Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Keylogger and Virtuamonde problems!


  • This topic is locked This topic is locked
No replies to this topic

#1 quazar257

quazar257

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 16 December 2007 - 07:05 AM

I have been fighting an ongoing (3 months problem) with a keylogger and Virtuamonde. All my bank, and email account information has been hacked and I have a huge ID theft "war" because of Myspace IM It was from there, that an attack was issued... DoS, virusus, they even disabled my Zonealarm. What ever is on here is very nasty. Steps I have taken, Spybot-- no results, Ad-aware was sabotaged, Spysweeper retail -- found "potentially rootkit masked files" but couldnt delete them even in safe mode 7 attempts, Zone alarm has logged 6652 attempts. I then tried Avg rootkit scanner it found one, F-secure Blacklight came up with nothing, lastly I tried Hijack this that lead me here. Now the problem I face is windows trying to access the Internet even with my cable modem off and ever changing services, every reboot is something different. I come to you guys now as my last resort, I ordinarily would have just format reinstall, (I'm a former Dell Tech) but don't have a 2000 OS disk and I have (whats left of) crucial information on here. Can someone help, please? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:57:18 PM, on 12/16/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\lxdicoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\stisvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\System32\mspmspsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {E1E01967-151D-46D4-A82C-DE74E7DC631C} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LXDICATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813 O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204 O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132637024757 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195539846114 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall....ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12A15C79-E0B1-4B22-80AA-A6B6336FA643}: NameServer = 128.252.238.68,128.252.120.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{12A15C79-E0B1-4B22-80AA-A6B6336FA643}: NameServer = 128.252.238.68,128.252.120.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{12A15C79-E0B1-4B22-80AA-A6B6336FA643}: NameServer = 128.252.238.68,128.252.120.1 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O24 - Desktop Component 0: (no name) - http://by24fd.bay24....ain=hotmail.com O24 - Desktop Component 1: (no name) - http://by24fd.bay24....ain=hotmail.com -- End of file - 6683 bytes *** new info Zonealarm also picked this up 3 times OSFW,2007/12/15,20:53:32 -6:00 GMT,BLOCKED,Internet Explorer,C:\Program Files\Internet Explorer\IEXPLORE.EXE,EXECUTION,GLOBALWINDOWSHOOK,SRC

Edited by quazar257, 18 December 2007 - 05:33 PM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users