virtumonde and virtumonde.dll removal ?
Hi spybot searching for virtumonde and virtumonde.dll infacted entries inside registires.i am removing and removing but appearing again even i check with safemode and many time. scaning is long procedure so please help me out that how to remove virtumonde and virtumonde.dll entries permanantly ?
my operating system is vista home premium with sp1.
folowing is the result report of my scanning...
Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4284699560-2997417660-1886316256-500\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde.dll: [SBI $7442D4BC] Library (File, nothing done)
C:\Windows\System32\hgGWPgeC.dll
Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}
Virtumonde.dll: [SBI $960C7A04] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}
Virtumonde.dll: [SBI $960C7A04] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}
Virtumonde.dll: [SBI $960C7A04] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{491EAB74-0AF3-4498-B72D-8949A88E0CB8}
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-30 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-28 Includes\AdwareC.sbi (*)
2008-05-28 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-28 Includes\DialerC.sbi (*)
2008-05-28 Includes\HeavyDuty.sbi (*)
2008-05-28 Includes\Hijackers.sbi (*)
2008-05-28 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-05-28 Includes\Malware.sbi (*)
2008-05-28 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-28 Includes\PUPSC.sbi (*)
2008-05-28 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-28 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-28 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-28 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-05-28 Includes\Trojans.sbi (*)
2008-05-28 Includes\TrojansC.sbi (*)
2007-12-24 Plugins\TCPIPAddress.dll
=================================================
problem is with explorer.exe which try to send hidden data and then i recieved message to download some software..
thanks
please reply..
Reply With Quote
Originally Posted by jaquar001
please do not post hijack this logs in this forum
