Home > Please Help > Please Help Me With Virtumondo

Please Help Me With Virtumondo

Post that log in your next reply. Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. i've been infected with virtumonde virus and i can't get rid of it... Shortened version:ComboFix 08-01-23.1C - Manca 2008-01-26 13:42:23.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.227 [GMT 1:00]Running from: C:\Documents and Settings\Manca\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Documents and Settings\All Users\Application Data\Starware349C:\Documents and Settings\All

We will remove them in the next round.1. Checking for Winlogon reference.[05/17/2008, 20:43:22] - Checking for HKLM\...\Winlogon\Notify\fccdeBSI[05/17/2008, 20:43:22] - Key not found: HKLM\...\Winlogon\Notify\fccdeBSI, continuing.[05/17/2008, 20:43:22] - Finished Searching Browser Helper Objects[05/17/2008, 20:43:22] - *** Detected MSEvents Object[05/17/2008, 20:43:22] - Fixed: VC 14 Redistributable installation issue. My computer seems to be running slower than usual and sometimes the screen just freeze and i have to reboot... Continued

On the right, under "Complete Scan", choose Perform Complete Scan. Back to top Page 1 of 3 1 2 3 Next Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 If you are asked to reboot the machine choose Yes. Click the Scanning Control tab.

  1. You must have to REGISTER before you can post: Click the register link above to proceed.
  2. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  3. Tech Reviews Tech News Tech How To Best Tech Reviews Tech Buying Advice Laptop Reviews PC Reviews Printer Reviews Smartphone Reviews Tablet Reviews Wearables Reviews Storage Reviews Antivirus Reviews Latest Deals
  4. I've used Spybot and other spywares, it says it deleted virtumonde but when i redo the scan, it's still there ...
  5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  6. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.If teatimer gives you a warning afterwards that some
  7. All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Please help me clean Trojan.Vundo.H(VirtuMonde) Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision
  8. If I've saved you time & money, please make a donation so I can keep helping people just like you!

Can someone please help me... Click "OK". C:\WINDOWS\system32\xtttckco.tmp moved successfully. Register now to gain access to all of our features, it's FREE and only takes one minute.

Make sure everything has a checkmark next to it and click "Next". When finished, it will produce a log for you. New - Anti-Phishing Protection for Chrome. The time now is 04:41 PM. 2003-2016 Check Point Software Technologies Ltd.

Run ComboFix using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK. "%userprofile%\desktop\combofix.exe" /killall When finished, Note: the above code was created specifically for this user. Click the red Moveit! I'm scanning with panda activescan now...

Register now! https://forums.malwarebytes.com/topic/9023-please-help-me-clean-trojanvundohvirtumonde/?do=email You can donate using a credit card and PayPal. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows janco, Sep 28, 2007 #7 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,013 cybertech, Sep 29, 2007 #8 janco Thread Starter Joined: Sep 26, 2007 Messages: 30 Here are the

I will be here. Did disable your Nod32 Antivirus and Spybot Teatimer (as well as any other registry protector) before running ComboFix? LoadLibrary failed for C:\WINDOWS\system32\ockctttx.dll C:\WINDOWS\system32\ockctttx.dll NOT unregistered. Windows 10, Windows 8.1, Windows 7 SP1, and Vista SP2 English, French, Italian, German and Spanish.

You can donate using a credit card and PayPal. You should be set to go. 0 #7 Senatora Posted 22 May 2008 - 02:16 PM Senatora New Member Topic Starter Member 4 posts Thank you very much! < C:\Program Files\%temp& All Rights Reserved. File/Folder C:\WINDOWS\system32\rcljvukn.exe not found.

scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]"ImagePath"="\"D:\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"D:\MySQL\MySQL Server 5.0\my.ini\" MySQL".Completion time: 2008-05-21 15:51:17ComboFix-quarantined-files.txt 2008-05-21 12:51:00ComboFix2.txt 2008-05-20 12:37:34Pre-Run: 1,608,683,520 bytes freePost-Run: 1,607,979,008 bytes free241 Edited by Senatora, 21 May 2008 - ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection to 0.0.0.9 failed. Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

If I've saved you time & money, please make a donation so I can keep helping people just like you!

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Did you put ComboFix on your desktop? Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Companion 2007-09-07 04:56 75,328 --a------ C:\WINDOWS\system32\ysdgsrtc.exe.ren 2007-09-07 04:54 670,135 --a------ C:\WINDOWS\system32\ilkkj.bak2.ren 2007-09-06 23:19

d-------- C:\Program Files\AnMing 2007-09-06 16:52 6,486 --a------ C:\WINDOWS\system32\ilkkj.bak1.ren 2007-09-06 16:51 682,939 --ahs---- C:\WINDOWS\system32\ilkkj.ini.ren 2007-09-03 21:03 43,542 --a------

Please help me to remove this asap. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. The system returned: (22) Invalid argument The remote host or network may be down. button.* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log).

scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]"ImagePath"="\"D:\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"D:\MySQL\MySQL Server 5.0\my.ini\" MySQL".------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\savedump.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeD:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 2008-05-20 15:37:32 - machine was rebootedComboFix-quarantined-files.txt 2008-05-20 Go to the Tools menu and select 'Folder Options'. Did you install Recovery Console as per the instuctons? BLEEPINGCOMPUTER NEEDS YOUR HELP!

C:\WINDOWS\system32 No streams found. Note: the above code was created specifically for this user. Several functions may not work. Your log is clean.To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.Are there any problems now?

I'll try and remedy it by reloading the drivers after we are done with the viruses. http://www.bleepingcomputer.com/combofix/how-to-use-combofix It is very important you install Recovry Console.Post the ComboFix log. Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a4cd951-0e0f-11dc-afd7-001731c34e4a}] AutoRun\command- I:\LaunchU3.exe *Newly AdWare.win32.virtumonde.jp Operating System:Windows XP Home Edition Product Name:ZoneAlarm Antivirus May 20th, 2007 #2 fax View Profile View Forum Posts Private Message Guru Join Date Nov 2004 Location localhost Posts 18,029 Re:

Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 SifuMike SifuMike malware expert Staff Emeritus 15,385 posts OFFLINE Gender:Male Location:Vancouver (not BC) WA (Not Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. If we have ever helped you in the past, please consider helping us. Thread Status: Not open for further replies.

Back to top #5 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 24 January 2008 - 04:39 AM Thats OK. A text file will open in your default text editor.