1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Virtumonde

Discussion in 'Virus & Other Malware Removal' started by Speeed, Sep 27, 2008.

Thread Status:
Not open for further replies.
  1. Speeed

    Speeed Thread Starter

    Joined:
    Sep 27, 2008
    Messages:
    1
    a week ago i've got trojan.Virtumonde on my pc
    i tried many anti spywares but it always came back with the registery
    MS Juan and MS Track System
    first he binded himself in IEXPLORER.EXE
    so i renamed it to IEXPLORE.EXE
    and deleted IEXPLORER.EXE
    but that didn't work either so i hope you guys can help me
    here is my hijack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:28:16, on 27/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\SYSTEM32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\DU Meter 4.1\DUMeterSvc.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\Program Files\PC Tools Firewall Plus\FWService.exe
    E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\wscntfy.exe
    E:\Program Files\Analog Devices\Core\smax4pnp.exe
    E:\Program Files\Analog Devices\SoundMAX\smax4.exe
    E:\WINDOWS\system32\RUNDLL32.EXE
    E:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\DU Meter 4.1\DUMeter.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Documents and Settings\Katie\Bureaublad\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://adgportaal.arenberggroup.be/citrix/MetaframeXP/default/login.asp?ClientDetection=On
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] :"E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Media Codec Update Service] E:\Program Files\Codec Pack\update.exe -silent
    O4 - HKLM\..\Run: [00PCTFW] "E:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [windowslive] E:\WINDOWS:windowslive.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DU Meter] E:\Program Files\DU Meter 4.1\DUMeter.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\Office12\EXCEL.EXE/3000
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: wbsys.dll lehwel.dll zdogom.dll
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - E:\Program Files\DU Meter 4.1\DUMeterSvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - E:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 5467 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753868

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice