virumond.sdn & sci
- Thread starter ddjw4
- Start date
- Status
here's mbam!!!
Malwarebytes' Anti-Malware 1.41
Database version: 2974
Windows 5.1.2600 Service Pack 3
10/17/2009 8:56:08 AM
mbam-log-2009-10-17 (08-56-08).txt
Scan type: Quick Scan
Objects scanned: 103204
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\dmcompos32.dll (Trojan.Tracur) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b04586b8687 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\dpvvox32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmcompos32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\cryptdll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3svc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3ui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxva232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappcfg32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappgnui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec3232.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxsst32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divx_xx0732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnlobby3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpus1132.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dunzip3232.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdm32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfgbkend32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
It is running smoother!
Here's hoping the buggies have been removed!!!
Malwarebytes' Anti-Malware 1.41
Database version: 2974
Windows 5.1.2600 Service Pack 3
10/17/2009 8:56:08 AM
mbam-log-2009-10-17 (08-56-08).txt
Scan type: Quick Scan
Objects scanned: 103204
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\dmcompos32.dll (Trojan.Tracur) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b04586b8687 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01f18234-a00f-424a-84ad-69e6bbb96a88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\dpvvox32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmcompos32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\cryptdll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3svc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3ui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxva232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappcfg32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappgnui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec3232.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxsst32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divx_xx0732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnlobby3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpus1132.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dunzip3232.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdm32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfgbkend32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
It is running smoother!
Here's hoping the buggies have been removed!!!
IndiGenus
Emeritus- Malware Team
Run MalwareBytes' again and make sure nothing has returned.
I think we should also run one more scan: Eset Online Scanner
Run with Internet Explorer
I think we should also run one more scan: Eset Online Scanner
Run with Internet Explorer
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button, or click the notification bar at the top of the window and choose to install.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
mbam
Malwarebytes' Anti-Malware 1.41
Database version: 2974
Windows 5.1.2600 Service Pack 3
10/17/2009 4:06:43 PM
mbam-log-2009-10-17 (16-06-43).txt
Scan type: Quick Scan
Objects scanned: 103596
Time elapsed: 2 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
YIPPEE!!!!!!!!!!
Malwarebytes' Anti-Malware 1.41
Database version: 2974
Windows 5.1.2600 Service Pack 3
10/17/2009 4:06:43 PM
mbam-log-2009-10-17 (16-06-43).txt
Scan type: Quick Scan
Objects scanned: 103596
Time elapsed: 2 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
YIPPEE!!!!!!!!!!
IndiGenus
Emeritus- Malware Team
Good to go....
Hi,
Then if all is well then we just need to cleanup, do some updating, and some final words of wisdom.
You can remove the following tools that were used.
Root Repeal
DDS
Remove combofix as follows
~~~~~~~~~~~~~~~~~~~~~~~~~~
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to updating and using what you currently have you may want to consider the following:
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here
Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.
Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.
I'll leave the thread open a few days in case you have questions or issues.
Regards,
Dave
Hi,
Then if all is well then we just need to cleanup, do some updating, and some final words of wisdom.
You can remove the following tools that were used.
Root Repeal
DDS
Remove combofix as follows
- Click START then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Delete the following: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
~~~~~~~~~~~~~~~~~~~~~~~~~~
Upgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u16-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u15-windows-i586-p.exe and select "Run as an Administrator.")
~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to updating and using what you currently have you may want to consider the following:
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here
Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.
Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.
I'll leave the thread open a few days in case you have questions or issues.
Regards,
Dave
- Status