Virtumonde is killing me

[chaba]

Here are the resaults....

grg.exe deleted...

Antivirus Version Last Update Result
AhnLab-V3 2007.8.22.0 2007.08.21 -
AntiVir 7.4.1.62 2007.08.21 -
Authentium 4.93.8 2007.08.20 -
Avast 4.7.1029.0 2007.08.20 -
AVG 7.5.0.484 2007.08.20 -
BitDefender 7.2 2007.08.21 -
CAT-QuickHeal 9.00 2007.08.21 -
ClamAV 0.91 2007.08.21 -
DrWeb 4.33 2007.08.21 -
eSafe 7.0.15.0 2007.08.20 -
eTrust-Vet 31.1.5076 2007.08.21 HTML/Mallar
Ewido 4.0 2007.08.21 -
FileAdvisor 1 2007.08.21 -
Fortinet 2.91.0.0 2007.08.21 -
F-Prot 4.3.2.48 2007.08.20 -
F-Secure 6.70.13030.0 2007.08.21 Net-Worm.Win32.Allaple.a
Ikarus T3.1.1.12 2007.08.21 -
Kaspersky 4.0.2.24 2007.08.21 Net-Worm.Win32.Allaple.a
McAfee 5101 2007.08.20 W32/RAHack!htm
Microsoft 1.2803 2007.08.21 Virus:HTML/Allaple.A
NOD32v2 2473 2007.08.21 Win32/Allaple.Gen
Norman 5.80.02 2007.08.21 -
Panda 9.0.0.4 2007.08.21 HTML/Instancob.A
Rising 19.37.12.00 2007.08.21 -
Sophos 4.20.0 2007.08.21 -
Sunbelt 2.2.907.0 2007.08.21 -
Symantec 10 2007.08.21 -
TheHacker 6.1.8.171 2007.08.21 W32/NetApple
VBA32 3.12.2.2 2007.08.21 -
VirusBuster 4.3.26:9 2007.08.21 -
Webwasher-Gateway 6.0.1 2007.08.21 -

 

[Shaba]

Hi

Ok, those all are bad.

You might need to uninstall & re-install some programs.

You also have windows cd (you may need repair installation as some windows own html files has been replaced)?

 

[chaba]

Huh...
I do have some Windows CDs but I installed wersion is SP1 profesional and I have SP2 profesional and SP1 Home edition...
Noobs from which my company bought PC didnt gave any CDs to them so I gues I am forced to find SP1 Profesional edition?

 

[Shaba]

Hi

Well some windows help html files have been replaced.

If you don't need them, I just can give you a list of those which needs to be deleted.

 

[chaba]

How could I know if i need them?
And is it possible to copy these files from another, healthy, PC?

 

[Shaba]

Hi

Yes, it is

Check kaspersky report and copy all infected html in this directory from clean pc to that one.

C:\WINDOWS\PCHealth\HelpCtr

Also these if found:

C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Citrus Punch.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Clear Day.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Fiesta.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Glacier.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Ivy.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Leaves.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Maize.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Nature.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Network Blitz.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Pie Charts.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Sunflower.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Sweets.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Technical.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\WINDOWS\Web\tip.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\WINDOWS\Help\ciadmin.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\Microsoft Office\OFFICE11\1033\TOUR.HTM Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\MSN\MSNCoreFiles\msnread.htm Infected: Net-Worm.Win32.Allaple.a skipped
C:\Program Files\NetMeeting\netmeet.htm Infected: Net-Worm.Win32.Allaple.a skipped

Uninstall & re-install these programs:

FileMaker Pro 6
CyberLink PowerDVD
Adobe Photoshop CS

Empty these folders:

C:\Documents and Settings\nm\Application Data\Opera\Opera\profile\cache4\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
C:\QooBox\Quarantine\
C:\VundoFix Backups\

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

 

[chaba]

Huh

Filemaker is main problem. I do not have installation of FileMaker client nor server, and both are runing on my PC, and are very important for my job. If I had these I would format my PC and make it all much easier...

For time being PC is working ok, bitt slopy but I can survive with this. As soon I get installation of these programs I am going to format it.

Tnx once again for all your help.

 

[Shaba]

Hi

Well perform then other deletions and skip Filemaker.

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.