virtumonde nightmare
- Thread starter pdragonfly
- Start date
pdragonfly
New member
Update
Hi,
Playing with the computer tonight.
Get Comodo error when it tries to update. Its set for every 24 hours, so not sure why I keep getting the error on start up.
Notice that when I click on My Computer the screen showing the different drives takes more time than usual to populate. And when I click on a drive, the screen opens, but it remains blank for noticable seconds.
Went to remove my usb device and the system hung up. Had to press the power button to shut down. got a run32.dl error (i think thats what it says). Reminded me of the windows 95/98 error that always seemed to pop up.
P.S. I have Search Desktop installed. Is that a bad idea security wise?
I have Communicator 2007, not yet installed. Good idea or bad security risk?
Thanks so much for all your support. Haven't turn on my backup drives yet. Am waiting until these small things get squared away.
Carol Ann
Hi,
Playing with the computer tonight.
Get Comodo error when it tries to update. Its set for every 24 hours, so not sure why I keep getting the error on start up.
Notice that when I click on My Computer the screen showing the different drives takes more time than usual to populate. And when I click on a drive, the screen opens, but it remains blank for noticable seconds.
Went to remove my usb device and the system hung up. Had to press the power button to shut down. got a run32.dl error (i think thats what it says). Reminded me of the windows 95/98 error that always seemed to pop up.
P.S. I have Search Desktop installed. Is that a bad idea security wise?
I have Communicator 2007, not yet installed. Good idea or bad security risk?
Thanks so much for all your support. Haven't turn on my backup drives yet. Am waiting until these small things get squared away.
Carol Ann
pdragonfly
New member
Log from Spybot Search and Destroy
I used one of the hosts files that you recommended as well as iespy thingy.
Haven't moved to fix this yet because I don't know what it means. Thanks.
Microsoft.Windows.RedirectedHosts: [SBI $2B3EBA10] Redirected host (Redirected host, nothing done)
www.tweakxp.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $E32642AE] Redirected host (Redirected host, nothing done)
tweakxp.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $2001F350] Redirected host (Redirected host, nothing done)
spywareguide.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DD32D4E3] Redirected host (Redirected host, nothing done)
www.spywareguide.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $18194B75] Redirected host (Redirected host, nothing done)
www.winguides.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $82639ED7] Redirected host (Redirected host, nothing done)
kephyr.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $5CF3DB61] Redirected host (Redirected host, nothing done)
auto.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $A8D07844] Redirected host (Redirected host, nothing done)
www.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $CE75F24C] Redirected host (Redirected host, nothing done)
www.lycos.de=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $9C2FF058] Redirected host (Redirected host, nothing done)
web.ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $C1DEB1AF] Redirected host (Redirected host, nothing done)
ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $25161DD4] Redirected host (Redirected host, nothing done)
www.ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4F5403B7] Redirected host (Redirected host, nothing done)
ca.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DFC12EAF] Redirected host (Redirected host, nothing done)
fr.ca.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $08E7955A] Redirected host (Redirected host, nothing done)
search.fr.msn.be=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $F50B80A9] Redirected host (Redirected host, nothing done)
search.fr.msn.ch=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $477BD96B] Redirected host (Redirected host, nothing done)
search.latam.yupimsn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $39FDAD3D] Redirected host (Redirected host, nothing done)
search.msn.at=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $438C2261] Redirected host (Redirected host, nothing done)
search.msn.be=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BE603792] Redirected host (Redirected host, nothing done)
search.msn.ch=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $00060CF0] Redirected host (Redirected host, nothing done)
search.msn.co.in=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BCF5B079] Redirected host (Redirected host, nothing done)
search.msn.co.jp=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $879B965F] Redirected host (Redirected host, nothing done)
search.msn.co.kr=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $C35870D1] Redirected host (Redirected host, nothing done)
search.msn.com.br=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $A73AA8FE] Redirected host (Redirected host, nothing done)
search.msn.com.hk=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $80ADC0A3] Redirected host (Redirected host, nothing done)
search.msn.com.my=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $E156EFD9] Redirected host (Redirected host, nothing done)
search.msn.com.sg=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $17297CC0] Redirected host (Redirected host, nothing done)
search.msn.com.tw=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $02A1BE5F] Redirected host (Redirected host, nothing done)
search.msn.co.za=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4DF09EE4] Redirected host (Redirected host, nothing done)
