Home > Hjt Log > Hjt Log Spybot Says Virtumonde

Hjt Log Spybot Says Virtumonde

I have Zone Alarm, Spybot, Avast and Adaware and ZoneAlarm and Avast run all the time. Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! This goes beyond my knowledge of malware removal. Spybot S&DResults: The only programs that actually detected the Virtumonde.sci infection. http://exomatik.net/hjt-log/hjt-log-spybot-spyhunter-results-thank-you.php

Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:07:11 PM Posted 31 January 2009 - 02:33 AM Goodness! At some point tomorrow, do you think you can help me with it when you get a chance please? est ce coherent? When finished, it shall produce a log for you.

Any other suggestions? Possible Virtumonde ? Breathe easy.

Thank you! Cheers, Mak __________________ __________________ I do not accept support questions via EMail, PM, IM or my G+ page! Thanks mfletch 15:45 10 Sep 07 Hi I don't think it is anything to do with the vundo {BUT I AM NO EXPERT}Try using this if it does not work The item itself has "CNavExtBho Class" under the data column.

Since these were obviously caught by Norton then you must have the virus definitions for this virus which is good and that is why it is now in quarantine. After running FixPolicies, logoff and restart system, and try logging in to normal mode. Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:07:11 PM Posted 31 January 2009 - 04:27 AM Do you know what this is? sorry but i aint got a clue realy!!Apparently virtumonde hides itself & causes browser hijack & popups, this i'm getting!!It said that the only way of getting rid, was with windows

I just pasted my log into the website you gave me. Back to top #8 teacup61 teacup61 Bleepin' Texan! Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Replaces the pre-installed ATA drivers with Windows with optimized drivers.HardwareNoNo[c:\windows\system32\wltray.exe] wltray.exeDell wireless lan card driver file.HardwareNoNo[c:\program files\google\google desktop search\googledesktop.exe] googledesktop.exeGoogle Desktop file.ApplicationNetworkSafeNo[c:\program files\dell\mediadirect\pcmservice.exe] pcmservice.exeDell Multimedia Experience applicatino file.ApplicationSafeNo[c:\program files\dell datasafe online\datasafeonline.exe]

Extra-Note: Please, DO NOT use ComboFix on your own. Back to top #5 zomgfruitbunnies zomgfruitbunnies Topic Starter Members 11 posts OFFLINE Local time:04:11 PM Posted 31 January 2009 - 02:58 AM I've finished with the procedures and I am That however would still technically require a 'download' from the forums Logged Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/avast! That is what we are doing here.polonus « Last Edit: August 25, 2008, 06:24:27 PM by polonus » Logged Cybersecurity is more of an attitude than anything else.

That may cause it to stall.Thanks,tea Please make a donation so I can keep helping people just like you.Every little bit helps! More about the author Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Spybot waited for a reply for C:Program Files/Spybot_Destroy\Includes\Trojans.spi and said to see inlude errors.log but after that didn't find any malware. REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @={E4000AC4-5E5F-4956-807A-C5854405D64F}

If I leave it as is combofix will not run it just hangs. Can you tell me what S&D is picking up now, if anything? Error reading poptart in Drive A: Delete kids y/n? check my blog Phone: LG Optimus G Pro Running: Stock JB from LG with Nova Launcher 06-28-2008, 11:33 PM #3 (permalink) mossy1881 Banned Join Date: Jun 2008 Posts: 137 Re: virtumonde

So I guess there's still something left to deleted, eh? help link: http://www.safer-networking.org/SpywareBlaster 4.0 4.0.0 (SpywareBlaster_is1) install date: 20080510install location: C:\Program Files\SpywareBlaster\ uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe" publisher: Javacool Software LLCSquad Leader Patch (Squad Leader Patch) uninstall cmd: C:\Windows\IsUninst.exe -f"C:\Program Files\Microprose\Squad Leader\Uninst.isu"Sid I also tried to look at other spyware or antivirus internet addresses and it won't let me.I just ran the programs in SAFE mode and now Adaware only showed 11 cookies.

And if it's not too much trouble, could you tell me how you arrived at the conclusion that it was Spybot detecting quarantined items from Norton?

Send the sample to [email protected] zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.Run HJT again (close Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:07:11 PM Posted 31 January 2009 - 03:07 AM Perfect, thanks! To learn more and to read the lawsuit, click here. Unable to correct infection as expected.2.

Checking for Winlogon reference.[09/10/2007, 15:16:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper[09/10/2007, 15:16:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.[09/10/2007, 15:16:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)[09/10/2007, 15:16:44] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)[09/10/2007, 15:16:44] - All times are GMT -5. I either get "not a valid Win32 application" or a can not display page. news mfletch 14:33 10 Sep 07 Hi did you use Vundofix and then Virtumundobegone if the Vundofix did not work,As VoG said earlier?click heremfletch gazmix 14:57 10 Sep 07 I ran

Since it didn't fix the problem I ran it again under safe mode as well as Spybot, SuperAntiSpyware, tdsskiller, Rkill, VunDofix.exe, VirtumundoBeGone.exe, and even Windows Defender. Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:07:11 PM Posted 31 January 2009 - 05:01 AM Heh, only do that if you have System Restore turned Tech Support Guy is completely free -- paid for by advertisers and donations. It looks as if you didDo not run HJT in safe mode unless that's the only way it will run Logged SuZam Newbie Posts: 5 Re: Malware, Virtumonde? « Reply #6

Also this means that I could probably email the avast virus chest to myself and then check it with that website so I will do that now.Thanks,Su Logged DavidR Avast Überevangelist tea Please make a donation so I can keep helping people just like you.Every little bit helps! Window's search could not locate it, either. Upon deletion, a "thumbs" file popped out on my desktop.

Book your tickets now and visit Synology. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. I am given a choice to enter recovery console every time on startup now, so I guess Desktop.dat is sorta important I'll do the Norton reinstallation tomorrow morning since it's getting Balayage cach‚ autostart entries ...

Error reading poptart in Drive A: Delete kids y/n? If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} (PCInfo.CMClass) - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

Print Pages: [1] 2 Go Up « previous next » Avast WEBforum » viruses and worms » viruses and worms (Moderators: Pavel, Maxx_original, misak) » Malware, Virtumonde? Registre à l'air d'etre dans un sale état mais une chose à la fois. You can even use your credit card! What computer to buy that has open gl...

Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HOME-7BABDDAA15 Version information: BUILD.DAT :