 April 2009 - 04:19 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users