search.msn.de=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $0CD46672] Redirected host (Redirected host, nothing done)
search.msn.dk=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $12C70670] Redirected host (Redirected host, nothing done)
search.msn.es=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DD3C9D36] Redirected host (Redirected host, nothing done)
search.msn.fi=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $7FE71051] Redirected host (Redirected host, nothing done)
search.msn.fr=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $2EAC0331] Redirected host (Redirected host, nothing done)
search.msn.it=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $3EC3DFB6] Redirected host (Redirected host, nothing done)
search.msn.nl=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $6D598432] Redirected host (Redirected host, nothing done)
search.msn.no=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $827DC898] Redirected host (Redirected host, nothing done)
search.msn.se=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4796A803] Redirected host (Redirected host, nothing done)
search.t1msn.com.mx=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BFE49B6B] Redirected host (Redirected host, nothing done)
search.xtramsn.co.nz=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $07C530A7] Redirected host (Redirected host, nothing done)
search.yupimsn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $FB615B6E] Redirected host (Redirected host, nothing done)
uk.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $09B7EB51] Redirected host (Redirected host, nothing done)
www.lycos.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DC0EA1A3] Redirected host (Redirected host, nothing done)
rads.mcafee.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $D2E18D43] Redirected host (Redirected host, nothing done)
www14.bancobrasil.com.br=127.0.0.1
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-13 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-03 Includes\Adware.sbi (*)
2008-06-10 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-10 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-04 Includes\Hijackers.sbi (*)
2008-06-03 Includes\HijackersC.sbi (*)
2008-06-03 Includes\Keyloggers.sbi (*)
2008-06-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-06-03 Includes\Malware.sbi (*)
2008-06-11 Includes\MalwareC.sbi (*)
2008-06-03 Includes\PUPS.sbi (*)
2008-06-10 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-06-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-03 Includes\Spyware.sbi (*)
2008-06-03 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi (*)
2008-06-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I used one of the hosts files that you recommended as well as iespy thingy.
Haven't moved to fix this yet because I don't know what it means. Thanks.
Microsoft.Windows.RedirectedHosts: [SBI $2B3EBA10] Redirected host (Redirected host, nothing done)
www.tweakxp.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $E32642AE] Redirected host (Redirected host, nothing done)
tweakxp.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $2001F350] Redirected host (Redirected host, nothing done)
spywareguide.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DD32D4E3] Redirected host (Redirected host, nothing done)
www.spywareguide.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $18194B75] Redirected host (Redirected host, nothing done)
www.winguides.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $82639ED7] Redirected host (Redirected host, nothing done)
kephyr.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $5CF3DB61] Redirected host (Redirected host, nothing done)
auto.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $A8D07844] Redirected host (Redirected host, nothing done)
www.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $CE75F24C] Redirected host (Redirected host, nothing done)
www.lycos.de=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $9C2FF058] Redirected host (Redirected host, nothing done)
web.ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $C1DEB1AF] Redirected host (Redirected host, nothing done)
ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $25161DD4] Redirected host (Redirected host, nothing done)
www.ask.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4F5403B7] Redirected host (Redirected host, nothing done)
ca.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DFC12EAF] Redirected host (Redirected host, nothing done)
fr.ca.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $08E7955A] Redirected host (Redirected host, nothing done)
search.fr.msn.be=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $F50B80A9] Redirected host (Redirected host, nothing done)
search.fr.msn.ch=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $477BD96B] Redirected host (Redirected host, nothing done)
search.latam.yupimsn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $39FDAD3D] Redirected host (Redirected host, nothing done)
search.msn.at=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $438C2261] Redirected host (Redirected host, nothing done)
search.msn.be=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BE603792] Redirected host (Redirected host, nothing done)
search.msn.ch=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $00060CF0] Redirected host (Redirected host, nothing done)
search.msn.co.in=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BCF5B079] Redirected host (Redirected host, nothing done)
search.msn.co.jp=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $879B965F] Redirected host (Redirected host, nothing done)
