Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde-Malware Doctor and who know what else


  • This topic is locked This topic is locked
3 replies to this topic

#1 JackRambler24

JackRambler24

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 20 May 2009 - 05:02 PM

Well for starters my computers been hijacked by "Malware Doctor" but I've had other viruses for some time and haven't been able to get rid of them. I have Malwarebytes Anti-Malware and Spybot Search and Destroy and neither one of them has been able to clean my computer. I did remove a few entires from my registry but I made sure they weren't anything vital but obviously they weren't viruses either. Anyways Im at my wits end and would love to have some help. I don't why but I can't post Attach.txt so Im not sure what to do about that.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Nic at 16:47:49.59 on Wed 05/20/2009
Internet Explorer: 7.0.5730.13
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Avanquest NetDefense Firewall *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by MySpace
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: LiveInfoPro: {3e9d340b-d614-4854-ae06-4218201f6aae} - c:\program files\internet explorer\liveinfopro\toolbar_v0.9.5_w-jsinside-affid-1002.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Malware Doctor] c:\documents and settings\networkservice\application data\916653139.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Malware Doctor] c:\documents and settings\networkservice\application data\916653139.exe
dRun: [Diagnostic Manager] c:\windows\temp\36833976.exe
StartupFolder: c:\docume~1\nic\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: text/html - {d8bfefb5-0608-4121-8278-ec3322ba1a51} - c:\windows\system32\dsound3dd.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDVpNG

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-20 15:56 439 a------- c:\windows\system32\win32hlp.cnf
2009-05-20 14:32 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-20 11:32 29,184 a------- c:\windows\system32\stfa.dll
2009-05-20 09:10 32,768 a------- c:\windows\system32\AshEvtSvc.exe
2009-05-20 09:10 32,768 a------- c:\windows\system32\service-466.exe
2009-05-18 07:33 37,376 a------- c:\windows\system32\glsetup.exe
2009-05-14 11:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-14 11:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-07 09:24 202 a------- C:\43214354.bat
2009-05-05 19:34 85,504 a------- c:\windows\system32\click_setup.exe
2009-05-02 08:02 22,538 a------- c:\windows\system32\lmppcsetup.exe
2009-04-30 12:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-30 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-27 16:58 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-04-27 16:58 29,696 a------- c:\windows\system32\loader49.exe
2009-04-27 08:42 24,064 a------- c:\windows\system32\loader266.exe
2009-04-23 22:14 84,045 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-23 16:52 39,936 a------- c:\windows\system32\winglsetup.exe
2009-04-20 16:56 15,000 a------- c:\windows\system32\sf87wuijndoio43j.dll

==================== Find3M ====================

2009-05-17 12:31 23,040 a------- c:\windows\system32\ak1.exe
2009-04-27 16:58 104,960 a------- c:\windows\system32\userinit.exe
2008-11-13 20:20 16,384 a--sh--- c:\windows\system32\config\systemprofile\history\history.ie5\index.dat
2008-11-13 20:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\temporary internet files\content.ie5\index.dat
2005-07-29 17:24 472 a--shr-- c:\windows\tmlj\nA53.vbs

============= FINISH: 16:49:13.59 ===============

Attached Files


Edited by JackRambler24, 20 May 2009 - 05:34 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 AM

Posted 28 May 2009 - 02:16 PM

Hello JackRambler24,


Uninstall the old versions of Java, as they are malware magnets.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6


Also uninstall AVG Anti-Virus Free as that is outdated.


Please update and run Malwarebytes, then post its log.


I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure.

This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.

Now please create a new Hijackthis Log (not a DDS log) and post it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 JackRambler24

JackRambler24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 30 May 2009 - 11:41 AM

Thank you for responding. Unfortunately like a complete dumbass I deleted a vital file and now my computer won't even log on so I can't use any of your advice just yet. Im currently getting some help in one of the other threads to get my computer back up and running but maybe this topic will have to be deleted in the meantime. But again thanks for trying to help me out.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:13 AM

Posted 30 May 2009 - 01:07 PM

Since you are recieving help for another forum I will close this thread.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users