Well, when I start up my computer, now it gets this error:
____________________________________________

Error loading C:\WINDOWS\system32\kxmnngpw.dll

The specified module could not be found.
____________________________________________

:( . This pops up after spybot destroyed that...... *unhappyface* I dont wanna recover, because if I do, I might get my old trojan back on my computer.

Although, that may pop up, it has ABSOLUTLY NO NOTICEABLE EFFECT.

I don't think that does anything, but I just wanna post on the forums to make sure.

Might possibly be a leftover startup entry.

Probably best to get checked out in malware removal.They could fix that.

The instructions to follow are here,please read through and follow them as they help you get the required logfile(s) to post:
http://forums.spybot.info/showthread.php?t=288

Malware removal:
http://forums.spybot.info/forumdisplay.php?f=22

To readers of this thread:

The origin of the message that DarkSoldierX (http://forums.spybot.info/member.php?u=42276) is getting may be explained by a leftover from an attempted Virtumonde/Vundo removal. See DarkSoldierX (http://forums.spybot.info/member.php?u=42276)'s original post (Post #16 (http://forums.spybot.info/showpost.php?p=201146&postcount=6)) in the following thread:
Did Spybot mess up my computer? Please HELP
http://forums.spybot.info/showthread.php?t=28785

...get my old trojan back on my computer.

md may have a point.

SoldierX, you cannot get a "trojan" with a System Recovery. Well, of course you can get one if you don't know what you're doing. Or you're just purposely infecting your PC.

What are you talking about? How am I purposly infecting my pc? I followed these steps to get rid of mr virtumonde

1. Run scan

2. Dissconnected Internet After Scan

3. Fix Virtumonde and BM Problems that keep poping up

4. Restart Computer (My internet is STILL unplugged)

5. Wait that 30 minute long scan.....

6. Fix Virtumonde AGAIN

7. I restarted Computer just to make sure

8. *long 30 minute scan*

9. Congrats! You don't have any problems!(thats what Spybot says)

10.*replugs internet*

11. BMUpdate has changed a registry (presses Deny)

12. Spybot ask to delete a some registrys, I slowly press Yes and make sure its Spybot not the BM update that will pop up in....

13. 3 SECONDS! BM Update pops up! I press Deny

14. OH MY GAWD.... NO IT CANT BE........ THE OLD REGISTRY THAT SPYBOT DELETED HAS.... OH NOES... BEEN REPLACED BY SOME OUTSIDE FORCE! (PRESSES DENY)

15. So what happens is the Registry Virtumonde was using (I can tell, I read which one it is) Is being replaced by.... something...... Definitly not spybot, it changes the registry to somthing else thats random, and I keep denying it cuz if I accept it virtumonde strikes again, Placing itself on my computer....... I accept to see what will happen....

16. I just finished scan! Oh noes! Virtumonde!

17. *makes a HJT log*

18. *prepares to post a thread in malicuz forums if no one replies to this post on more instructions*

No, I don't see how Im purposly letting virtumonde on my computer, and yes, ive tried blacklisting it, and the message that its been denied keeps popping up over and over on the bottem right side, causing me internet to go all slow and crap.


If I cant get rid of virtumonde id have two choices:

Let the X-rated sites/ads pop up : Or let my computer go all slow like.... watching messages pop up over and over........

Sorry for double posting but I'm hopping to show you guys some stuff:

http://img212.imageshack.us/img212/231/virtumondeda9.th.gif (http://img212.imageshack.us/my.php?image=virtumondeda9.gif)

Shoot, im starting to feel the effects of virtumonde, google doesnt work anymore.

DarkSoldierX:


...

11. BMUpdate has changed a registry (presses Deny)
???

Is that a TeaTimer message that you are doing a "Deny change" on? If so, TeaTimer does not identify what program is making the change. It only identifies what registry entry was changed and gives you an opportunity to reverse the change by doing a "Deny change". In order to determine if that change should be denied or not, you would have to provide the details from the message itself:
Category:
Change:
Entry:
Old data:
New data:
Without that detail for all I know that registry change cound be the removal of the startup entry for BMUpdate.

That this point the best course of action may be to post in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) using these instrusctions: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).

DarkSoldierX's malware forum topic: http://forums.spybot.info/showthread.php?t=29407

I just learned somthing. I just downloaded 3 recommended anti-baddies. One of them was AVG anti-virus, and when I scanned with that, I found about 33 Virtumonde Infections..... Spybot only found 8. I will wait till a Expert replies to my malaware post. I will delite the other like 50 infections but Il leave the 33 virtumonde ones on just incase, cuz i might ruin what the expert tells me.

Edit: Oh noes! AVG found a horse dropper agent in SpywareBlaster? That must be a mistake

Soldier: I'm not saying you're purposely infecting your computer. My point is that you cannot get a "trojan horse" just by formatting your PC.

As for the anti-"baddies", what programs were they?
AVG, Spybot-SD, and what else?

Is AVG up-to-date (AVG 8.0)?
How about Spybot (1.5.2.20)?

The trojan horse doppler must be a false positive.

There were some issues where AVG 8.0 began finding false positives within the Spybot and SpywareBlaster's Immunization. Not sure if Grisoft fixed that.

Also, heard that AVG is now detecting Virtuemonde. Nice to know.

Lets see.... Comodo Firewall Pro..... Spybot..... Spyware Blaster.....Spyware Gaurd.

Hrm. Comodo Firewall Pro is a reputable firewall. What I dislike about the firewall is the constant nag from DEFENSE +.

Is Spybot-SD up-to-date?

Latest versions:

Spybot-Search&Destroy: 1.5.2.20. A future release of 1.6 is scheduled on July 4, 2008.

Comodo Firewall Pro: 3.0.25.378
SpywareBlaster: 4.1
SpywareGuard: 2.2

What I would suggest is that you remove SpywareGuard. Although the both make a good team, SpywareGuard is badly outdated. The latest definitions were from 2004.

From your Hijack log:

Windows XP3 released. As for IE7.

What I can say is that Best of Luck, and follow whatever direct you receive from a Malware Expert.

I don't use IE anymore, the burning fox is my lovable pet :) .

Anyways, for some reason, Virtumonde isnt acting up..... Google works...... Yahoo works.... yeah my internet is a little slower, but that just might be my connection, or my Comodo checking everything that goes through my connection. Anyways, Virtumonde is still on my system, just that it has no effect for some reason.... No X-rated sites popping up, or that fake pop-up on yahoo that says:

Checking your system: (loading bar)

YOU ARE INFECTED! DOWNLOAD ANTIVIRUS NOW!

_____________________________________________

So yeah, things are looking pretty good, but I still want virtumonde off my system.

I would suggest you upgrade, but however that's all up to you.

SpywareGuard is outdated. It's useless.

How's the Malware Forum thread going?

No luck *ubersadface*

35 views.

Psh, quit it with the uber, lols. :laugh:

You'll manage to get help. Just don't bump.