Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Virtumonde

  1. 2008-06-14, 13:02 #1
    Danzeman
    Danzeman is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Default Virtumonde

    OK sorry for the other thread so I read other peoples post and Did a HJT log and a Combofix.
    I done a combofix last night and it seems as though that fixed my problem as it doesnt show up in task manager anymore as Run.dll poppin up every 2 seconds, I dunno u tell me here are the logs:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:28, on 14/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\cavrid.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {376DD14E-6849-4CE2-80A5-FA821FF098C1} - C:\Windows\system32\mlJAqRHW.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7173A74D-01C9-4053-845C-1E98D60822A3} - C:\Windows\system32\iifgFurO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7ADF7B13-F169-4A7F-B756-28AD5E11148C} - C:\Windows\system32\rqRIyaxV.dll (file missing)
    O2 - BHO: (no name) - {A4515376-9A98-4B98-9C4F-D28B65721392} - C:\Windows\system32\nnnlKCts.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: www.azureus.com
    O15 - Trusted Zone: http://www.ebay.co.uk
    O15 - Trusted Zone: http://my.imageshack.us
    O15 - Trusted Zone: http://www.imageshack.us
    O15 - Trusted Zone: http://www.mininova.org
    O15 - Trusted Zone: http://www.orange.co.uk
    O15 - Trusted Zone: http://www.sonyericsson.com
    O15 - Trusted Zone: http://www.youtube.com
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 5201 bytes


    --------------------------------------------------------------------------


    ComboFix 08-06-12.2 - Dan 2008-06-13 23:06:30.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1244 [GMT 1:00]
    Running from: C:\Users\Dan\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\Fonts\CALIBRIB.TTF
    C:\Windows\system32\ahmwfljp.dll
    C:\Windows\system32\ccsucnag.dll
    C:\Windows\system32\cgrfoicv.dll
    C:\Windows\system32\efcDUoOe.dll
    C:\Windows\System32\eOoUDcfe.ini
    C:\Windows\System32\eOoUDcfe.ini2
    C:\Windows\system32\fpbdnhqk.ini
    C:\Windows\system32\fypwrqjm.dll
    C:\Windows\system32\joggxjix.dll
    C:\Windows\system32\jyrqnbos.ini
    C:\Windows\system32\lyoefeqb.dll
    C:\Windows\System32\mjqrwpyf.ini
    C:\Windows\system32\mkjpoykt.dll
    C:\Windows\system32\opnkjGab.dll
    C:\Windows\System32\OruFgfii.ini
    C:\Windows\System32\OruFgfii.ini2
    C:\Windows\system32\pqwordhv.dll
    C:\Windows\System32\stCKlnnn.ini
    C:\Windows\System32\stCKlnnn.ini2
    C:\Windows\system32\sxngbjeb.dll
    C:\Windows\system32\tijblfcx.dll
    C:\Windows\system32\vatbppkw.dll
    C:\Windows\System32\vhdrowqp.ini
    C:\Windows\System32\VxayIRqr.ini
    C:\Windows\System32\VxayIRqr.ini2
    C:\Windows\System32\WHRqAJlm.ini
    C:\Windows\System32\WHRqAJlm.ini2
    C:\Windows\system32\wkrnwtgx.dll
    C:\Windows\system32\xijxggoj.ini
    C:\Windows\system32\yaywwWqN.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-13 19:16 --------- d-----w C:\Program Files\Championship Manager 01-02
    2008-06-11 21:00 --------- d-----w C:\Users\Dan\AppData\Roaming\Azureus
    2008-06-06 22:56 --------- d-----w C:\Users\Dan\AppData\Roaming\BearShare
    2008-06-06 19:50 --------- d-----w C:\Program Files\BearShare Applications
    2008-06-06 19:11 --------- d-----w C:\Users\Dan\AppData\Roaming\LimeWire
    2008-06-06 18:53 --------- d-----w C:\Program Files\LimeWire
    2008-06-04 17:01 880,560 ----a-w C:\Windows\system32\drivers\vetefile.sys
    2008-06-04 17:01 108,368 ----a-w C:\Windows\system32\drivers\veteboot.sys
    2008-05-21 11:10 --------- d-----w C:\Program Files\directx
    2008-05-21 11:00 --------- d-----w C:\Program Files\Bethesda Softworks
    2008-05-19 17:37 --------- d-----w C:\Program Files\McDonaldsFairies
    2008-05-16 17:15 --------- d-----w C:\Users\Dan\AppData\Roaming\Leadertech
    2008-05-16 16:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-05-05 10:54 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-05-05 10:54 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-26 12:20 --------- d-----w C:\Program Files\Tropico
    2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 23:06 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-04-19 21:25 --------- d-----w C:\Program Files\DOSBox-0.72
    2007-09-12 17:46 174 --sha-w C:\Program Files\desktop.ini
    2007-08-15 18:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007081520070816\index.dat
    2007-09-16 17:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007091620070917\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376DD14E-6849-4CE2-80A5-FA821FF098C1}]
    C:\Windows\system32\mlJAqRHW.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7173A74D-01C9-4053-845C-1E98D60822A3}]
    C:\Windows\system32\iifgFurO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ADF7B13-F169-4A7F-B756-28AD5E11148C}]
    C:\Windows\system32\rqRIyaxV.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4515376-9A98-4B98-9C4F-D28B65721392}]
    C:\Windows\system32\nnnlKCts.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:41 1232896]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-09 16:09 171448]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
    "CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:42 230664]

    C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2008-05-16 17:58:34 225280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "vidc.iv41"= ir41_32.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2006-11-02 13:35 125440 C:\Windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
    --a------ 2005-02-02 04:00 98304 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2006-05-20 11:13 188416 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2007-06-13 08:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-09 16:09 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2006-10-27 22:50 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-05-05 11:53 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-08-18 21:25 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-481564165-263558845-3825914811-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B9604AC9-A79D-465C-9223-91AFE39D2D4D}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{F649379F-27BF-4862-B88C-4833BE1216B2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{87DDE417-0C7B-4603-B360-60334F4C3BE2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{60937ED3-33AA-4B00-B3D5-38BC6C75556F}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{60964945-7BD5-41E4-AB16-4ABB3A3065EF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{F9705C35-F25A-4D7E-BE49-6D5A094F2065}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{4E2C1D0F-C37E-4B4D-AFD8-EE83ECEA763C}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{71987DAE-B311-4B15-B003-1F04A3A618F4}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "TCP Query User{EF5E762A-1915-4651-A010-095467D58DCD}C:\\users\\dan\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "UDP Query User{00CD141D-03B5-436E-84BB-982F8854B927}C:\\users\\dan\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "TCP Query User{FF76D521-6FE0-4C1B-8ACA-A1ABC290E22F}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{DD0F3F30-A305-4A04-B65D-D8B9DB9FB301}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{09E3B2F2-7ADF-499F-A7B1-FE78E31A1728}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{5F06070B-30E6-4F5B-98BF-C49D8464A08A}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "{912283F3-508B-4121-8D21-A94AC40E3002}"= UDP:49876:AzureusTCP
    "{FB370CAA-51AC-43A7-B23D-A585F7FFFA01}"= TCP:49876:AzureusUDP
    "TCP Query User{FD23821F-ACDB-43DE-A2CE-F9B98E4440CE}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{31A1F416-7D7B-47BC-8F12-BF8913DB87E6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{0DB33F4F-06C1-4663-BBCB-96557A219C9F}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
    "UDP Query User{D728A843-8BDC-4A07-A971-60CB9C9903C0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
    "{29F3F4CD-FCAD-4D95-B9F1-C41C71A583C7}"= UDP:80:CM0102

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 16:22]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 17:19]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 16:28]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\autorun.exe
    \shell\directx\command - I:\DirectX9\dxsetup.exe
    \shell\setup\command - I:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \shell\AutoRun\command - K:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \shell\AutoRun\command - L:\autorun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-13 22:21:22 C:\Windows\Tasks\User_Feed_Synchronization-{84AE4A98-FBCA-41BC-B889-5A0E5570483F}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-13 23:19:21
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\isafe.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\vetmsg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-13 23:28:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-13 22:27:31

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    220 --- E O F --- 2008-06-10 20:38:50
  2. 2008-06-15, 20:27 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Do NOT run 'fixes' before helpers have analyzed HJT log


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
    • Scroll down to where it says
      The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.



    Start hjt, do a system scan, check (if found):
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376DD14E-6849-4CE2-80A5-FA821FF098C1}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7173A74D-01C9-4053-845C-1E98D60822A3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ADF7B13-F169-4A7F-B756-28AD5E11148C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4515376-9A98-4B98-9C4F-D28B65721392}]

    Save this as
    CFScript




    Refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    Run Kaspersky Online Scanner (do not select mail base scanning) and post back its report & a fresh hjt log (without forgetting above meantioned ComboFix resultant log).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2008-06-16, 23:48 #3
    Danzeman
    Danzeman is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Default

    Ok I downloaded java 6u6 from http://www.java.com/en/download/manual.jsp
    because the other link worked but it would not download, I suspect its the same thing?
    Then I run HJT and found them Scripts u bolded, so copied the text from the box beneith and saved it to note pad and named it as instructed, dragged it to Comfix and all went to plan (no freeze or restart) but the log file is HUGE, I try to copy paste but Internet explorer keeps crashing!
    What should I do and is the log supposed to be massive, I did download SP1 for vista yesterday if that has anything to do with it?
  4. 2008-06-17, 06:36 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    What should I do and is the log supposed to be massive, I did download SP1 for vista yesterday if that has anything to do with it?
    Hi

    Yes, that makes it so massive. Could you archive it into zip file and post as an attachment with your reply or upload to http://www.sendspace.com/ and post back a download link to it?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2008-06-17, 17:17 #5
    Danzeman
    Danzeman is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Default

    Ok thanks Blade lol, Here it is mate http://www.sendspace.com/file/gf2xn9 Do u need a HTJ log or anything to study along with Combofix?
    Also to mention I get these .dll errors when I restart computer C:\Windows\System32\Joggxjix.dll also C:\Windows\System32\GebqnME.dll if this is normal at this time of the cleanup prosses and u dont need me to post anything along with the Combo log, then just ignore me untill u study the combo file
  6. 2008-06-17, 21:07 #6
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2855b863-acc2-4563-8126-087063acf0c5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"88c49ef6"=-

    Save this as
    CFScript




    Refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log & a fresh hjt log. Were you able to make Kaspersky scanner work?


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  7. 2008-06-18, 17:21 #7
    Danzeman
    Danzeman is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Default

    Hello, No I have not tried Kaspersky yet as I thought u needed to look through HJT and Comfix logs 1st? Sorry should I run the Kaspersky Blade?




    ComboFix 08-06-12.2 - Dan 2008-06-18 16:04:58.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1206 [GMT 1:00]
    Running from: C:\Users\Dan\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Dan\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
    .

    2008-06-17 16:08 . 2008-06-17 16:08 107,410 --a------ C:\ComboFix.rar
    2008-06-16 21:54 . 2008-06-16 21:56 <DIR> d-------- C:\Program Files\Java
    2008-06-16 21:54 . 2008-06-16 21:54 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-06-16 09:27 . 2008-06-16 09:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-16 09:07 . 2008-06-16 09:07 <DIR> d-------- C:\PerfLogs
    2008-06-14 15:58 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-14 15:58 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-14 15:58 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-14 15:58 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-14 11:54 . 2008-06-14 11:54 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-13 19:51 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-13 19:51 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-06-12 16:56 . 2008-06-13 22:13 385 --a------ C:\Windows\wininit.ini
    2008-06-10 20:29 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-10 20:29 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-10 20:29 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-10 20:29 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-06-06 20:50 . 2008-06-06 23:56 <DIR> d-------- C:\Users\Dan\AppData\Roaming\BearShare
    2008-06-06 20:50 . 2008-06-06 20:50 <DIR> d-------- C:\Program Files\BearShare Applications
    2008-06-06 20:50 . 2007-11-22 15:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
    2008-06-04 18:01 . 2008-06-04 18:01 880,560 --a------ C:\Windows\System32\drivers\vetefile.sys
    2008-06-04 18:01 . 2008-06-04 18:01 108,368 --a------ C:\Windows\System32\drivers\veteboot.sys
    2008-06-03 09:53 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-06-03 09:53 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-06-03 09:50 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
    2008-06-03 09:49 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-06-03 09:48 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-06-03 09:47 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-06-03 09:46 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-06-03 09:46 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-06-03 09:46 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
    2008-06-03 09:46 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
    2008-06-03 09:46 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-06-03 09:45 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-06-03 09:45 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-06-03 09:45 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-06-03 09:45 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-06-03 09:45 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-06-03 09:44 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-06-03 09:44 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-06-03 09:44 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-06-03 09:44 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-26 18:55 . 2008-05-26 19:13 <DIR> d-------- C:\Windows\System32\Adobe
    2008-05-21 12:10 . 2008-05-21 12:10 <DIR> d-------- C:\Program Files\directx
    2008-05-21 12:00 . 2008-05-21 12:00 <DIR> d-------- C:\Program Files\Bethesda Softworks
    2008-05-20 18:03 . 2008-05-20 18:04 179,395,091 --a------ C:\Windows\MEMORY.DMP
    2008-05-19 20:46 . 2008-05-19 21:20 110,221 --a------ C:\Windows\Run32A50.mch
    2008-05-19 20:45 . 2008-05-19 20:46 209 --a------ C:\Windows\mfont.dat
    2008-05-19 19:48 . 2008-05-19 21:19 <DIR> d-------- C:\Windows\A5W_DATA
    2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\PC_Play&Learn
    2008-05-19 19:48 . 2008-05-19 20:48 35 --a------ C:\Windows\A5W.INI
    2008-05-19 18:36 . 2008-05-19 18:37 <DIR> d-------- C:\Program Files\McDonaldsFairies
    2008-05-19 18:35 . 2008-05-19 18:35 <DIR> d--hs---- C:\Windows\ftpcache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-17 22:24 --------- d-----w C:\Users\Dan\AppData\Roaming\LimeWire
    2008-06-17 16:20 --------- d-----w C:\Program Files\Championship Manager 01-02
    2008-06-16 23:34 --------- d---a-w C:\ProgramData\TEMP
    2008-06-16 08:21 174 --sha-w C:\Program Files\desktop.ini
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Sidebar
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Mail
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Journal
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Defender
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Collaboration
    2008-06-16 08:08 --------- d-----w C:\Program Files\Windows Calendar
    2008-06-16 07:45 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-16 07:45 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-15 20:14 --------- d-----w C:\Users\Dan\AppData\Roaming\Azureus
    2008-06-06 18:53 --------- d-----w C:\Program Files\LimeWire
    2008-05-16 17:15 --------- d-----w C:\Users\Dan\AppData\Roaming\Leadertech
    2008-05-16 16:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-05 10:54 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-05-05 10:54 --------- d-----w C:\Program Files\Common Files\Real
    2008-04-26 12:20 --------- d-----w C:\Program Files\Tropico
    2008-04-25 23:06 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-19 21:25 --------- d-----w C:\Program Files\DOSBox-0.72
    2007-08-15 18:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007081520070816\index.dat
    2007-09-16 17:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007091620070917\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-06-16_22.20.45.28 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-16 20:29:48 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-18 14:19:59 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-06-16 20:59:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-18 14:42:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-16 20:59:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-18 14:42:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-16 20:59:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-18 14:42:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-16 20:51:15 105,852 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-18 15:03:44 105,852 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-16 20:51:15 600,378 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-18 15:03:44 600,378 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-16 20:29:50 387,046 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-06-18 14:20:00 389,530 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-09 16:09 171448]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
    "CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:42 230664]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 10:07 4390912 C:\Windows\RtHDVCpl.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [5/16/2008 5:58:34 PM 225280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "vidc.iv41"= ir41_32.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 08:33 125952 C:\Windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
    --a------ 2005-02-02 04:00 98304 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2006-05-20 11:13 188416 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2007-06-13 08:16 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-09 16:09 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2006-10-27 22:50 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-05-05 11:53 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-481564165-263558845-3825914811-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B9604AC9-A79D-465C-9223-91AFE39D2D4D}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{F649379F-27BF-4862-B88C-4833BE1216B2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{87DDE417-0C7B-4603-B360-60334F4C3BE2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{60937ED3-33AA-4B00-B3D5-38BC6C75556F}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{60964945-7BD5-41E4-AB16-4ABB3A3065EF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{F9705C35-F25A-4D7E-BE49-6D5A094F2065}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{4E2C1D0F-C37E-4B4D-AFD8-EE83ECEA763C}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{71987DAE-B311-4B15-B003-1F04A3A618F4}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "TCP Query User{EF5E762A-1915-4651-A010-095467D58DCD}C:\\users\\dan\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "UDP Query User{00CD141D-03B5-436E-84BB-982F8854B927}C:\\users\\dan\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
    "TCP Query User{FF76D521-6FE0-4C1B-8ACA-A1ABC290E22F}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{DD0F3F30-A305-4A04-B65D-D8B9DB9FB301}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{09E3B2F2-7ADF-499F-A7B1-FE78E31A1728}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{5F06070B-30E6-4F5B-98BF-C49D8464A08A}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "{912283F3-508B-4121-8D21-A94AC40E3002}"= UDP:49876:AzureusTCP
    "{FB370CAA-51AC-43A7-B23D-A585F7FFFA01}"= TCP:49876:AzureusUDP
    "TCP Query User{FD23821F-ACDB-43DE-A2CE-F9B98E4440CE}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{31A1F416-7D7B-47BC-8F12-BF8913DB87E6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{0DB33F4F-06C1-4663-BBCB-96557A219C9F}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
    "UDP Query User{D728A843-8BDC-4A07-A971-60CB9C9903C0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
    "{29F3F4CD-FCAD-4D95-B9F1-C41C71A583C7}"= UDP:80:CM0102
    "{BFB78957-0AD6-44E3-9D77-C72A767B9749}"= TCP:80:cm0102

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 16:22]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-25 17:19]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 16:28]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \shell\AutoRun\command - I:\autorun.exe
    \shell\directx\command - I:\DirectX9\dxsetup.exe
    \shell\setup\command - I:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \shell\AutoRun\command - K:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \shell\AutoRun\command - L:\autorun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-18 08:06:19 C:\Windows\Tasks\User_Feed_Synchronization-{84AE4A98-FBCA-41BC-B889-5A0E5570483F}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-18 16:12:25
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    Completion time: 2008-06-18 16:16:00
    ComboFix-quarantined-files.txt 2008-06-18 15:13:57
    ComboFix2.txt 2008-06-16 21:23:28
    ComboFix3.txt 2008-06-13 22:28:21

    Pre-Run: 21,794,033,664 bytes free
    Post-Run: 21,492,203,520 bytes free

    233 --- E O F --- 2008-06-16 08:53:51

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:43, on 18/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\cavrid.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: www.azureus.com
    O15 - Trusted Zone: http://www.champman0102.co.uk
    O15 - Trusted Zone: http://www.ebay.co.uk
    O15 - Trusted Zone: http://my.imageshack.us
    O15 - Trusted Zone: http://www.imageshack.us
    O15 - Trusted Zone: http://www.mininova.org
    O15 - Trusted Zone: http://www.orange.co.uk
    O15 - Trusted Zone: http://www.sonyericsson.com
    O15 - Trusted Zone: http://www.youtube.com
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 4962 bytes
  8. 2008-06-18, 19:40 #8
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Yes. Please run Kaspersky online scanner and post back its report
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  9. 2008-06-19, 13:34 #9
    Danzeman
    Danzeman is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Default

    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, June 19, 2008
    Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, June 19, 2008 08:17:29
    Records in database: 879366


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\
    K:\

    Scan statistics
    Files scanned 133189
    Threat name 7
    Infected objects 14
    Suspicious objects 0
    Duration of the scan 02:35:07

    File name Threat name Threats count
    C:\QooBox\Quarantine\C\Windows\System32\ahmwfljp.dll.vir Infected: Trojan.Win32.Monder.qf 1

    C:\QooBox\Quarantine\C\Windows\System32\ccsucnag.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

    C:\QooBox\Quarantine\C\Windows\System32\cgrfoicv.dll.vir Infected: Trojan.Win32.Monder.qf 1

    C:\QooBox\Quarantine\C\Windows\System32\fypwrqjm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1

    C:\QooBox\Quarantine\C\Windows\System32\joggxjix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1

    C:\QooBox\Quarantine\C\Windows\System32\lyoefeqb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytd 1

    C:\QooBox\Quarantine\C\Windows\System32\opnkjGab.dll.vir Infected: Trojan.Win32.Monder.gen 1

    C:\QooBox\Quarantine\C\Windows\System32\sxngbjeb.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

    C:\QooBox\Quarantine\C\Windows\System32\tijblfcx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ytd 1

    C:\QooBox\Quarantine\C\Windows\System32\vatbppkw.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

    C:\QooBox\Quarantine\C\Windows\System32\yaywwWqN.dll.vir Infected: Trojan.Win32.Monder.gen 1

    C:\Users\Dan\Desktop\Azureus\WORKING CA Antivirus 2008 Cracked\Crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tso 1

    C:\Users\Dan\Desktop\Azureus\WORKING CA Antivirus 2008 Cracked\na_av_32_en.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tso 1

    C:\Users\Dan\Desktop\Utilities\azureus\Azureus_2.4.0.2_Win32.setup.exe Infected: not-a-virus:AdWare.Win32.Webdir.e 1

    The selected area was scanned.


    Hmm looks like my Antivirus has it? thats Ironic lol....
  10. 2008-06-19, 16:41 #10
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    I don't see it ironic if cracked, illegal software contains malware.

    Delete C:\Users\Dan\Desktop\Azureus\WORKING CA Antivirus 2008 Cracked folder.


    If the protection software you have currently installed is cracked, illegal copy I instruct you to uninstall it now. There are free, competitive alternatives available.

    Good free antivirus programs are:
    Antivir
    Avast! and
    AVG Free Antivirus.



    After all this reboot and post a fresh hjt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules