Results 1 to 2 of 2

Thread: how can I remove virtumonde.generic

  1. 2009-02-11, 19:54 #1
    merick vega
    merick vega is offline
    Junior Member
    Join Date
    Feb 2009
    Posts
    2

    Default how can I remove virtumonde.generic

    I started having some issues with popups and slow responding apps a few weeks ago on my Windows 2003 server at home. This isn't a professional server by anymeans, I simply use it as a file server for storing pictures/music and downloading torrents from time to time. I have been able to remove some items that appeared to be spyware, but virtumonde.generic just won't go away.

    Any help is appreciated, here is my hjt log.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:43:54 PM, on 2/11/2009
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\DynDNS Updater\DynUpSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServear.exe
    C:\Program Files\DynDNS Updater\DynTray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/hardAdmin.htm
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: {9449} - {f46b8e2b-fc39-4bc7-bfa2-5d481a42aeca} - C:\WINDOWS\system32\jyvwujhi.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [yaboporasu] Rundll32.exe "C:\WINDOWS\system32\japiyute.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [A00F20BDA923.exe] C:\WINDOWS\TEMP\_A00F20BDA923.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F25DB91AF.exe] C:\WINDOWS\TEMP\_A00F25DB91AF.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F263A2839.exe] C:\WINDOWS\TEMP\_A00F263A2839.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F301C8982.exe] C:\WINDOWS\TEMP\_A00F301C8982.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F242F58F.exe] C:\WINDOWS\TEMP\_A00F242F58F.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00FD15C39C.exe] C:\WINDOWS\TEMP\_A00FD15C39C.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00FF42EF4B.exe] C:\WINDOWS\TEMP\_A00FF42EF4B.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F11C295E7.exe] C:\WINDOWS\TEMP\_A00F11C295E7.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F11F6618C.exe] C:\WINDOWS\TEMP\_A00F11F6618C.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F11FC3FDD.exe] C:\WINDOWS\TEMP\_A00F11FC3FDD.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F172D1061.exe] C:\WINDOWS\TEMP\_A00F172D1061.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [A00F1BE719E9.exe] C:\WINDOWS\TEMP\_A00F1BE719E9.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [A00F20BDA923.exe] C:\WINDOWS\TEMP\_A00F20BDA923.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O15 - ESC Trusted Zone: http://my.csmauto.com
    O15 - ESC Trusted Zone: http://mozilla.isc.org
    O15 - ESC Trusted Zone: http://mozilla.jiddernet.se
    O15 - ESC Trusted Zone: http://mozilla.mirror.ac.za
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O15 - ESC Trusted Zone: http://internap.dl.sourceforge.net
    O15 - ESC Trusted Zone: http://cache1.vuze.com
    O15 - ESC Trusted Zone: http://*.windowsupdate.com
    O15 - ESC Trusted Zone: http://ftp.cse.yzu.edu.tw
    O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1104564532250
    O20 - Winlogon Notify: fccaAqnL - fccaAqnL.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

    --
    End of file - 6868 bytes
  2. 2009-02-12, 17:47 #2
    merick vega
    merick vega is offline
    Junior Member
    Join Date
    Feb 2009
    Posts
    2

    Default Please close this issue

    I've been able to resolve the issue. I ran an App called Malwarebytes' Anti-Malware and now when I scan with Spybot it finds nothing.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules