Results 1 to 2 of 2

Thread: Virtumonde / browser re-direct

  1. #1
    Junior Member
    Join Date
    Apr 2009

    Default Virtumonde / browser re-direct

    Hi malware experts,

    A couple of weeks ago my machine managed to contract Virtumonde. Spybot found it, and I thought it had fixed it, but things got messed up and I ended up re-installing Windows XP (not re-formatting the drive, just re-installing Windows over the existing installation).

    Firefox is now still re-directing links, though Spybot seems not to be detecting any malware.

    On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:

    GooredFix v1.92 by jpshortstuff
    Log created at 21:34 on 27/04/2009 running Option #1 (Jordan)
    Firefox version 3.0.10 (en-US)

    =====Suspect Goored Entries=====

    C:\Program Files\Mozilla Firefox\extensions\{FC3F3D2E-3D12-4B1B-ABA6-1C8D147538F4}

    C:\Program Files\Mozilla Firefox\extensions\{F4B69F1A-E106-4E65-9EAC-87EB6F4B9E55}

    C:\Program Files\Mozilla Firefox\extensions\{BAA8552A-EF5B-48B1-AE59-875512122F00}

    C:\Program Files\Mozilla Firefox\extensions\{B8558E8C-872E-4CAD-B882-7657AB551B9A}

    C:\Program Files\Mozilla Firefox\extensions\{A313C5BF-1E66-48DD-AB09-412E65A9E0BD}

    C:\Program Files\Mozilla Firefox\extensions\{A1E3E976-79AD-484C-B7E7-5A57FC31E75B}

    C:\Program Files\Mozilla Firefox\extensions\{96EC986A-43B1-4688-91A5-BA8366552E31}

    C:\Program Files\Mozilla Firefox\extensions\{6A1A26F3-E35A-4D4D-9963-4AA1D16A4AF4}

    C:\Program Files\Mozilla Firefox\extensions\{65B977A9-9E41-4BC0-B58D-529BB5C8E930}

    C:\Program Files\Mozilla Firefox\extensions\{46E12999-66C5-43BB-8C60-867FE4AE9CA0}

    C:\Program Files\Mozilla Firefox\extensions\{3EF098FD-9332-4B09-B99C-CC3E4A52A823}

    C:\Program Files\Mozilla Firefox\extensions\{3E4308E2-495B-4D82-9FA8-E7B71F4CC431}

    C:\Program Files\Mozilla Firefox\extensions\{1E12D67B-D47B-446E-993B-E4F58A97D499}

    C:\Program Files\Mozilla Firefox\extensions\{16C9BA60-A6A4-4522-AF8A-3AED15DBB96E}

    C:\Program Files\Mozilla Firefox\extensions\{0980978C-8D90-41D5-9D3D-11C76D7BA576}

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins"="C:\Program Files\Mozilla Firefox\plugins"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components"="C:\Program Files\Mozilla Firefox\components"

    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

    Thanks very much in advance for your assistance...


  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005


    Hello JordanW,
    Quote Originally Posted by JordanW View Post
    On the advice of several other threads here I DLed and ran Goored.exe, which gives the following log file:
    Please read this forum's stickied FAQs and start a new topic.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Do NOT run 'FIXES' before helpers have analyzed the HJT log

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts