Possible Virtumonde (rundll32.dll)

hi Chaos31,

all looks ok to me. you can disable spy bots tea timer first, like before then use hjt to clean up some entries;

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

O2 - BHO: (no name) - {633403C4-C9FC-4B7F-A63A-C5DA04584BBD} - (no file)

O2 - BHO: (no name) - {1259A6F0-3157-498F-9298-627B4DE752E9} - (no file)

O2 - BHO: (no name) - {633403C4-C9FC-4B7F-A63A-C5DA04584BBD} - (no file)

O2 - BHO: (no name) - {77D7E795-33C5-4323-974D-A2A49AB75517} - (no file)

O2 - BHO: (no name) - {E23C886E-D254-48C6-BED1-CC27B86FE423} - (no file)

O2 - BHO: (no name) - {E6EBC07B-F339-4BF7-AF48-3BE949704DDC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
---------------------------------------------
re-enable spybots tea timer.

I notice you have two services running as google updaters, while this is possible with all the google applications out there lets get them checked out while we are at it.

first see if you can spot them in there present locations;

one is here:
C:\Program Files\Google\Update\GoogleUpdate.exe

the other:
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

if found you can go to the website below, browse for them again and then upload them one by one using the send button. You can post the results from the scan in your reply.

http://www.virustotal.com/
 
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

a-squared 4.0.0.73 2009.01.10 -
AhnLab-V3 2009.1.10.0 2009.01.10 -
AntiVir 7.9.0.54 2009.01.10 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.10 -
AVG 8.0.0.229 2009.01.10 -
BitDefender 7.2 2009.01.10 -
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.10 -
Comodo 910 2009.01.10 -
DrWeb 4.44.0.09170 2009.01.10 -
eSafe 7.0.17.0 2009.01.08 -
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.10 -
F-Secure 8.0.14470.0 2009.01.10 -
Fortinet 3.117.0.0 2009.01.10 -
GData 19 2009.01.10 -
Ikarus T3.1.1.45.0 2009.01.10 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.10 -
McAfee 5491 2009.01.10 -
McAfee+Artemis 5491 2009.01.10 -
Microsoft 1.4205 2009.01.10 -
NOD32 3756 2009.01.10 -
Norman 5.99.02 2009.01.09 -
Panda 9.4.3.3 2009.01.10 -
PCTools 4.4.2.0 2009.01.10 -
Prevx1 V2 2009.01.10 -
Rising 21.11.52.00 2009.01.10 -
SecureWeb-Gateway 6.7.6 2009.01.10 -
Sophos 4.37.0 2009.01.10 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.10 -
TheHacker 6.3.1.4.217 2009.01.10 -
TrendMicro 8.700.0.1004 2009.01.09 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.10.1553 2009.01.10 -
VirusBuster 4.5.11.0 2009.01.10 -


C:\Program Files\Google\Update\GoogleUpdate.exe

a-squared 4.0.0.73 2009.01.10 -
AhnLab-V3 2009.1.10.0 2009.01.10 -
AntiVir 7.9.0.54 2009.01.10 -
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.10 -
AVG 8.0.0.229 2009.01.10 -
BitDefender 7.2 2009.01.10 -
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.10 -
Comodo 910 2009.01.10 -
DrWeb 4.44.0.09170 2009.01.10 -
eSafe 7.0.17.0 2009.01.08 -
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.10 -
F-Secure 8.0.14470.0 2009.01.10 -
Fortinet 3.117.0.0 2009.01.10 -
GData 19 2009.01.10 -
Ikarus T3.1.1.45.0 2009.01.10 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.10 -
McAfee 5491 2009.01.10 -
McAfee+Artemis 5491 2009.01.10 -
Microsoft 1.4205 2009.01.10 -
NOD32 3756 2009.01.10 -
Norman 5.99.02 2009.01.09 -
Panda 9.4.3.3 2009.01.10 -
PCTools 4.4.2.0 2009.01.10 -
Prevx1 V2 2009.01.10 -
Rising 21.11.52.00 2009.01.10 -
SecureWeb-Gateway 6.7.6 2009.01.10 -
Sophos 4.37.0 2009.01.10 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.10 -
TheHacker 6.3.1.4.217 2009.01.10 -
TrendMicro 8.700.0.1004 2009.01.09 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.10.1553 2009.01.10 -
VirusBuster 4.5.11.0 2009.01.10 -
 
hi Chaos31,

ok I am satisfied. Looks good to me.

you can check your java version;

Vulnerabilities in versions of Sun Java may be responsible for some malware installs via your browser.

It is important to keep Sun Java up to date and also to remove older versions.

* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.

to check if you have the latest version of Java and to download the latest version:

http://www.java.com/en/download/help/testvm.xml?ff3

if all is good-- some info for you:

Reducing Your Risk To Malware:
The Short Version:

1) Keep your OS,(Windows) browser (IE, FireFox) and other Software up to date to "patch" vulnerabilities. Always install Service Packs.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons.You may be installing more than you think.

3) Install and keep them all updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install a third party software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer.

10) If your habits include: warez, cracks etc or you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.
 
I appreciate it a lot, only 1 question.

rundll32.exe is still running after a certain time, I know that's not always an issue, but everytime it does start up your here the windows noise when you do something it doesn't like, that single "doo" sound...haha.

As long as it looks all good to you I have no problems at all, just wanted to double check.

Appreciate the help!
 
You must log in or register to reply here.
Back
Top