Virtumonde.dll and Virtumonde.prx

I couldn't find a file called explorer.exe, but I did find a file called "KB938828"

Results for C:\WINDOWS\KB938828:

A-Squared Win32.SuspectCrc!IK

Ikarus Win32.SuspectCrc


The other files I can't find.
 
Please copy/paste file paths to jotti Upload a file box; they all should be there.

For example:

Copy/paste this to Upload a file box and click submit:

C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

And redo same procedure with other files.
 
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
Shaba said:
Please copy/paste file paths to jotti Upload a file box; they all should be there.

For example:

Copy/paste this to Upload a file box and click submit:

C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

And redo same procedure with other files.
Click to expand...

It won't work. When I try to paste this path into the upload box, the text won't appear. Nothing happens.
 
OK, let's try this:

Copy each of these files to some folder (not c:\windows, only one in each folder) and try to upload them again, please.

C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
Thing is that I can't find any files in C:\WINDOWS with any of those three names.

Maybe I have an option to hide those files?
 
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
Results for C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe:

A-Squared Trojan.BAT.Delfiles.by!IK
AntiVir BDS/Delfiles.BY.1
Avast BV:Malware-gen
ClamAV Trojan.BAT.Delfiles-8
CPsecure Troj.BAT.DelFiles.by
F-Secure Anti-Virus Trojan.BAT.DelFiles.by
G DATA BV:Malware-gen
Ikarus Trojan.BAT.Delfiles.by
Kaspersky Anti-Virus Trojan.BAT.DelFiles.by

Results for C:\WINDOWS\$NtServicePackUninstall$\explorer.exe:

VBA32 Found Worm.Win32.Huhk.c


A-Squared Trojan.Dmservinf.A!IK
AntiVir TR/Patched.BU
BitDefender Trojan.Dmservinf.A
F-Prot Antivirus W32/Patched.F.gen!Eldorado
G DATA Trojan.Dmservinf.A
Ikarus Trojan.Dmservinf.A
NOD32 Win32/Patched.BU

Results for C:\WINDOWS\$NtUninstallKB938828$\explorer.exe :

Ikarus Trojan-Downloader.Agent.18432.E
A-Squared Trojan-Downloader.Agent.18432.E!IK
AntiVir TR/Dldr.Agent.18432.E




There ya go^^
 
So it looks like that they are all infected.

Go to start - run

Type sfc /scannow and click ok.

Insert windows CD on if asked.

Re-run combofix and post back a fresh combofix log, please.
 
Well as it looks like that all your copies of explorer.exe are infected we need a clean copy and clean copy can be found from CD.
 
Oh... and there's no other way of getting rid of these infections?

Oh well... I guess I'll have to search like crazy, but I'm 90% sure I won't find it:(
 
We need some windows XP CD.

If you can't find yours, you can borrow the one from your friend for example.
 
Yeah okay sure, I'll get ahold of an xp cd as soon as possible and get back to you. Just don't close this thread unless 5 days pass without a reply, which won't happen;p
 
You must log in or register to reply here.
Back
Top