virtumonde and virtumonde generic

**Blade81** · 2008-12-14, 10:25

Looks like TeaTimer may be somehow involved though I don't see it running.

Download ResetTeaTimer.bat to the Desktop (right click the link and select save)
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

Start hjt, do a system scan, check:
O2 - BHO: (no name) - {04F354E8-5E30-47FF-A3AC-6BD318F20A06} - (no file)
O2 - BHO: (no name) - {176a79e0-5219-4a71-aa0a-fc288fb05139} - (no file)
O2 - BHO: (no name) - {540EFDEA-D5B9-4FAD-BABD-42CD5340D070} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
O20 - Winlogon Notify: ddcDvtRi - C:\WINDOWS\

Close browsers and fix checked.

Reboot & post a fresh hjt log.

**Blade81** · 2008-12-20, 14:16

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: virtumonde and virtumonde generic

Thread Tools

Display

Posting Permissions