Question about suspected file...

**Chaos31** · 2008-12-30, 20:12

Hey guys,

So I was a victim of Virtumonde and finally got it cleaned off, ran ton of scans afterwords including with Spybot S&D and came up with no threats. Everything is running fine again too.

Now I went into my task manager and rundll32.exe is currently running....when I had Virtumonde this was associated with it.

Should I be alarmed and do something, if so what? Or should I not worry about it?

Ever since I ran a ton of scans and they found nothing I haven't done any system restores or anything either, but everything is currently running 100% fine compared to when I had Virtumonde.

Thanks,

David

**tashi** · 2008-12-30, 21:00

Hi there,

You did not mention your operating system or the path to rundll32.exe.

However this link should help explain.

http://www.howtogeek.com/howto/windo...is-it-running/

Cheers.

**Chaos31** · 2008-12-30, 21:32

Oops sorry I forgot that.

OS: Windows XP Home Edition SP3

As for path I don't know it offhand I'll figure it out and read your link.

**Chaos31** · 2008-12-30, 22:35

Sorry to double post, here's what I grabbed off it.

Path: C:\WINDOWS\system32\rundll32.exe

Command Line: C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\awtTkigD.dll",ShellPath

Current Directory: C:\WINDOWS\SYSTEM32\

Parent: svchost.exe(1516)
===============

**Chaos31** · 2009-01-01, 21:35

anybody?

**tashi** · 2009-01-01, 23:45

Hi there,

Originally Posted by Chaos31

C:\WINDOWS\system32\awtTkigD.dll",ShellPath

Did you copy that exactly?

Apprantly awt.dll is a Java(TM) 2 Platform Standard Edition binary, but "awtTkigD.dll" and "awtTkigD.dll",ShellPath is unconventional.

**Chaos31** · 2009-01-02, 03:21

Yes I copied as it appeared.

**tashi** · 2009-01-02, 17:15

Hello Chaos31,

That entry could be a vundo file, either leftover or live. I will send you to the malware removal forum so they can see a log.

But first, which tools did you use aside from Spybot-S&D when you tried to clean the infection, and do you have old versions of Sun Java on that computer?

Sun Microsystems~Java. Security vunerability in older versions left on system

Best regards.

**Chaos31** · 2009-01-02, 18:01

Nope I made sure to update my Java.

I used:
-ATF Cleaner
-Malwarebytes' Anti-Malware
-VundoFix
-SysRestorePoint (Just to make backup encase)
-erunt (Just to make system restore point encase)

**tashi** · 2009-01-02, 18:27

Hi

As it could prove difficult to know what is going on without seeing the entire picture, please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Then start your own thread in the Malware Removal Forum where a helper will advise you as soon as available.

Cheers.

Thread: Question about suspected file...

Thread Tools

Display

Question about suspected file...

Posting Permissions