Ashur
2008-05-17, 07:35
Hi
i faced a small but complicated problem, steps went like this:
1. had a proxy on, & downloaded a zip file containing an .exe file which should have been a tool or plugin for a game "travian". the exe upon execution disappears
2. suspicious of this behavior, i bought norton 360 & installed it to my Vista 32-bit , then I noticed slow performance while browsing internet, afterwards i cant open hotmail nor travian, and the google opens but when i try to search it hangs ages trying to load, but of no use, same like it does when trying hotmail or travian site... though MSN is logging & download is ok but at a lower speed. i scanned the pc with norton it detected a trojan in one of the songs, (been there since 1 year & i never ran it) so i think its not the one, but deleted it anyways
3. i activated HiJackthis file and analysed the log on Hijackthis.de so i found three *.dll things as nasty & fuzzy algorithm... those where ljJBsSKD.dll nheghnlh.dll & jkKJaayY.dll so i fix checked them but they keep coming up again
4. i restarted the PC & ljJBsSKD.dll is still there now nrqRLdDU.dll & kmwcjoeo.dll which i couldn't delete manually though i deleted nheghnlh.dll
5. i searched on seperate PC & knew that this file ljJBsSKD.dll is related to packed.win32.monder.gen also known as virtumonde
6. Downloaded a file f-virtumonde from f-secure company i think. which when i run it cleared this virtumonde from the ljJBsSKD.dll and skypeIEplugin.dll & one other dll i forgot its name.
7. i deleted manually the *.bak files created by F-virtumonde for the above files and deleted manually nheghnlh.dll still the file kmwcjoeo.dll cant be deleted nor fixed by hijackthis
8. miraculously kaspersky website opened, so I scanned my PC full online by Kaspersky, it didnt show any virtumonde, it showed other 3 viruses in dowloaded music files and mirc so i deleted them too (i'm jumpy & ruthless with infected files)
9. i downloaded & installed updates for Vista and service pack1 hoping this also will refresh the whole thing and it will work as before.
10. the problem persists. the confusing thing is that when i open any website now it opens except hotmail & travian & facebook. even when i deactivated the firewall & intrusion detection of norton 360
11. I deleted all the cookies temporary file forms & passwords in memory and ensured the enable cookies because i read if this is disabled hotmail will not open. Though the problem is STILL THERE.
12. I gave up, i found it a real problem and didnt know what to do but to ask professional help
sorry for posting a long one but i am currently waiting for an important job offer on my email, & i figured maybe these steps i have done will light something on whats wrong
I would really appreciate whatever help i can get and i will provide whatever logs you require, though at this stage i'm lost what logs should i post
thanks for bearing with me
Ashur
i faced a small but complicated problem, steps went like this:
1. had a proxy on, & downloaded a zip file containing an .exe file which should have been a tool or plugin for a game "travian". the exe upon execution disappears
2. suspicious of this behavior, i bought norton 360 & installed it to my Vista 32-bit , then I noticed slow performance while browsing internet, afterwards i cant open hotmail nor travian, and the google opens but when i try to search it hangs ages trying to load, but of no use, same like it does when trying hotmail or travian site... though MSN is logging & download is ok but at a lower speed. i scanned the pc with norton it detected a trojan in one of the songs, (been there since 1 year & i never ran it) so i think its not the one, but deleted it anyways
3. i activated HiJackthis file and analysed the log on Hijackthis.de so i found three *.dll things as nasty & fuzzy algorithm... those where ljJBsSKD.dll nheghnlh.dll & jkKJaayY.dll so i fix checked them but they keep coming up again
4. i restarted the PC & ljJBsSKD.dll is still there now nrqRLdDU.dll & kmwcjoeo.dll which i couldn't delete manually though i deleted nheghnlh.dll
5. i searched on seperate PC & knew that this file ljJBsSKD.dll is related to packed.win32.monder.gen also known as virtumonde
6. Downloaded a file f-virtumonde from f-secure company i think. which when i run it cleared this virtumonde from the ljJBsSKD.dll and skypeIEplugin.dll & one other dll i forgot its name.
7. i deleted manually the *.bak files created by F-virtumonde for the above files and deleted manually nheghnlh.dll still the file kmwcjoeo.dll cant be deleted nor fixed by hijackthis
8. miraculously kaspersky website opened, so I scanned my PC full online by Kaspersky, it didnt show any virtumonde, it showed other 3 viruses in dowloaded music files and mirc so i deleted them too (i'm jumpy & ruthless with infected files)
9. i downloaded & installed updates for Vista and service pack1 hoping this also will refresh the whole thing and it will work as before.
10. the problem persists. the confusing thing is that when i open any website now it opens except hotmail & travian & facebook. even when i deactivated the firewall & intrusion detection of norton 360
11. I deleted all the cookies temporary file forms & passwords in memory and ensured the enable cookies because i read if this is disabled hotmail will not open. Though the problem is STILL THERE.
12. I gave up, i found it a real problem and didnt know what to do but to ask professional help
sorry for posting a long one but i am currently waiting for an important job offer on my email, & i figured maybe these steps i have done will light something on whats wrong
I would really appreciate whatever help i can get and i will provide whatever logs you require, though at this stage i'm lost what logs should i post
thanks for bearing with me
Ashur