Fix Please Help Me With Virtumondo (Solved)

Home > Please Help > Please Help Me With Virtumondo

Please Help Me With Virtumondo

cybertech, Sep 28, 2007 #6 janco Thread Starter Joined: Sep 26, 2007 Messages: 30 You're getting me scared here... scanning hidden files ... After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. You should be set to go. 0 #7 Senatora Posted 22 May 2008 - 02:16 PM Senatora New Member Topic Starter Member 4 posts Thank you very much! < C:\Program Files\%temp&

Please double-click OTMoveIt.exe to run it. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! Should I break the operation?/jux Back to top #6 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 24 January 2008 - 07:06 AM Thats OK. C:\WINDOWS\system32\xtttckco.tmp moved successfully.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix It is very important you install Recovry Console.Post the ComboFix log. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following I will be here. Please try the request again.

Please visit this webpage for instructions for downloading and running ComboFix and installing Recovery Console. You can donate using a credit card and PayPal. If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo!

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Click Close to exit the program. andywg 10:37 16 Nov 07 OK will give this one a shot, Many thanks for your help here MAJAndy... Click "Next" to start the scan.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. Slide.exe was a picture slideshow screen saver. Remove formatting × Your link has been automatically embedded.

  • Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.* Click the red Moveit!
  • or read our Welcome Guide to learn how to use this site.
  • Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 -

Continuing.[05/17/2008, 20:43:22] - BHO 6: {F5F76B80-9542-4591-B4D2-7E09A6029E90} ()[05/17/2008, 20:43:22] - WARNING: BHO has no default name. https://forums.malwarebytes.com/topic/9023-please-help-me-clean-trojanvundohvirtumonde/?do=email If you are not this user, do NOT follow these directions as they could damage the workings of your system. If you are not this user, do NOT follow these directions as they could damage the workings of your system. If you are asked to reboot the machine choose Yes.Good job.

Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. When finished, it shall produce a log for you. To learn more and to read the lawsuit, click here. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05222008_231833 0 #8 greyknight17 Posted 23 May 2008 - 05:23 PM greyknight17 Malware Expert Visiting Consultant 16,560 posts Just to confirm, is

File/Folder C:\WINDOWS\system32\ysdgsrtc.exe not found. Open notepad - don't use any other text editor than notepad or the script will fail. Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a4cd951-0e0f-11dc-afd7-001731c34e4a}] AutoRun\command- I:\LaunchU3.exe *Newly Register now to gain access to all of our features, it's FREE and only takes one minute.

Back to top #5 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 24 January 2008 - 04:39 AM Thats OK. Book your tickets now and visit Synology. Back to top Page 1 of 3 1 2 3 Next Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0

ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection to 0.0.0.9 failed.

scanning hidden autostart entries ...scanning hidden files ... You can donate using a credit card and PayPal. When finished, it shall produce a log for you. Here are the report.txt and the new hijackthis log.

You have some suspicious files we need to check. Click here to join today! it took another 2 hrs to complete, but it did complete . Starting over...[05/17/2008, 20:43:22] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)[05/17/2008, 20:43:22] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[05/17/2008, 20:43:22] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/17/2008, 20:43:22] - BHO 4: {B3102264-D09D-4322-B625-503FBF18DD7E} (MSEvents Object)[05/17/2008,

The link above or this one click here should, hopefully, help. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump If I've saved you time & money, please make a donation so I can keep helping people just like you! Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

scan completed successfully hidden files: 0 ************************************************************************** . This will start ComboFix again. Checking for Winlogon reference.[05/17/2008, 20:43:22] - No filename found. Shortened version:ComboFix 08-01-23.1C - Manca 2008-01-26 13:42:23.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.227 [GMT 1:00]Running from: C:\Documents and Settings\Manca\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Documents and Settings\All Users\Application Data\Starware349C:\Documents and Settings\All

All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Please help me clean Trojan.Vundo.H(VirtuMonde) Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 SifuMike SifuMike malware expert Staff Emeritus 15,385 posts OFFLINE Gender:Male Location:Vancouver (not BC) WA (Not scanning hidden autostart entries ... If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Continuing.[05/17/2008, 20:48:52] - BHO 5: {F5F76B80-9542-4591-B4D2-7E09A6029E90} ()[05/17/2008, 20:48:52] - WARNING: BHO has no default name. We will remove them in the next round.1. Virtumonde infection, please help me... It should not be taking that long to complete.

Here is the hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:37:35 PM, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Boot mode: Forum New Posts FAQ Calendar Forum Actions Mark Forums Read Quick Links Today's Posts Advanced Search Forum ZoneAlarm Forums Malware Discussion AdWare.win32.virtumonde.jp If this is your first visit, be sure to C:\check_LSA7.txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\NPF ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 ))))))))))))))))))))))))))))))) . 2007-09-28 23:46 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-27 20:39

d-------- C:\WINDOWS\ERUNT 2007-09-27 20:36 Spybot S&D said that it's virtumonde, but can't fix it.

Please be patient while it scans your computer.