search.msn.co.kr=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $C35870D1] Redirected host (Redirected host, nothing done)
search.msn.com.br=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $A73AA8FE] Redirected host (Redirected host, nothing done)
search.msn.com.hk=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $80ADC0A3] Redirected host (Redirected host, nothing done)
search.msn.com.my=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $E156EFD9] Redirected host (Redirected host, nothing done)
search.msn.com.sg=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $17297CC0] Redirected host (Redirected host, nothing done)
search.msn.com.tw=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $02A1BE5F] Redirected host (Redirected host, nothing done)
search.msn.co.za=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4DF09EE4] Redirected host (Redirected host, nothing done)
search.msn.de=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $0CD46672] Redirected host (Redirected host, nothing done)
search.msn.dk=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $12C70670] Redirected host (Redirected host, nothing done)
search.msn.es=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DD3C9D36] Redirected host (Redirected host, nothing done)
search.msn.fi=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $7FE71051] Redirected host (Redirected host, nothing done)
search.msn.fr=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $2EAC0331] Redirected host (Redirected host, nothing done)
search.msn.it=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $3EC3DFB6] Redirected host (Redirected host, nothing done)
search.msn.nl=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $6D598432] Redirected host (Redirected host, nothing done)
search.msn.no=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $827DC898] Redirected host (Redirected host, nothing done)
search.msn.se=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $4796A803] Redirected host (Redirected host, nothing done)
search.t1msn.com.mx=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $BFE49B6B] Redirected host (Redirected host, nothing done)
search.xtramsn.co.nz=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $07C530A7] Redirected host (Redirected host, nothing done)
search.yupimsn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $FB615B6E] Redirected host (Redirected host, nothing done)
uk.search.msn.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $09B7EB51] Redirected host (Redirected host, nothing done)
www.lycos.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $DC0EA1A3] Redirected host (Redirected host, nothing done)
rads.mcafee.com=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $D2E18D43] Redirected host (Redirected host, nothing done)
www14.bancobrasil.com.br=127.0.0.1
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-13 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-03 Includes\Adware.sbi (*)
2008-06-10 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-10 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-04 Includes\Hijackers.sbi (*)
2008-06-03 Includes\HijackersC.sbi (*)
2008-06-03 Includes\Keyloggers.sbi (*)
2008-06-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-06-03 Includes\Malware.sbi (*)
2008-06-11 Includes\MalwareC.sbi (*)
2008-06-03 Includes\PUPS.sbi (*)
2008-06-10 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-06-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-03 Includes\Spyware.sbi (*)
2008-06-03 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi (*)
2008-06-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Hi
You can fix those Spybot findings.
I think your hard drive may have hardware problem. I recommend to defrag hard drive(s) and then run scandisk according to this set of instructions. Repeat for all hard drives separately.
I don't think there's anything bad with Search Desktop (I don't have one installed though). What Communicator 2007 are you talking about? Microsoft Office Communicator 2007 or something else?
You can fix those Spybot findings.
I think your hard drive may have hardware problem. I recommend to defrag hard drive(s) and then run scandisk according to this set of instructions. Repeat for all hard drives separately.
I don't think there's anything bad with Search Desktop (I don't have one installed though). What Communicator 2007 are you talking about? Microsoft Office Communicator 2007 or something else?
pdragonfly
New member
Smooth
Hi,
I've been using the system and all seems to be going smoothly.
Followed your suggestions and they all helped.
Will follow-up more closely in a few days. Real life tragedies got in the way this week. I'll take these computer nightmares over the one's going on right now in the real world.
Thanks so much for all your help and support. Couldn't have done it without you!
Carol Ann
P.S. Its Microsoft Communicator 2007. Didn't install it. Did uninstall desktop search, because I really don't search all too much. Know where I put most things.
Hi,
I've been using the system and all seems to be going smoothly.
Followed your suggestions and they all helped.
Will follow-up more closely in a few days. Real life tragedies got in the way this week. I'll take these computer nightmares over the one's going on right now in the real world.
Thanks so much for all your help and support. Couldn't have done it without you!
Carol Ann
P.S. Its Microsoft Communicator 2007. Didn't install it. Did uninstall desktop search, because I really don't search all too much. Know where I put most things.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. 
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.