Question about suspected file...

[Chaos31]

Hey guys,

So I was a victim of Virtumonde and finally got it cleaned off, ran ton of scans afterwords including with Spybot S&D and came up with no threats. Everything is running fine again too.

Now I went into my task manager and rundll32.exe is currently running....when I had Virtumonde this was associated with it.

Should I be alarmed and do something, if so what? Or should I not worry about it?

Ever since I ran a ton of scans and they found nothing I haven't done any system restores or anything either, but everything is currently running 100% fine compared to when I had Virtumonde.

Thanks,

David

 

[tashi]

Hi there,

You did not mention your operating system or the path to rundll32.exe.

However this link should help explain.

http://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/

Cheers.

 

[Chaos31]

Oops sorry I forgot that.

OS: Windows XP Home Edition SP3

As for path I don't know it offhand I'll figure it out and read your link.

 

[Chaos31]

Sorry to double post, here's what I grabbed off it.

Path: C:\WINDOWS\system32\rundll32.exe

Command Line: C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\awtTkigD.dll",ShellPath

Current Directory: C:\WINDOWS\SYSTEM32\

Parent: svchost.exe(1516)
===============

 

[Chaos31]

anybody?

 

[tashi]

Hi there,

C:\WINDOWS\system32\awtTkigD.dll",ShellPath

Did you copy that exactly?

Apprantly awt.dll is a Java(TM) 2 Platform Standard Edition binary, but "awtTkigD.dll" and "awtTkigD.dll",ShellPath is unconventional.

 

[Chaos31]

Yes I copied as it appeared.

 

[tashi]

Hello Chaos31,

That entry could be a vundo file, either leftover or live. I will send you to the malware removal forum so they can see a log.

But first, which tools did you use aside from Spybot-S&D when you tried to clean the infection, and do you have old versions of Sun Java on that computer?

Sun Microsystems~Java. Security vunerability in older versions left on system

Best regards.

 

[Chaos31]

Nope I made sure to update my Java.

I used:
-ATF Cleaner
-Malwarebytes' Anti-Malware
-VundoFix
-SysRestorePoint (Just to make backup encase)
-erunt (Just to make system restore point encase)

 

[tashi]

Hi

As it could prove difficult to know what is going on without seeing the entire picture, please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Then start your own thread in the Malware Removal Forum where a helper will advise you as soon as available.

Cheers.