Home > Help I > Help I Believe I'm Infected With Virtumonde

Help I Believe I'm Infected With Virtumonde

I think I am making progress and then when I once again connect to the internet, everything gets worse. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-12-15 2944]S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-12-15 60416]S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-12-15 11008]S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-12-15 10368]S3 mferkdk;McAfee Inc. c:\docume~1\lperki~1\locals~1\temp\tempor~1\content.sh! I'mmm doooooooooooooooooooooooommmmmmmed to existence. Source

Like... Malwarebytes' Anti-Malware www.malwarebytes.org Database version: 6851 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2011-06-13 23:47:16 mbam-log-2011-06-13 (23-47-16).txt Scan type: Quick scan Objects scanned: 223511 Time elapsed: 14 minute(s), 0 Reboot afterwards (important).After reboot, post the malwarebytes log together with a new HijackThislog.In case you're having problems with above instructions, let me know. But the thing is, I haven't done much lately, or made any changes..

AnnMarie View Public Profile Find all posts by AnnMarie #3 October 1st, 2008, 07:22 AM kpoman Senior Member Join Date: Feb 2004 O/S: Windows 7 32-bit Location: California Ben says: May 21, 2010 at 4:19 am Hi, was all pretty self explanatory until I got to the bit below; could anyone explain to me the bottom bit in a Logs for the Eset scan and Combofix in next reply please. I think I am making progress and then when I once again connect to the internet, everything gets worse.

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Virtumondo VirtuMonde.c is rumored to have been first reported in May of 2004 to Panda Antivirus which surprised me. hoppy54, Jun 2, 2008 #7 cdavfrew Regular member Joined: May 19, 2008 Messages: 1,183 Likes Received: 0 Trophy Points: 46 Hi edmund 085.

NOTE: When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up Required fields are marked *Comment Name * Email * Free Online Tools! Click on Apply> OK when finished.

Jun 15, 2011 #4 nnf TS Rookie Topic Starter Thanks for the info how do I stop them from starting on boot? I am baffled. Block IP Address Search Process / DLL Information Search TCP / UDP Ports Acronym Finder More for You! What the Tech is powered by WordPress - © Geeks to Go, Inc. - All Rights Reserved - Privacy Policy

Send to Email Address Your Name Your Email Address Cancel

Observe these: [o] Don't use any other cleaning programs or scans while I'm helping you. [o] Don't use a Registry cleaner or make any changes in the Registry. [o] Don't download Attached is the avz_sysinfo.zip and some other notes... If all that doesn't work, try downloading A-squared Free, and then scanning with it in safe mode. I tried the suggestions here but it did not work.

Then download the current version and do the scan: Uninstall directions, if needed Click START> then RUN Now type Combofix /Uninstall in the runbox and click OK. this contact form Messenger "{B6F69B12-F512-4C8F-AE21-602658EDDB99}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=4 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- kpoman Usually located in c:\combofix.txt , please attach it to your next post.

A case like this could easily cost hundreds of thousands of dollars. c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\SearchIndexer.exe c:\program I have an old computer running Windows XP, but it felt ridiculously slow lately... have a peek here Recherche de fichiers cachés ... .

But he said he just used an updated and premium Avira Antivir. Aragoni PitePosts: 314Member Uncommon March 2008 in Off-Topic Discussion A couple of days ago (2 days to be exact) my sister came and told me that our laptop have been infected This should remove your problem!?

Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

I identified these using S&D. If you want to get involved, click one of these buttons! Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. Only NOD32 Antivirus is working.

Please re-enable javascript to access full functionality. not Qoo... Read my instructions carefully. Check This Out CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

IP OrgName: TELENET Informatique Inc. Thanks for sharing! Since I could not download and update programs including windows update, I also downloaded windows XP sp3 on a flash drive and reinstalled it without being connected to the internet after If your problem persist, you can send a PM to reopen it. ===================================== Jun 14, 2011 #2 nnf TS Rookie Topic Starter Here we go, sorry for the delay -

ComboFix 11-06-15.02 - LLH 2011-06-15 22:58:08.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2039.993 [GMT -4:00] Lancé depuis: c:\documents and settings\LLH\My Documents\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . (((((((((((((((((((((((((((((((((((( I did it while not connected to the internet. That may cause it to stall. Feel free to leave a comment below :) Cancel reply Your email address will not be published.

ESETOnlineScan For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) [o] Click on Posted Image to download the ESET Smart Installer. I do not believe that it is gone because a background screen attached itself to my computer stating in big letter You have a virus. Thanks in advance for your help!