Trojan.Virtumonde

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Speeed

Thread Starter
Joined
Sep 27, 2008
Messages
1
a week ago i've got trojan.Virtumonde on my pc
i tried many anti spywares but it always came back with the registery
MS Juan and MS Track System
first he binded himself in IEXPLORER.EXE
so i renamed it to IEXPLORE.EXE
and deleted IEXPLORER.EXE
but that didn't work either so i hope you guys can help me
here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:16, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\DU Meter 4.1\DUMeterSvc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\PC Tools Firewall Plus\FWService.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\smax4.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\DU Meter 4.1\DUMeter.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Katie\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://adgportaal.arenberggroup.be/citrix/MetaframeXP/default/login.asp?ClientDetection=On
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] :"E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [00PCTFW] "E:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [windowslive] E:\WINDOWS:windowslive.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] E:\Program Files\DU Meter 4.1\DUMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\Office12\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: wbsys.dll lehwel.dll zdogom.dll
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - E:\Program Files\DU Meter 4.1\DUMeterSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - E:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5467 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top