Solved: Have a question

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
This question is regarding Virtumundobegone 1.2. Is this compatible with Windows 2000 Pro? I don't need help with removing anything I just want to know before I get started on my friend's pc. Thanks.
 

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
It's not going so good, so far. I've got all the Vundo's removed along with a bunch of other malware. But it will not let me remove cmdService adware. The computer still will not start in safe mode.
 

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
I might end up doing that. Two things Ewido could not get off were Spyware.CommAd and TrojanSpy.Goldun.fs. I'm going to see if I can post a log. Thanks for your help.
 

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
Logfile of HijackThis v1.99.1
Scan saved at 1:43:20 PM, on 12/29/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\wuapi.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\dbg32hlp.exe
C:\WINNT\System32\netddesrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\loadqm.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\System32\msiehelp.exe
C:\WINNT\z00096.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.accubak.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.accubak.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.accubak.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brought to you by AccuBak - 877-222-8225
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINNT\DH.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WINP] C:\WINNT\winmic.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [dynwxkd] C:\WINNT\dynwxkd.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Internet Explorer Helper] C:\WINNT\System32\msiehelp.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\WINNT\z00096.exe
O4 - HKLM\..\RunServices: [Sygate Personall Firewall] Sygate32.exe
O4 - HKLM\..\RunServices: [time] time.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [time] time.exe
O4 - HKCU\..\Run: [Sygate Personall Firewall] Sygate32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: MemTurbo.lnk = D:\Utilities August_2005 - Disk B\MemTurbo version 2\MemTurbo.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: jkhig - jkhig.dll (file missing)
O20 - Winlogon Notify: printpnp - printpnp.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\SldBVEtJTlM\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINNT\MSmedia.exe (file missing)
O23 - Service: Msdebugsrv1 (Msdebugsrv) - Unknown owner - C:\WINNT\dbg32hlp.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINNT\System32\netddesrv.exe
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINNT\system32\ttt.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINNT\shost.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINNT\csrss.exe (file missing)

Thanks for your help. Mediagateway is not in add/remove programs
 

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
No, not at all. It just says loading Windows 2000 Pro on a black background and never loads it.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Did that happen during the VirtumondeBeGoneTool? Cause I believe we have a fix for that.
 

williesbest2

Thread Starter
Joined
Jun 13, 2005
Messages
347
No, you couldn't access safe mode even before VirtumundoBeGone. Same thing happened. I'm running Spy Sweeper right now to see if it finds anything else. I've been working on this computer all day. It seems the more I do, the more shows up.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,861
Have you previously run the vundofix tool before using virtumondobegone?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top