PDA

View Full Version : virtumonde.sdn



atdhockey
2009-06-06, 17:58
Spybot S&D found virtumonde.sdn on 3 scans. it couldn't remove the files associated with this problem. one of them i located was a .dll file.

C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL,C:\Windows\System32\dsauth32.dll,C:\Windows\System32\iasrecst32.dll,C:\Windows\System32\ifsutilx32.dll,C:\Windows\System32\dsprop32.dll,C:\Windows\System32\eqossnap32.dll,C:\Windows\System32\iassvcs32.dll,C:\Windows\System32\imageres32.dll,C:\Windows\System32\dssenh32.dll,C:\Windows\System32\evr32.dll,C:\Windows\System32\icm3232.dll,C:\Windows\System32\imapi32.dll,C:\Windows\System32\dxmasf32.dll,C:\Windows\System32\fdProxy32.dll,C:\Windows\System32\ieakeng32.dll,C:\Windows\System32\inetcomm32.dll,C:\Windows\System32\EAPQEC32.dll,C:\Windows\System32\FirewallAPI32.dll,C:\Windows\System32\iepeers32.dll,C:\Windows\System32\inseng32.dll,C:\Windows\System32\esentprf32.dll,C:\Windows\System32\fphc32.dll,C:\Windows\System32\ifsutil32.dll,C:\Windows\System32\iprtrmgr32.dll,C:\Windows\System32\fde32.dll,C:\Windows\System32\GameUXLegacyGDFs32.dll,C:\Windows\System32\imagesp132.dll,C:\Windows\System32\ir41_qcx32.dll,C:\Windows\System32\filemgmt32.dll,C:\Windows\System32\gpedit32.dll,C:\Windows\System32\inetmib132.dll,C:\Windows\System32\iscsidsc32.dll,C:\Windows\System32\comctl3232.dll,C:\Windows\System32\CSVer32.dll,C:\Windows\System32\dnssd32.dll,C:\Windows\System32\AuthFWSnapin32.dll,C:\Windows\System32\comsnap32.dll,C:\Windows\System32\d3d10core32.dll,C:\Windows\System32\dot3gpui32.dll,C:\Windows\System32\avrt32.dll,C:\Windows\System32\crtdll32.dll,C:\Windows\System32\d3dim32.dll,C:\Windows\System32\dpnathlp32.dll,C:\Windows\System32\bitsperf32.dll,C:\Windows\System32\cscapi32.dll,C:\Windows\System32\d3dx9_2832.dll,C:\Windows\System32\dpwsockx32.dll,C:\Windows\System32\cabview32.dll,C:\Windows\System32\C_ISCII32.dll,C:\Windows\System32\dbghelp32.dll,C:\Windows\System32\azroles32.dll,C:\Windows\System32\CertEnroll32.dll,C:\Windows\System32\d3d8thk32.dll,C:\Windows\System32\ddrawex32.dll,C:\Windows\System32\bitsprx232.dll,C:\Windows\System32\chsbrkr32.dll,C:\Windows\System32\d3dx9_2432.dll,C:\Windows\System32\devmgr32.dll,C:\Windows\System32\cabview3232.dll,C:\Windows\System32\clusapi32.dll,C:\Windows\System32\d3dx9_3232.dll,C:\Windows\System32\dhcpcmonitor32.dll,C:\Windows\System32\CertEnroll3232.dll,C:\Windows\System32\cmstplua32.dll,C:\Windows\System32\dbnetlib32.dll,C:\Windows\System32\dimsjob32.dll,C:\Windows\System32\chtbrkr32.dll,C:\Windows\System32\CompatUI32.dll,C:\Windows\System32\deploytk32.dll,C:\Windows\System32\dmdskmgr32.dll,C:\Windows\System32\clusapi3232.dll,C:\Windows\System32\comuid32.dll,C:\Windows\System32\dfrgifps32.dll,C:\Windows\System32\dmime32.dll,C:\Windows\System32\cmstplua3232.dll,C:\Windows\System32\crypt3232.dll,C:\Windows\System32\dhcpcsvc32.dll,C:\Windows\System32\dmsynth32.dll,C:\Windows\System32\comctl323232.dll,C:\Windows\System32\cryptnet32.dll,C:\Windows\System32\dimsroam32.dll,C:\Windows\System32\dnshc32.dll,C:\Windows\System32\comsnap3232.dll,C:\Windows\System32\CTAPO3232.dll,C:\Windows\System32\dmdlgs32.dll,C:\Windows\System32\dot3dlg32.dll,C:\Windows\System32\crypt323232.dll,C:\Windows\System32\d3d10core3232.dll,C:\Windows\System32\dmscript32.dll,C:\Windows\System32\dplayx32.dll,C:\Windows\System32\cryptnet3232.dll,C:\Windows\System32\d3dim3232.dll


That was the full directory i found the other one associated with the find was

Virtumonde.sdn: [SBI $422DDD32] Library (File, nothing done)
C:\Windows\System32\esentprf32.dll
Properties.size=143360
Properties.md5=C28C74F3F40FCEF3077C81068192C750
Properties.filedate=1244095035
Properties.filedatetext=2009-06-04 01:57:14


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-06-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-06-02 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-06-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-12 Includes\Malware.sbi (*)
2009-06-02 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-06-02 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-06-02 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-06-02 Includes\Trojans.sbi (*)
2009-06-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


if someone could help me on how to remove all of this please!

atdhockey
2009-06-06, 18:15
I removed the the first .dll file. Can someone tell me if i didn't want to do this. and how to put it back in if i need to do this.

Matt
2009-06-06, 23:32
Hi atdhockey,

Just to make sure, I want you to follow these instructions (http://forums.spybot.info/showpost.php?p=304562&postcount=2). :cool: