Virtumonde problem! (not a newbee)

Discussion in 'Malware Help (A Specialist Will Reply)' started by golfer81881, Feb 8, 2008.

  1. golfer81881

    golfer81881 Private E-2

    Hello-

    I have run Ad-Aware and Spybot numerous times, done some research, and have concluded that I do have the VIRTUMONDE virus. I get the "BLUE SCREEN" and numerous pop-ups.....

    Here is what Ad-Aware found:


    Infections Found
    Family Id Name Category TAI
    763 Virtumonde Malware 10
    • [300016104] Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
    • [300016204] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\shellexecutehooks Value: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
    • [300034732] Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
    • [300034734] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\shellexecutehooks Value: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
    • [300041069] Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}
    • [300031423] Root: HKU Path: S-1-5-21-239712180-357464061-2299825339-1004\software\microsoft\ms juan
    • [300031425] Root: HKLM Path: software\microsoft\jkwslist
    • [300034191] Root: HKU Path: S-1-5-21-239712180-357464061-2299825339-1004\software\microsoft\aldd
    • [300036915] Root: HKLM Path: software\microsoft\aoprndtws
    • [300037556] Root: HKU Path: S-1-5-21-239712180-357464061-2299825339-1004\software\microsoft\rdfa



    I have attached the log from combofix.exe as you asked..

    Thanks so much in advance!
     

    Attached Files:

    golfer81881, Feb 8, 2008
    #1
  2. golfer81881

    golfer81881 Private E-2

    Attached is the log for MGlogs
     

    Attached Files:

    golfer81881, Feb 8, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please go back to step 1 of the READ ME and follow the instructions for putting your system into Normal Startup mode with MSconfig. Do this now and remain in Normal Startup mode. We cannot start your fixes until you do this since some of the infections are trapped in MSconfig.

    After doing this, do the below to get a new log.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs
    • C:\MGlogs.zip
     
    chaslang, Feb 9, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds