Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Just Removed Virtumonde

Started by bobapunk , Aug 25 2007 09:33 AM

  • This topic is locked This topic is locked
No replies to this topic

#1 bobapunk

bobapunk

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 25 August 2007 - 09:33 AM

Following the selfhelp, I removed Virtumonde from my system using Ad-Aware and VundoFix. After running VundoFix, Ad-Aware still came up with a Regitry entry from Virtumonde, It was something like HKLM/Software/Microsoft/MSSMGR; I just went in Regedit and deleted the whole entry. Now Ad-Aware scans out clean. Here is the current HJT: Logfile of HijackThis v1.99.1 Scan saved at 10:29:18 AM, on 8/25/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: E:\WINNT\System32\smss.exe E:\WINNT\system32\winlogon.exe E:\WINNT\system32\services.exe E:\WINNT\system32\lsass.exe E:\WINNT\system32\Ati2evxx.exe E:\WINNT\system32\svchost.exe E:\WINNT\system32\spoolsv.exe F:\AdAware2007\aawservice.exe E:\WINNT\System32\svchost.exe E:\WINNT\system32\hidserv.exe E:\WINNT\system32\regsvc.exe E:\WINNT\system32\MSTask.exe E:\WINNT\system32\stisvc.exe E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe E:\WINNT\system32\ZoneLabs\vsmon.exe E:\WINNT\System32\WBEM\WinMgmt.exe E:\WINNT\system32\svchost.exe E:\WINNT\system32\Ati2evxx.exe E:\WINNT\Explorer.EXE E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE E:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\WINNT\system32\ctfmon.exe F:\Zone Labs\ZoneAlarm\zapro.exe E:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\Internet Explorer\iexplore.exe F:\Hijack This\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - f:\adobe\acrobat\Acrobat\ActiveX\pdf.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] E:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: ZoneAlarm Pro.lnk = F:\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O20 - Winlogon Notify: WgaLogon - E:\WINNT\ O20 - Winlogon Notify: wingfl32 - E:\WINNT\SYSTEM32\wingfl32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\AdAware2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - E:\WINNT\system32\ZoneLabs\vsmon.exe FYI, I have 2 posts on here, they are for 2 different PCs, this one in mine, the other is a friends. Need your expertise on both. Thanks!

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·