PDA

View Full Version : virtumonde and virtumonde.dll removal ?



jaquar001
2008-05-30, 09:03
Hi spybot searching for virtumonde and virtumonde.dll infacted entries inside registires.i am removing and removing but appearing again even i check with safemode and many time. scaning is long procedure so please help me out that how to remove virtumonde and virtumonde.dll entries permanantly ?
my operating system is vista home premium with sp1.
folowing is the result report of my scanning...

Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4284699560-2997417660-1886316256-500\Software\Microsoft\rdfa

Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

Virtumonde.dll: [SBI $7442D4BC] Library (File, nothing done)
C:\Windows\System32\hgGWPgeC.dll

Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}

Virtumonde.dll: [SBI $960C7A04] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}

Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}

Virtumonde.dll: [SBI $960C7A04] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-30 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll

=================================================
problem is with explorer.exe which try to send hidden data and then i recieved message to download some software..
thanks
please reply..:)

tashi
2008-05-30, 16:53
Hello,



problem is with explorer.exe which try to send hidden data and then i recieved message to download some software..
thanks
please reply..:)
Please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you as soon as available.

Cheers.

129260
2008-05-31, 02:32
again:

see tashi's response above.

tashi
2008-05-31, 03:39
Hi jaquar001, :greeting:

I moved your log to the malware forum for analysis.

Here it is: http://forums.spybot.info/showthread.php?t=28826

Cheers.


Thanks 129260, you can just PM me to move stuff. ;)

129260
2008-05-31, 21:23
Hi jaquar001, :greeting:

I moved your log to the malware forum for analysis.

Here it is: http://forums.spybot.info/showthread.php?t=28826

Cheers.


Thanks 129260, you can just PM me to move stuff. ;)

I got to remember that haha ;)