refael
2008-02-02, 05:49
Hi and thank you for your support!
I downloaded spybot – search & destroy due to the fact IE7 kept popup a window with an adult photos every 2-3 minutes and surfing the net went slowly.
I run a scan and spybot found the Virtumonde and Virtumonde.Dll.
I disconnected from the internet and clicked “fix selected problems” then I restarted the computer and run a scan again. The issue is that it does not seem to be able to completely fix and delete the Virtumonde and Virtumonde.Dll.
Below are the resultes of 15 scans & fixes. Should I run the scan and the fix is safe mode, would that help? Should I continue scan and fix for more times?
My operating system is win xp pro (service pack 2) and I also have Norton 360 installed.
SCAN 1:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde: [SBI $E7C36CB1] Executable (File, nothing done)
C:\Documents and Settings\Refael\Local Settings\Temp\removalfile.bat
Win32.Pakes.bqn: [SBI $B3B0A646] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NTSpool
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll
SCAN 2:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 3:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 4:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 5:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 6:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 7:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 8:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 9:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 10:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde: [SBI $E7C36CB1] Executable (File, fixed)
C:\Documents and Settings\Refael\Local Settings\Temp\removalfile.bat
Win32.Pakes.bqn: [SBI $B3B0A646] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NTSpool
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll
SCAN 11:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 12:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 13:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\geebb.dll
SCAN 14:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 15:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
I downloaded spybot – search & destroy due to the fact IE7 kept popup a window with an adult photos every 2-3 minutes and surfing the net went slowly.
I run a scan and spybot found the Virtumonde and Virtumonde.Dll.
I disconnected from the internet and clicked “fix selected problems” then I restarted the computer and run a scan again. The issue is that it does not seem to be able to completely fix and delete the Virtumonde and Virtumonde.Dll.
Below are the resultes of 15 scans & fixes. Should I run the scan and the fix is safe mode, would that help? Should I continue scan and fix for more times?
My operating system is win xp pro (service pack 2) and I also have Norton 360 installed.
SCAN 1:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde: [SBI $E7C36CB1] Executable (File, nothing done)
C:\Documents and Settings\Refael\Local Settings\Temp\removalfile.bat
Win32.Pakes.bqn: [SBI $B3B0A646] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NTSpool
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll
SCAN 2:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 3:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 4:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 5:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 6:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, nothing done)
C:\WINDOWS\system32\geebb.dll
SCAN 7:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 8:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 9:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 10:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde: [SBI $E7C36CB1] Executable (File, fixed)
C:\Documents and Settings\Refael\Local Settings\Temp\removalfile.bat
Win32.Pakes.bqn: [SBI $B3B0A646] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\NTSpool
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll
SCAN 11:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 12:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\ssqrq.dll_old
SCAN 13:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
Virtumonde.Dll: [SBI $5573B661] Library (File, fixed)
C:\WINDOWS\system32\geebb.dll
SCAN 14:
==================================
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd
SCAN 15:
==================================
Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-823518204-790525478-725345543-1003\Software\Microsoft\aldd