Home > General > Vitumonde

Vitumonde

Javascript Disabled Detected You currently have javascript disabled. C:\Documents and Settings\Bill\Local Settings\Temp\msprint.exe (Trojan.Agent) -> Quarantined and deleted successfully. Remove it with the removal tool wainuitech18-12-2009, 10:18 PMYou may have been lucky :thumbs: get a better AV norton is rubbish -- microsoft MSE if you want free or Nod32 for Thanks once again.

TimW, Aug 30, 2008 #9 mann303 Private E-2 Thanks for that. Not someone who plays with it. Will Smith Back to top #9 norpacmiami norpacmiami Topic Starter Members 15 posts OFFLINE Local time:11:39 AM Posted 17 September 2008 - 01:31 This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are Antivirus" Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Beep Control Set: CurrentControlSet http://www.bleepingcomputer.com/forums/t/169649/vitumonde/

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Speedy Gonzales18-12-2009, 09:28 PMPost a hijackthis log its below. Thank you once again. What can I do now?

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. The executable actually runs the program. Object name: LocalSystem Image path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" Image size: 147640 Image MD5: 58E57D723BD437049F74408016E1735D Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Depends On services: aswMonFlt,RpcSS Service (registry key):

Since the file no longer exists, Windows will display an error message. Edited by Orange Blossom, 31 May 2008 - 07:50 PM. Fortunately, you have a backup.Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your See here.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\sysinteg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Tell me if you are having any other issues.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. click for more info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VnrBlock20 (Backdoor.Bot) -> Quarantined and deleted successfully. At this point press enter one time.

Note the below instructions for using safe mode. Kolla Path: C:\Windows\system32\Macromed\Flash\ Long name: Flash9f.ocx Short name: Date (created): 25/03/2008 04:32:42 Date (last access): 20/09/2008 21:06:28 Date (last write): 25/03/2008 04:32:42 Filesize: 2991488 Attributes: readonly archive MD5: 48FDF435B8595604E54125B321924510 CRC32: 12335E29 HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates,

Thank you both, Andy Back to top #14 norpacmiami norpacmiami Topic Starter Members 15 posts OFFLINE Local time:11:39 AM Posted 18 September 2008 - 08:33 PM Rigel, Just ran Kaspersky C:\WINDOWS\system32\ljJARjjI.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully. Vitumonde Malware [RESOLVED] Started by tpkp2 , Oct 17 2005 09:31 AM Page 1 of 2 1 2 Next This topic is locked #1 tpkp2 Posted 17 October 2005 - 09:31 Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Tech

Delete the C:\combo-fix folder from combofix. Andy KASPERSKY ONLINE SCANNER 7 REPORT Thursday, September 18, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: TimW, Sep 2, 2008 #13 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Your name or email address: Do you already have an

C:\WINDOWS\system32\qiecalep.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

You need to remove this registry entry so Windows stops searching for the file when it loads. HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully. o NOTE: If you would like to keep your saved passwords, please click No at the prompt. Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): E1G60 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel(R) PRO/1000 NDIS

Privacy Policy Rules · Help Advertise | About Us | User Agreement | Privacy Policy | Sitemap | Chat | RSS Feeds | Contact Us Tech Support Forums | Virus Removal Now Copy the bold text below to notepad. HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xunjfeib.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Please Update and rerun MalwareBytes, and the post a new log. Speedy Gonzales18-12-2009, 09:35 PMCopy and paste it. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. If we used Pocket Killbox during your cleanup, do the below * Run Pocket Killbox and select File, Cleanup, Delete All Backups If we had you use ComboFix, uninstall ComboFix (This

What's that? PC Safety & Security::PC running a bit slow?::Photographers Corner 04-17-2008, 11:54 AM #3 mattollie Registered Member Join Date: Apr 2008 Posts: 2 OS: XP Thanks I'll give it or read our Welcome Guide to learn how to use this site. Files Infected: C:\WINDOWS\SYSTEM32\jiivnepf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

then ctrl-c, then reply in here - ctrl-v Shortstop18-12-2009, 09:45 PMHere's the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:42:56 PM, on 18/12/2009 Platform: Unknown Windows (WinNT 6.01.3504) Andy ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, September 17, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last Not someone who plays with it. Will Smith Back to top #12 quietman7 quietman7 Bleepin' Janitor Global Moderator 47,036 posts ONLINE Gender:Male Location:Virginia, USA Local time:11:39 AM Posted 17 REGEDIT4 [-HKEY_CURRENT_USER\Software\Kazaa] [-HKEY_LOCAL_MACHINE\SOFTWARE\knight] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "HideLegacyLogonScripts"=- "HideLogoffScripts"=- "RunLogonScriptSync"=- "RunStartupScriptSync"=- "HideStartupScripts"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "HideLegacyLogonScripts"=- "HideLogoffScripts"=- "RunLogonScriptSync"=- "RunStartupScriptSync"=- "HideStartupScripts"=-Click to expand...

Thank you mann303, Aug 30, 2008 #5 TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member No problem...I'm not going anywhere ....:cry TimW, Aug 30, 2008 #6 mann303 Private How do you tyurn System Restore off? Any more reports/signs of infection? ..Microsoft MVP Consumer Security 2007-2015 Microsoft MVP Reconnect 2016Windows Insider MVP 2017Member of UNITE, Unified Network of Instructors and Trusted EliminatorsIf I have been helpful & HJT needs to be in its own folder so that the program itself isn't deleted by accident.

If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to Click "Yes" at the Delete on Reboot prompt. My AVG 8.0 can not uopdate.