Virtumonde and Virtumonde.general

[Jr555]

I hope Im posting the right file here... please help !

[Jr555]

, okay I really dont know how to post the log file, but here goes.

--- Report generated: 2007-11-12 00:50 ---

Virtumonde: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-789336058-1078145449-1957994488-1003\Software\Microsoft\rdfa

Virtumonde: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-789336058-1078145449-1957994488-1003\Software\Microsoft\aldd

Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}

Virtumonde.generic: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Virtumonde.generic: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-789336058-1078145449-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11A69AE4-FBED-4832-A2BF-45AF82825583}

Virtumonde.generic: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-789336058-1078145449-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A95B2816-1D7E-4561-A202-68C0DE02353A}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-11-07 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-11-07 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-11-07 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-11-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-11-07 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-11-07 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-11-07 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-11-07 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-07 Includes\Trojans.sbi (*)
2007-11-07 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



Hope thats right ?

[pskelley]

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Not hardly, the instructions are posted above and pinned to the top of the forum. Read the instructions and follow them, post the HJT log. Since it is probably a Vundo infection, do not run and post the Kaspersky scan until I request it. This junk is hard to remove, so do not expect easy and keep the computer offline except when troubleshooting, the junk can download more.

Thanks

[tashi]

This topic has been archived due to inactivity.

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

Applies only to the original poster, anyone else with similar problems please start a new topic.