Home > Am I > Am I Still Infected With Virtumonde?

Am I Still Infected With Virtumonde?

Adware: VirtuMonde is an adware program that downloads and displays popup advertisements for commercial gains. VirtuMonde can delete the network connection icon in Network Places, and delete or modify a wide variety of other Windows settings, components and native applications. Please copy and paste that log back here. My regular and daily scans with MBAM come up negative and I have the paid version with protection module enabled and even have a full scan scheduled to run each day. check my blog

Actually, there were tons of posts on this virus and some incredibly long posts on how to fix the problem, but not one of them worked! You can not run or have installed 2 different Anti-Virus applications as they conflict with each other.If you want to remove the AVG then there is a document in the Self Click on the Scan for Vundo. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? https://www.bleepingcomputer.com/forums/t/227144/am-i-still-infected-with-virtumonde/

Please update and rerun malwarebytes and post its fresh log. Commands: c: cd\windows\help\mui ren accas.dll accas.old I then rebooted the computer and used Windows Defender to remove the remaining files " Robert Mansfield says: May 10, 2010 at 7:35 am I mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Microsoft a name, then click "Create".

To respond to your first post, I have turned Teatimer off since installing MBAM paid version with protection module running.I did as you said and ran Dr Web and here's what When the scan completes, click Save Report. We need that tool to run correctly.I tried Rootrepeal again and the same error message appeared.Thanks again for this help. I realise now I probably should not have done anything without you guys confirming it was the right action.

When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe & follow the prompts.If and only if you are prompted to download a new version of Combofix, reply NO .As part Of all the programs, only Microsoft's Live Safety Center (Beta) was able to detect all the infected files! https://forums.spybot.info/showthread.php?41053-I-am-Infected-Virtumonde-Please-Help In particular, VirtuMonde targets Java, and it frequently infects outdated or older versions of Java.

Share this post Link to post Share on other sites EverColorado    New Member Topic Starter Members 17 posts ID: 11   Posted February 7, 2009 Round 3 results. Hello. Edited by CoxaNL, 28 April 2009 - 12:31 PM. Am i still infected with Virtumonde?

atlarson Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 rigel rigel FD-BC BC Advisor 12,944 posts OFFLINE Gender:Male Location:South Carolina - USA Local The infected dll files will have 8-character random names, and will be in the Windows\system32 directory. Restart computer and run Windows in Safe Mode - before you see Windows logo start tapping F8 and choose Safe Mode. Detect and remove the following Virtumonde files: Processes windowsupd2.exewinhost.exequicken.exeeditpad.exenwonknu.exerasrun.exepsdrv.exesvci.exeunknown.execastlecops[1].exekopCFEWV.exennx22011.execes005dr.exeWindows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exeNero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe%SYSTEMROOT%\system32\iesvcmon.exe DLLs lspak.dllrulesak.dllcidrules.dllhrj6051se.dlljtr0079me.dllpmnno.dllgeebc.dllssttr.dllSbCIe02b.dllpmnlk.dlliifddby.dllddcbabx.dllawtqqnl.dll sstrs.dll mllkk.dll vtuspmn.dll nnnmmlk.dll cbxxywx.dll opnnljj.dllkhfcdaw.dllmljkkhf.dllsstur.dlltuvwuss.dllddcyx.dllkhfcdba.dllljjgedc.dllrqrppon.dllvtsts.dllwvursqn.dllxxyxwxv.dllssqqomk.dllpmnnm.dllddcca.dllvtsss.dllurstr.dlljkhhf.dllmllmm.dllrqron.dllbyxurqq.dllrqrssro.dllvtuts.dllmljhghe.dllsstqq.dlljiinhuyb.dllgeeby.dllawtqopm.dllbndsrsqo.dllmljjk.dllawtttqr.dllpmnlj.dllhggdefc.dllssqqn.dllssqnolm.dllgebyxuu.dlltuvvsrp.dllcbxussr.dllkhffefd.dllefcdaab.dllddcaaxu.dlltuvutus.dllnnlmn.dllhgggdbx.dllopnnlmn.dllawtqomn.dlljkhfe.dllbyxvs.dllxxyvspp.dllbyxxy.dllmljgh.dllddaya.dllssqopqo.dlliifcyab.dllefcbbcc.dllssqpq.dllopnlm.dllurqollm.dllssqpono.dllfccdbab.dllnnlif.dllddcawvv.dllpmnlmnk.dllgebabcd.dllvtutron.dlliiffgfd.dllmljiggd.dllopnnopq.dllyayxuus.dllddayy.dllddcabya.dllmljgf.dllmljighf.dllljjhgee.dllopnkjjg.dllopnlifg.dllpmnnn.dllwinsrc.dllwvwxv.dlltemlxopqgdk.dllkadpbbdr.dll%SYSTEMROOT%\system32\mlJYpQjg.dll%SYSTEMROOT%\system32\mmwotqsl.dll%SYSTEMROOT%\system32\bkcosq.dll%SYSTEMROOT%\system32\tzbgbt.dll%SYSTEMROOT%\system32\vsdfgdqx.dll%SYSTEMROOT%\system32\zpsdjn.dll%SYSTEMROOT%\system32\oaisli.dll%SYSTEMROOT%\system32\ehowpify.dll%SYSTEMROOT%\system32\ahjvks.dll%SYSTEMROOT%\system32\bindnvej.dll%SYSTEMROOT%\system32\jpzzqm.dll%SYSTEMROOT%\system32\vtUkjKba.dll%SYSTEMROOT%\system32\drczbq.dll%SYSTEMROOT%\system32\prnwlk.dll%SYSTEMROOT%\system32\ucqrjj.dll%SYSTEMROOT%\system32\mgjdax.dll%SYSTEMROOT%\system32\jihacv.dll%SYSTEMROOT%\system32\ddcCtsqQ.dll%SYSTEMROOT%\system32\efccddCU.dll%SYSTEMROOT%\system32\ufrxqr.dll%SYSTEMROOT%\system32\xxywWpqR.dll%SYSTEMROOT%\system32\skibqpxt.dll%SYSTEMROOT%\system32\jtrwal.dll%SYSTEMROOT%\system32\edljqdbo.dll%SYSTEMROOT%\system32\tfpdhn.dll%SYSTEMROOT%\system32\iyfgdvyy.dll%SYSTEMROOT%\system32\jhvwulaq.dll%SYSTEMROOT%\system32\ttyiplei.dll%SYSTEMROOT%\system32\jajepkfx.dll%SYSTEMROOT%\System32\emgnzr.dll%SYSTEMROOT%\system32\dsekqy.dll%SYSTEMROOT%\System32\xxydwc.dll%SYSTEMROOT%\System32\bcmlvh.dll%SYSTEMROOT%\system32\exqwxcji.dll%SYSTEMROOT%\system32\ysdbsq.dll%SYSTEMROOT%\system32\pmnmnLEX.dll%SYSTEMROOT%\system32\vrzbdi.dll%SYSTEMROOT%\system32\zatvky.dll%SYSTEMROOT%\system32\riuosl.dll%SYSTEMROOT%\system32\grzquz.dll%SYSTEMROOT%\system32\eauuah.dll, mppzqf.dll, lmvvgenc.dll%SYSTEMROOT%\system32\axqnlt.dll%SYSTEMROOT%\system32\tfvkod.dll%SYSTEMROOT%\system32\jsfoig.dll%SYSTEMROOT%\system32\scpxmz.dll%SYSTEMROOT%\system32\vsiots.dll%SYSTEMROOT%\system32\uituyc.dll%SYSTEMROOT%\system32\erqfnx.dll%SYSTEMROOT%\system32\xmmjlipj.dll%SYSTEMROOT%\system32\gtkbbs.dll%SYSTEMROOT%\system32\rcggbwks.dll%SYSTEMROOT%\system32\qkqtodyv.dll%SYSTEMROOT%\system32\knkkeu.dll%SYSTEMROOT%\system32\vqivmg.dll%SYSTEMROOT%\system32\aglydi.dll%SYSTEMROOT%\system32\ferskkrw.dll%SYSTEMROOT%\system32\dedyfg.dll%SYSTEMROOT%\system32\sxvaedyd.dll%SYSTEMROOT%\system32\mlJArpOh.dll%SYSTEMROOT%\system32\mlJAsTll.dll%SYSTEMROOT%\system32\nrlvkj.dll%SYSTEMROOT%\system32\jfewhfce.dll%SYSTEMROOT%\system32\efcDVnNG.dll%SYSTEMROOT%\system32\nosemdos.dll%SYSTEMROOT%\system32\pifgzo.dll%SYSTEMROOT%\system32\ddcCSMdc.dll%SYSTEMROOT%\system32\sdjomk.dll%SYSTEMROOT%\system32\vbtqveed.dll%SYSTEMROOT%\system32\qyyrxbhh.dll%SYSTEMROOT%\system32\qkojjk.dll%SYSTEMROOT%\system32\emwggtak.dll%SYSTEMROOT%\system32\ngcsqxjk.dll%SYSTEMROOT%\system32\oxodam.dll%SYSTEMROOT%\system32\mwktggcj.dll%SYSTEMROOT%\system32\rgkvne.dll%SYSTEMROOT%\system32\ybhwxj.dll%SYSTEMROOT%\system32\uxqpfk.dll%SYSTEMROOT%\system32\zgwlue.dll%SYSTEMROOT%\system32\frcdmhox.dll%SYSTEMROOT%\system32\jpjehkmn.dll%SYSTEMROOT%\system32\vhsttu.dll%SYSTEMROOT%\system32\wnhvnxjb.dll%SYSTEMROOT%\system32\tbrxbxbw.dll%SYSTEMROOT%\system32\tqwtqs.dll%SYSTEMROOT%\system32\nnnlkkhg.dll%SYSTEMROOT%\system32\labkne.dll%SYSTEMROOT%\system32\bqjdrh.dll%SYSTEMROOT%\system32\awtsPJcA.dll%SYSTEMROOT%\system32\yayxyvwx.dll%SYSTEMROOT%\system32\pfqjbewx.dll%SYSTEMROOT%\system32\fdswmgss.dll%SYSTEMROOT%\system32\efcASmKd.dll%SYSTEMROOT%\system32\vtUkhETm.dll%SYSTEMROOT%\system32\wowoxx.dll%SYSTEMROOT%\system32\vtUmNGwX.dll%SYSTEMROOT%\system32\zntdkn.dll%SYSTEMROOT%\system32\vtUmmNFw.dlldsnltn.dll%SYSTEMROOT%\system32\rqRJDwvU.dll%SYSTEMROOT%\system32\dsnltn.dll%SYSTEMROOT%\system32\pmnoMgEw.dll%SYSTEMROOT%\system32\iifefeBt.dll%SYSTEMROOT%\system32\mzqlig.dll%SYSTEMROOT%\system32\rqRIbArq.dll%SYSTEMROOT%\system32\tqabkkhc.dll%SYSTEMROOT%\system32\cssifsik.dll%SYSTEMROOT%\system32\jwijhtyf.dll%SYSTEMROOT%\system32\ltyolghw.dll%SYSTEMROOT%\system32\zwpmbd.dll%SYSTEMROOT%\system32\qoMfdaWQ.dll%SYSTEMROOT%\system32\khfcBQjk.dll%SYSTEMROOT%\system32\ssqrSMee.dll%SYSTEMROOT%\system32\aecggnuj.dll%SYSTEMROOT%\system32\mojbopil.dll%SYSTEMROOT%\System32\gcufkcko.dlllemaba.dll%SYSTEMROOT%\system32\cycsls.dll%SYSTEMROOT%\system32\lemaba.dll%SYSTEMROOT%\system32\efcBSMFY.dll%SYSTEMROOT%\system32\efcARkHA.dll%SYSTEMROOT%\system32\ubhkrk.dll%SYSTEMROOT%\system32\beuijety.dll%SYSTEMROOT%\system32\jkkhifec.dll%SYSTEMROOT%\system32\xxywVlLC.dll%SYSTEMROOT%\system32\ssjaug.dll%SYSTEMROOT%\system32\syadnduq.dll%SYSTEMROOT%\system32\hoxxogah.dll%SYSTEMROOT%\system32\pcdkykes.dll%SYSTEMROOT%\system32\adrfzi.dll%SYSTEMROOT%\system32\yvkydy.dll%SYSTEMROOT%\system32\mroobnpg.dll%SYSTEMROOT%\system32\uuayib.dll%SYSTEMROOT%\system32\nedotfwb.dll%SYSTEMROOT%\system32\diriedfk.dll%SYSTEMROOT%\system32\ojxpmd.dll%SYSTEMROOT%\system32\vakqbbpn.dll%SYSTEMROOT%\system32\rkwoirys.dll%SYSTEMROOT%\system32\ugptyq.dll%SYSTEMROOT%\system32\mudapy.dll%SYSTEMROOT%\system32\xxyaxvUN.dll%SYSTEMROOT%\system32\kmsdglpm.dll%SYSTEMROOT%\system32\frljnq.dll%SYSTEMROOT%\system32\tqywtr.dll%SYSTEMROOT%\system32\pbiduh.dll%SYSTEMROOT%\system32\trsjpbyp.dll%SYSTEMROOT%\system32\jitgrwvq.dll%SYSTEMROOT%\system32\awtqoMfc.dllvumer.dllcmutils.dll Other Files 2chkdskgf1.0.0.2cbgzgdqt904598c7%SYSTEMROOT%\system32\c00488D9.mat%SYSTEMROOT%\system32\__c00a2080.dat%USERPROFILE%\locals~1\temp\__70.tmp Registry Keys HKEY_CLASSES_ROOT\atlevents.atlevents13589181-4f0d-4553-b9f8-b4b72172c139HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogonHKEY_CURRENT_USER\software\microsoft\windowsupdHKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catwHKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrvHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupdHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catwHKEY_LOCAL_MACHINE\software\targetsoftD01C9902-73AF-47FF-B784-05FDB6604FCF1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno68616403-4FFB-4B19-B360-0B0B1F55D5EC22B271AB-3D0A-4CCB-8AD9-DD08183C356AMicrosoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttrD714A94F-123A-45CC-8F03-040BCAF82AD6Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E083B28A74-640D-48F4-9F51-E80EED7CC7E02FCAB754-0535-470E-8F80-BACB6CA1ACC1Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlkD38439EC-4A7F-42b4-90C2-D810D7778FDD6148028B-D532-4417-8C0B-5A4A0B745393SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddbyA05DA7E0-383C-4E99-A72A-742050A152A2SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2Microsoft\Windows

