Staff Online Now etaf Moderator valis Moderator Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search Back to top #7 norpacmiami norpacmiami Topic Starter Members 15 posts OFFLINE Local time:03:21 PM Posted 17 September 2008 - 09:46 AM Almost forgot, this time I had a "spybot" See here. A case like this could easily cost hundreds of thousands of dollars.
my backup is contamated also.Logfile of HijackThis v1.99.1Scan saved at 10:28:32 AM, on 10/18/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 1:24:40 PM, on 11/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program If you've followed the 5 Steps, make sure you produce logs from Deckards System Scanner and start a new thread in the HJT Forum.
Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. This tool is not a toy and not for everyday use. Its driving me mad. What do I do? 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com → Security → Am I infected?
Click "Save" * Click here to download ATF Cleaner by Atribune and save it to your desktop. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*Press Enter to continue with the fix.The fix will run then HijackThis will open, if it does The scan will begin and "Scan in progress" will show at the top. http://www.bleepingcomputer.com/forums/t/149885/vitumonde/ Select the Tools menu and click Folder Options.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8b39ab54 (Trojan.Agent) -> Quarantined and deleted successfully. Click here to Register a free account now! The origin of myths is explained in this way." - Bertrand Russell Back to top #3 quietman7 quietman7 Bleepin' Janitor Global Moderator 47,194 posts ONLINE Gender:Male Location:Virginia, USA Local time:03:21 C:\WINDOWS\system32\kquuxnah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully. http://www.geekstogo.com/forum/topic/72004-vitumonde-malware-resolved/ Andy KASPERSKY ONLINE SCANNER 7 REPORT Thursday, September 18, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 126.96.36.199 Program database last update: Perform the following steps in safe mode: have hijack this fix these entries. I need you to download and run Sdfix.
Older versions have vulnerabilities that malware can use to infect your system. Please DELETE your current HJT program from its present location.2. Please use "Reply to this topic" -button while replying. Failure to reboot will prevent MBAM from removing all the malware. ..Microsoft MVP Consumer Security 2007-2015 Microsoft MVP Reconnect 2016Windows Insider MVP 2017Member of UNITE, Unified Network of Instructors and Trusted
Run HijackThis Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy') POST the log Next you will see: Please Type in the filepath as instructed by the forum staff and then press enter: At this point please type the following file path (make sure to Will let you know the outcome after followig your instructions. Thank you both, Andy Back to top #14 norpacmiami norpacmiami Topic Starter Members 15 posts OFFLINE Local time:03:21 PM Posted 18 September 2008 - 08:33 PM Rigel, Just ran Kaspersky
Vitumonde Started by norpacmiami , Sep 16 2008 12:15 PM Page 1 of 2 1 2 Next Please log in to reply 26 replies to this topic #1 norpacmiami norpacmiami Members Click "Yes" at the Delete on Reboot prompt. Stay logged in Sign up now!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
Click scan and save a logfile, then post it here so we can take a look at it for you. C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\vqlfeoxu.dll (Trojan.Vundo) -> Delete on reboot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.To protect yourself further: Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely
Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ssqPiife.dll (Trojan.Vundo) -> Delete on reboot. If anyone can help it will be greatly appreciated. If MBAM installs but does not run then you will have to manually place a randomly named file into the MBAM folder(C:\program files\Malwarebytes' Anti-Malware\) http://mbam.malwarebytes.org/program/random.php Remember to turn system restore before Click here: http://www.thespykiller.co.uk/files/hijackthis_sfx.exe to download HijackThis.
If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Join our site today to ask your question.
Back to top #3 packrat1138 packrat1138 Newbie Members 4 posts Posted 15 December 2008 - 05:01 PM HiPlease post the HijackThis log.I have done scans every day since my last post. Provided removal instructions are meant to be used in the correspondent user's case only. To learn more and to read the lawsuit, click here. I can't Thank you enough Trevuren for your great help. 0 Advertisements #11 Trevuren Posted 19 October 2005 - 11:05 AM Trevuren Old Dog Retired Staff 18,699 posts Congratulations, your log
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. button to start the program.It may ask you to reboot at the end, click NO.Then, please run this online virus scan: ActiveScanCopy the results of the ActiveScan and paste them here C:\WINDOWS\SYSTEM32\lsnxdofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.