Virtumonde wont go away

Discussion in 'Malware Help (A Specialist Will Reply)' started by svalenti007, Oct 28, 2005.

  1. svalenti007

    svalenti007 Private E-2

    Hi all.

    I have done both the "read and run" and tried the fix it under special spyware . Neither seemed to work since Virt is still coming up under microsoft antispy.

    Please advise. Thank You

    Steve
     

    Attached Files:

    svalenti007, Oct 28, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please refer to the READ & RUN ME step 7 and install HijackThis properly per the instructions. You are running it from:

    C:\Documents and Settings\Marilyn Rodriguez\Desktop\HijackThis.exe

    Also HijackThis log must be posted from normal boot mode not safe mode. This is also covered in those instructions.

    I would have to assume you did not follow the Virtumundo steps properly or you must have gotten some kind of error. They should work. You Virtumundo problem lines are:


    O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\dllxml.dll
    O20 - Winlogon Notify: dllxml - C:\WINDOWS\dllxml.dll

    Try the steps again and then post a new HJT log from normal boot mode. You do have a couple other items to fix besides Virtumundo.
     
    Last edited: Oct 28, 2005
    chaslang, Oct 28, 2005
    #2
  3. svalenti007

    svalenti007 Private E-2

    Sorry posted the wrong log :(. But i did remove those two files and everything seems to be working now. Thank You.

    Steve
     
    svalenti007, Oct 31, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay but there were other things in your HJT log that should be fixed.


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
     
    chaslang, Oct 31, 2005
    #4
  5. svalenti007

    svalenti007 Private E-2

    Thank you again. Took care of those also. You guys are great thanks alot :)

    Steve
     
    svalenti007, Oct 31, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 31, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds