Results 1 to 2 of 2

Thread: Virtumonde / browser re-direct

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default Virtumonde / browser re-direct

    Hi malware experts,

    A couple of weeks ago my machine managed to contract Virtumonde. Spybot found it, and I thought it had fixed it, but things got messed up and I ended up re-installing Windows XP (not re-formatting the drive, just re-installing Windows over the existing installation).

    Firefox is now still re-directing links, though Spybot seems not to be detecting any malware.

    On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:

    GooredFix v1.92 by jpshortstuff
    Log created at 21:34 on 27/04/2009 running Option #1 (Jordan)
    Firefox version 3.0.10 (en-US)

    =====Suspect Goored Entries=====

    C:\Program Files\Mozilla Firefox\extensions\{FC3F3D2E-3D12-4B1B-ABA6-1C8D147538F4}

    C:\Program Files\Mozilla Firefox\extensions\{F4B69F1A-E106-4E65-9EAC-87EB6F4B9E55}

    C:\Program Files\Mozilla Firefox\extensions\{BAA8552A-EF5B-48B1-AE59-875512122F00}

    C:\Program Files\Mozilla Firefox\extensions\{B8558E8C-872E-4CAD-B882-7657AB551B9A}

    C:\Program Files\Mozilla Firefox\extensions\{A313C5BF-1E66-48DD-AB09-412E65A9E0BD}

    C:\Program Files\Mozilla Firefox\extensions\{A1E3E976-79AD-484C-B7E7-5A57FC31E75B}

    C:\Program Files\Mozilla Firefox\extensions\{96EC986A-43B1-4688-91A5-BA8366552E31}

    C:\Program Files\Mozilla Firefox\extensions\{6A1A26F3-E35A-4D4D-9963-4AA1D16A4AF4}

    C:\Program Files\Mozilla Firefox\extensions\{65B977A9-9E41-4BC0-B58D-529BB5C8E930}

    C:\Program Files\Mozilla Firefox\extensions\{46E12999-66C5-43BB-8C60-867FE4AE9CA0}

    C:\Program Files\Mozilla Firefox\extensions\{3EF098FD-9332-4B09-B99C-CC3E4A52A823}

    C:\Program Files\Mozilla Firefox\extensions\{3E4308E2-495B-4D82-9FA8-E7B71F4CC431}

    C:\Program Files\Mozilla Firefox\extensions\{1E12D67B-D47B-446E-993B-E4F58A97D499}

    C:\Program Files\Mozilla Firefox\extensions\{16C9BA60-A6A4-4522-AF8A-3AED15DBB96E}

    C:\Program Files\Mozilla Firefox\extensions\{0980978C-8D90-41D5-9D3D-11C76D7BA576}

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins"="C:\Program Files\Mozilla Firefox\plugins"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components"="C:\Program Files\Mozilla Firefox\components"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

    Thanks very much in advance for your assistance...

    JordanW

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Hello JordanW,
    Quote Originally Posted by JordanW View Post
    On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:
    Please read this forum's stickied FAQs and start a new topic.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'FIXES' before helpers have analyzed the HJT log

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •