Please help with Virtumonde

**Mr_JAk3** · 2007-11-20, 17:54

Ok now we'll deal with the leftovers...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: {b91e9af4-2bd5-5aa8-e7f4-bab86a71e505} - {505e17a6-8bab-4f7e-8aa5-5db24fa9e19b} - C:\WINDOWS\system32\tusergll.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: (no name) - {5D129234-FAA8-488B-8913-C5FB5F6D2981} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {6729DF12-54EF-4A76-9A6D-20A69C773F08} - (no file)
O2 - BHO: (no name) - {79E330E5-19FF-49B3-9C22-3DAAF6047919} - (no file)
O2 - BHO: (no name) - {967A3C69-BD2A-4905-A7D9-8171481211DE} - (no file)
O2 - BHO: (no name) - {9E143641-110E-446E-854C-71F20E1BDB1C} - C:\WINDOWS\system32\mlljh.dll (file missing)

Run ATF Cleaner

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Restart your computer to the safe mode:

Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Run a scan with Dr.Web CureIt

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

Thread: Please help with Virtumonde

Thread Tools

Display

Threaded View

Posting Permissions