AnnMarie View Public Profile Find all posts by AnnMarie #7 October 1st, 2008, 02:49 PM kpoman Senior Member Join Date: Feb 2004 O/S: Windows 7 32-bit Location: California http://avissoft.net/am-i/am-i-infected-what-do-i-do-probably-not.php When JavaRa is done, a notice will appear that a logfile has been produced. I hope this works for you as well and if not, perhaps the process of finding a solution to VirtuMonde.c will help. I was, after a while, able to close it though.

Share this post Link to post Share on other sites EverColorado    New Member Topic Starter Members 17 posts ID: 3   Posted February 1, 2009 Thank you so much for Not someone who plays with it. Will Smith Back to top #11 atlarson atlarson Topic Starter Members 7 posts OFFLINE Local time:12:04 AM Posted 18 May 2009 - 04:47 As a first step, I downloaded Malwarebytes. http://avissoft.net/am-i/am-i-clean-yet-post-virtumonde-removal-hjt-log-attached.php Virtumonde installs on your computer through a trojan and may infect your system without your knowledge or consent.

It very cool, speeds up your pc and is worth checking out! Also, typical symptoms usually involve additional icons on your desktop when no software was installed, changed homepages and backgrounds. It's been 5 days since and it hasn't come back.

I Got An Adware Virus Network : Obfuscator Virus +Adware Network : Virus Out Today Millions Infected Network : Best Network Virus/Spyware/Malware/Adware Detection/Removal Network : Best Adware/Virus Scanner/Blocker Combo?

Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this ThanksHow are things running now?I tried to run RootRepeal again but the same Windows Kernel error appears. ZoneAlarm caught it and quarantined it, but I find this latest return of hits to be very suspicious. Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web in your next reply. (You

VirtuMonde infections are almost exclusive to the United States, with only a very small percentage of cases occurring elsewhere. Unfortunately, I could not run an update because I have no Internet. Required fields are marked *Comment Name * Email * Free Online Tools! http://avissoft.net/am-i/am-i-infected-whatever-it-is.php Unknown companies or freeware sites are huge targets for Adware.

Please update and rerun malwarebytes and post its fresh log. VirtuMonde's Common Characteristics The basic characteristics of VirtuMonde, common throughout its history and across its different versions, are its method of infection and its association with pop-up ads. BleepingComputer is being sued by the creators of SpyHunter. Install a good anti-spyware software When there's a large number of traces of Spyware, for example Virtumonde, that have infected a computer, the only remedy may be to automatically run a

Back to top #4 CoxaNL CoxaNL Topic Starter Members 4 posts OFFLINE Local time:12:04 AM Posted 28 April 2009 - 12:32 PM Now that Malware does not find anything anymore, Thanks! "In a world where you can be anything, be yourself." ~ unknown"Fall in love with someone who deserves your heart. Run regedit (Start / Run / regedit), and search for the infected keys. A menu will appear with several options.

Also tell me the ways to protect the mobile phone from the Viruses. ... Not someone who plays with it. Will Smith Back to top #5 atlarson atlarson Topic Starter Members 7 posts OFFLINE Local time:12:04 AM Posted 16 May 2009 - 05:10 I agreed to restart, and then did a scan again. I have been unable to stop the McAfee Total Protection.

Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. The application should ask for permission to restart your computer - click Yes. Write down the names of any .dll files associated with all the infected keys (they should include some of the dll files found in the above step). To learn more and to read the lawsuit, click here.