4 virtumonde and 2 win32 (+possible zlob downloader) viruses help please [Archive]

View Full Version : 4 virtumonde and 2 win32 (+possible zlob downloader) viruses help please

lambda_121

2007-12-28, 14:18

please help i have several unremovalable viruses
they are constantyl slowing me down

heres the spyware report showing what i have

--- Search result list ---
Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}

Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-746137067-1972579041-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Win32.BHO.df: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs=...D:\WINDOWS\system32\__c00?????.dat...

Win32.Inject.bw: Executable (File, nothing done)
D:\WINDOWS\system32\windows

Virtumonde.Dll: Library (File, nothing done)
D:\WINDOWS\system32\vtuts.dll

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

its not the full report.

i also have Adaware 2007 which tells me i have a downloader.zlob

my thanks for help

Shaba

2007-12-29, 08:47

Hi lambda_121 and welcome to Safer Networking Forums :)

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Shaba

2008-01-05, 11:14

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.