Home > Hijackthis Log > Hijackthis Log- I Think Its Virtumonde (unsure)

Hijackthis Log- I Think Its Virtumonde (unsure)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinXPService (Trojan.Agent) -> Quarantined and deleted successfully. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - FILE :: c:\windows\system32\3iQATurN.exe c:\windows\system32\FAsx4gt3.exe c:\windows\system32\winmds.exe c:\winnt\system32\mscdt.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . I've updated MBAM and ran a quick scan with the HJT log.Malwarebytes' Anti-Malware 1.19Database version: 905Windows 5.1.2600 Service Pack 28:18:21 PM 6/29/2008mbam-log-6-29-2008 (20-18-21).txtScan type: Quick ScanObjects scanned: 45467Time elapsed: 6 minute(s), http://exomatik.net/hijackthis-log/hijackthis-log-for-laptop-unsure-of-virus-malware-name.php

Click the View tab. Thanks for the help anyway. I denied the change but thinking about it I should probably have allowed it as it might have been Malwarebytes' deleting the jelivehi.dll entry. Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log.

ID: 6   Posted June 28, 2008 Log looks good except you need to update Windows to SP3 and your Adobe reader is a known unsafe version. This tool is not a toy and not for everyday use. Many of these infections can be avoided with an added layer of prevention. Opened outlook and AVG detected jelivehi.dll Vundo.BP threat - AVG moved file to vault. 5.

It can take a while sometimes. Le fichier ne sera pas déplacé.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\...\Policies\Explorer: [NoThumbnailCache] 1 Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-18] (AVAST Software) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-02-03] (Intel Corporation) S4 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [Fichier Proud graduate of TC/WTT Classroom Back to top #5 oakland600 oakland600 New Member Authentic Member 7 posts Posted 05 December 2008 - 03:22 PM Hi there, Wasn't able to install

Logfile of HijackThis v1.99.1 Scan saved at 10:57:02 PM, on 1/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. CF disconnects your machine from the internet. Please DO NOT run any scans other than those requested ===================================================Note: Please run these in the order given in the instructions. ===================================================Download and run AdwCleaner Download AdwCleaner from here and save

The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly. 2. Logs will be closed if you haven't replied within 3 days If you would like to for the help you received. Please follow the previous instructions and run them in 'normal' mode, not safe mode. Even for an advanced computer user.

C:\WINDOWS\system32\anurovar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. Attached Files: info.txt File size: 21.7 KB Views: 3 log.txt File size: 48.6 KB Views: 3 sebbyb07, Dec 29, 2008 #5 jmw3 Malware Specialist Joined: Jul 23, 2007 Messages: 1,460 Hello Agree. as it's free, and it will do a scan BEFORE your computer boots up.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:48, on 03/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe http://exomatik.net/hijackthis-log/hijackthis-log-virtumonde-please-help.php Did we mention that it's free. Now, select: Sweep It will take a while to scan the computer. When the prompt with Additional Options appears, uncheck: Install background guard Install scan via context menu Now, double click the e on the Desktop, or, go to Start>All Programs>EWIDO When the

Honorary Members 3,860 posts Interests: would love to see some honesty around this site. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Powered FF DefaultSearchUrl: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> Yahoo! http://exomatik.net/hijackthis-log/hijackthis-log-please-help-with-virtumonde.php If you are happy with the help provided, if you wish you can make a donation to buy me a beer.

How are you running? icon to run the program Click: Options (right side) In the Quick SetUp area, move the arrow to: Custom CleanUp! run the tool by double-clicking it.

Also please describe how your computer behaves at the moment.

ID: 14   Posted July 2, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. No, create an account now. After a short time it fails to bring up the page and shows the error message. You will see two options, Choose Create a System Restore Point.

Give it a name like Clean Restore Point and today's date. Join the ClassRoom and learn how. Short URL to this thread: https://techguy.org/784547 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? have a peek at these guys I use and recommend Online Armor Free Share this post Link to post Share on other sites kevinsignia    New Member Topic Starter Members 7 posts ID: 13   Posted July

Always update before you scan.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It will be removed on reboot. 10:42 PM: Quarantining All Traces: websearch toolbar 10:42 PM: Quarantining All Traces: wildmedia 10:42 PM: Quarantining All Traces: apropos 10:42 PM: Quarantining All Traces: sidesearch Pop-ups seem to be getting worse, they appear for most links that I click on now, not just google searchs. If so post its contents.

Javascript You have disabled Javascript in your browser. c:\windows\msettings.ini c:\windows\system32\Ati2evxx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SERV-U -------\Service_Serv-U ((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 ))))))))))))))))))))))))))))))) . 2008-12-04 21:56 . 2008-12-04 21:56

d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-04 21:56 . Hope this helps! Powered FF DefaultSearchUrl: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ai2e8xqs.default-1473587225518 -> Yahoo!

Then run a new scan for me please. C:\WINDOWS\system32\vepatuno.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Here's how it works. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma7806fcb (Trojan.Vundo.H) -> Quarantined and deleted successfully.

After browsing through this site I've solved a lot of my problems (and tried to protect myself from future ones), although this one seems to be persisting, hence my first post. C:\WINDOWS\system32\dapipobi.dll (Trojan.Vundo.H) -> Delete on reboot. Le fichier ne sera pas déplacé.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\...\Policies\Explorer: [NoThumbnailCache] 1 HKU\S-1-5-21-1413675022-3679237491-1003182551-1000\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-18] If you are happy with the help provided, if you wish you can make a donation to buy me a beer.

The ComboFix box hasn't changed for about 20 minutes now. c:\windows\Tasks\At*.job Copy/paste the text in the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. run AdwCleaner by clicking on Scan when it has finished, leave everything that was found checked, (ticked), then click on Clean if it asks to reboot, allow the reboot on reboot

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. I guess I wasn't too clear in my previous message. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Please create a folder on the Desktop (Right click, select New>Folder) Name it: EWIDO Download Ewido Anti-Malware: http://www.ewido.net/en/download/ Press: Download Now In the folder where EWIDO is located, double click the