Home > Please Help > Please Help Me With Virtumondo

Please Help Me With Virtumondo

Did you put ComboFix on your desktop? You need to disable your Nod32 Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running. Please help me to remove this asap. A notification will appear that "Quarantine and Removal is Complete".

Generated Thu, 26 Jan 2017 00:40:50 GMT by s_hp107 (squid/3.5.23) Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Thank you! That may cause it to stall. https://forums.spybot.info/showthread.php?19721-please-help-me-with-virtumonde-and-smitfreud

Continuing.[05/17/2008, 20:48:52] - BHO 5: {F5F76B80-9542-4591-B4D2-7E09A6029E90} ()[05/17/2008, 20:48:52] - WARNING: BHO has no default name. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? When finished, it shall produce a log for you. You have some suspicious files we need to check.

Did disable your Nod32 Antivirus and Spybot Teatimer (as well as any other registry protector) before running ComboFix? Note: the above code was created specifically for this user. hiwatt 12:19 16 Nov 07 You could also try superantispyware.This removes things a lot of the others don't.Also try turning off system restore before you scan but be aware you will Click Preferences, then click the Statistics/Logs tab.

Go to My Computer and double-click C. File/Folder C:\WINDOWS\system32\rjfraqgh.exe not found. Clear editor Insert other media Insert existing attachment Insert image from URL × Desktop Tablet Phone Security Check Send Recently Browsing 0 members No registered users viewing this page. Starting over...[05/17/2008, 20:43:22] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)[05/17/2008, 20:43:22] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[05/17/2008, 20:43:22] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)[05/17/2008, 20:43:22] - BHO 4: {B3102264-D09D-4322-B625-503FBF18DD7E} (MSEvents Object)[05/17/2008,

Back to top #3 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 21 January 2008 - 03:59 AM Currently @ work, will post reply ASAP. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

  1. Click Close to exit the program.
  2. Slide.exe was a picture slideshow screen saver.
  3. You can donate using a credit card and PayPal.
  4. Everyone else please begin a New Topic. 0 Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics 1 user(s) are reading this topic 0 members, 1 guests,

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05222008_231833 0 #8 greyknight17 Posted 23 May 2008 - 05:23 PM greyknight17 Malware Expert Visiting Consultant 16,560 posts Just to confirm, is If asked if you want to reboot, click "Yes". Register now! I just did a scan with spybot before you replied and it said that no spywares were found, thought everything was fine now...

Please visit this webpage for instructions for downloading and running ComboFix and installing Recovery Console. Run Panda ActiveScan Post the results from ActiveScan. Your log is clean.To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.Are there any problems now? I recommend uninstalling it if that's the case.

You can donate using a credit card and PayPal. Please open this log in Notepad and post its contents in your next reply.* Close OTMoveIt2.If a file or folder cannot be moved immediately you may be asked to reboot the Attached Files ComboFix.zip 49.14KB 17 downloads Back to top #11 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 25 January 2008 - 04:39 PM I have Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo!

AdWare.win32.virtumonde.jp Operating System:Windows XP Home Edition Product Name:ZoneAlarm Antivirus May 20th, 2007 #2 fax View Profile View Forum Posts Private Message Guru Join Date Nov 2004 Location localhost Posts 18,029 Re: Go to My Computer and double-click C. Thank you!

When finished, it will produce a log for you.

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Make sure everything has a checkmark next to it and click "Next". That may cause it to stall.I want you to upload this file (C:\WINDOWS\Win.com) to http://virusscan.jotti.org and report back what it found. 0 #5 Senatora Posted 21 May 2008 - 07:05 AM Double click combofix.exe and follow the prompts.

That may cause it to stall.I have killed the stalled process (via task manager) yesterday and today restarted combofix... Virtumonde, Trojandropper.agent.dgo, Bho.g - Please Help Me Fix The Infestation And Slow Computer Speed Started by stricjux , Jan 16 2008 01:54 PM Page 1 of 3 1 2 3 Next this Topic has been closed. Back to top #15 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 26 January 2008 - 02:28 PM Hi stricjux, This computer is really infected.

Copy the text from the quotebox below into Notepad:DirLook::C:\New FolderC:\Program Files\Common Files\Microsoft Shared\Web Folders\File::C:\WINDOWS\my.ini.oldC:\WINDOWS\my.iniC:\WINDOWS\BM8b632314.xmlC:\WINDOWS\system32\opnlJcaY.dll.virC:\Documents and Settings\Senator\CommandLists.iniC:\WINDOWS\nod32fixtemdono.regC:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exeC:\WINDOWS\system32\expIorer.exeC:\WINDOWS\system32\paytime.exeC:\WINDOWS\1A.tmpRegistry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klop][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ExpIore]Save this as CFScript.txt in the same NOTE: If you have an old version of ComboFix please delete that and download it again! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Still working, now almost 20hrs.... (deleting .tmp files).

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Please try the request again. Thank you! All Rights Reserved.

You can donate using a credit card and PayPal. ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection to 0.0.0.9 failed. Finally paste the contents of the Report.txt back on the forum with a new HijackThis log cybertech, Sep 26, 2007 #2 janco Thread Starter Joined: Sep 26, 2007 Messages: 30 button, i got these results, don't know if that can help but i post them anyway.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Copy/paste the text in the code box below into notepad: KILLALL:: RenV:: ----a-w            39,792 2007-12-26 11:05:33  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w           284,184 2007-12-29 13:15:29  C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper .exe ----a-w           746,520 2007-12-29 13:15:29  C:\Program Files\Logitech\QuickCam10\QuickCam10 .exe Back to top #13 stricjux stricjux Topic Starter Members 17 posts OFFLINE Local time:01:41 AM Posted 26 January 2008 - 07:51 AM Hi stricjux,ComboFix had a bug and it has