PDA

View Full Version : Virtumonde / browser re-direct



JordanW
2009-04-28, 04:43
Hi malware experts,

A couple of weeks ago my machine managed to contract Virtumonde. Spybot found it, and I thought it had fixed it, but things got messed up and I ended up re-installing Windows XP (not re-formatting the drive, just re-installing Windows over the existing installation).

Firefox is now still re-directing links, though Spybot seems not to be detecting any malware.

On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:

GooredFix v1.92 by jpshortstuff
Log created at 21:34 on 27/04/2009 running Option #1 (Jordan)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{FC3F3D2E-3D12-4B1B-ABA6-1C8D147538F4}

C:\Program Files\Mozilla Firefox\extensions\{F4B69F1A-E106-4E65-9EAC-87EB6F4B9E55}

C:\Program Files\Mozilla Firefox\extensions\{BAA8552A-EF5B-48B1-AE59-875512122F00}

C:\Program Files\Mozilla Firefox\extensions\{B8558E8C-872E-4CAD-B882-7657AB551B9A}

C:\Program Files\Mozilla Firefox\extensions\{A313C5BF-1E66-48DD-AB09-412E65A9E0BD}

C:\Program Files\Mozilla Firefox\extensions\{A1E3E976-79AD-484C-B7E7-5A57FC31E75B}

C:\Program Files\Mozilla Firefox\extensions\{96EC986A-43B1-4688-91A5-BA8366552E31}

C:\Program Files\Mozilla Firefox\extensions\{6A1A26F3-E35A-4D4D-9963-4AA1D16A4AF4}

C:\Program Files\Mozilla Firefox\extensions\{65B977A9-9E41-4BC0-B58D-529BB5C8E930}

C:\Program Files\Mozilla Firefox\extensions\{46E12999-66C5-43BB-8C60-867FE4AE9CA0}

C:\Program Files\Mozilla Firefox\extensions\{3EF098FD-9332-4B09-B99C-CC3E4A52A823}

C:\Program Files\Mozilla Firefox\extensions\{3E4308E2-495B-4D82-9FA8-E7B71F4CC431}

C:\Program Files\Mozilla Firefox\extensions\{1E12D67B-D47B-446E-993B-E4F58A97D499}

C:\Program Files\Mozilla Firefox\extensions\{16C9BA60-A6A4-4522-AF8A-3AED15DBB96E}

C:\Program Files\Mozilla Firefox\extensions\{0980978C-8D90-41D5-9D3D-11C76D7BA576}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

Thanks very much in advance for your assistance...

JordanW

tashi
2009-04-28, 06:24
Hello JordanW,


On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:


Please read this forum's stickied FAQs and start a new topic. ;)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)

Best regards. :)