virtumonde infection here please help
ok i know i had virtumonde and used malware bytes it found them and got rid of them..or so i thought another scan later found it again.. now my background desktop image keeps getting removed so i know i missed something!! so ive read and got hijack this and have a log for this and malware following this..
This is the first malware log file when i first discovered it!!
Malwarebytes' Anti-Malware 1.23
Database version: 997
Windows 5.1.2600 Service Pack 2
8:40:15 AM 7/27/2008
mbam-log-7-27-2008 (08-40-15).txt
Scan type: Quick Scan
Objects scanned: 38255
Time elapsed: 6 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\mlJDuuUL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wfplfbcs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ssqQhfgF.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fa5ca80-a2a5-4a04-a244-0e0b6f2def5b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2fa5ca80-a2a5-4a04-a244-0e0b6f2def5b} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a7713cb-cd60-4ea7-abdf-f78d538b6ade} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a7713cb-cd60-4ea7-abdf-f78d538b6ade} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97e86a6b-bb35-4e0d-99bc-e8253759e763} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97e86a6b-bb35-4e0d-99bc-e8253759e763} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqhfgf (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cd222d1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{97e86a6b-bb35-4e0d-99bc-e8253759e763} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljduuul -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljduuul -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\mlJDuuUL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\LUuuDJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\LUuuDJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xalkvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\begvrhxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vxhrvgeb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wfplfbcs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\scbflpfw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ssqQhfgF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\djrwnanx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\Copy of ssqQhfgF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Install (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\BM7fe1114d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM7fe1114d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.