Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

warning message


  • This topic is locked This topic is locked
2 replies to this topic

#1 letmefnknow

letmefnknow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 08 April 2009 - 11:55 AM

i need help to remove an infection called virtumonde
DDS (Ver_09-03-16.01) - NTFSx86
Run by hot at 13:41:20.88 on Wed 04/22/2009
Internet Explorer: 6.0.2800.1106

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d9050\Belkinwcui.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: reset5 - reset5.dll
Notify: WinCtrl32 - WinCtrl32.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-22 13:23 16,896 a------- c:\windows\system32\WinCtrl32.dl_
2009-04-22 13:22 12 a------- c:\windows\reset5.dt3
2009-04-22 13:21 12 a------- c:\windows\reset5.dt1
2009-04-22 12:55 16,896 a------- c:\windows\system32\WinCtrl32.dll
2009-04-22 12:01 1,400 a------- c:\windows\system32\ahtn.htm
2009-04-22 12:01 97,280 a------- c:\windows\system32\clusap.dll
2009-04-22 12:01 1 a------- c:\windows\system32\uniq.tll
2009-04-22 12:01 23,040 a------- c:\documents and settings\hot\S87ekhV.exe
2009-04-15 07:02 <DIR> --ds---- c:\documents and settings\hot\UserData
2009-04-15 07:01 376 a------- c:\windows\wininit.ini
2009-04-13 20:27 <DIR> --d----- c:\program files\Wonderland Online
2009-04-13 12:22 <DIR> --d----- c:\program files\CleanUp!
2009-04-13 11:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-13 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-13 11:35 81,191 a------- c:\windows\system32\nvapps.xml
2009-04-13 11:34 208,896 a------- c:\windows\system32\nvudisp.exe
2009-04-13 11:34 16,960 a------- c:\windows\system32\nvdisp.nvu
2009-04-13 11:34 <DIR> --d----- c:\windows\nview
2009-04-13 11:34 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-04-13 11:29 <DIR> --d----- c:\windows\RegisteredPackages
2009-04-13 11:21 370 a------- c:\windows\system32\reset5.dat
2009-04-13 11:21 8,192 a------- c:\windows\system32\resetwpa.reg
2009-04-13 11:19 <DIR> --d----- c:\windows\pss
2009-04-13 11:15 <DIR> --d----- c:\program files\DivX
2009-04-13 11:04 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-04-13 11:03 347,776 a----r-- c:\windows\system32\drivers\rt73.sys
2009-04-13 11:03 2,048 -------- c:\windows\system32\drivers\rt73.bin
2009-04-13 11:03 <DIR> --d----- c:\program files\Belkin
2009-04-13 11:03 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-13 11:02 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-13 11:00 <DIR> --dsh--- c:\windows\Installer
2009-04-13 10:59 <DIR> --d----- c:\documents and settings\hot
2009-04-13 10:53 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-13 10:50 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll
2009-04-13 10:49 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-04-13 10:48 18,944 ac------ c:\windows\system32\dllcache\cprofile.exe
2009-04-13 10:47 188,480 ac------ c:\windows\system32\dllcache\cfgwiz.exe
2009-04-13 10:45 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-13 10:43 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-13 10:41 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-13 10:41 <DIR> --d----- c:\program files\Online Services
2009-04-13 10:40 <DIR> --d----- c:\program files\Messenger
2009-04-13 10:40 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-13 10:40 <DIR> --d----- c:\program files\Windows NT
2009-04-13 06:27 <DIR> --d----- c:\program files\common files\ODBC
2009-04-13 06:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-13 06:27 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-22 13:23 31,616 a------- c:\windows\system32\drivers\Winva82.sys
2009-04-13 10:47 2,678 a------- c:\windows\java\packages\data\TBDJP339.DAT
2009-04-13 10:47 558,142 a------- c:\windows\java\packages\AE8W9JLV.ZIP
2009-04-13 10:47 155,995 a------- c:\windows\java\packages\69ZHR1NX.ZIP
2009-04-13 10:47 2,678 a------- c:\windows\java\packages\data\YBB979BN.DAT
2009-04-13 10:47 2,678 a------- c:\windows\java\packages\data\XRXJJJDB.DAT
2009-04-13 10:47 2,678 a------- c:\windows\java\packages\data\31VF1R3H.DAT
2009-04-13 10:46 2,678 a------- c:\windows\java\packages\data\GQBZTRLJ.DAT
2009-04-13 10:46 70,691 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-13 10:42 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:41:58.09 ===============

Attached Files


Edited by letmefnknow, 08 April 2009 - 12:00 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:47 AM

Posted 14 April 2009 - 05:29 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:47 AM

Posted 26 April 2009 - 12:23 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users