Windows Support Forum

Please help with Adware.Virtumonde PrivacyRemover.M64 message

Q: Please help with Adware.Virtumonde PrivacyRemover.M64 message

Hi I am unable to remove a virus help Please message Adware.Virtumonde PrivacyRemover.M64 with on my computer and would really appreciate any help Not sure how I got it but my Dell Dimension running WinXP Home SP is showing an error message It has replaced my background with a warning looks fake about Adware Virtumonde and PrivacyRemover M When I run Avast Antivirus it finds a trojan but deleting the Please help with Adware.Virtumonde PrivacyRemover.M64 message files does not help I am also unable to run any online scans I can google the link but when I Please help with Adware.Virtumonde PrivacyRemover.M64 message click it I am redirected to another site I found this forum online with a laptop I downloaded HiJackThis from the sticky message and ran it under safe mode This is the message Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode Running processes C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system oembios exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run IAAnotif C Program Files Intel Intel Application Accelerator iaanotif exe O - HKLM Run Disc Detector C Program Files Creative ShareDLL CtNotify exe O - HKLM Run WINDVDPatch CTHELPER EXE O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run Jet Detection quot C Program Files Creative SBLive PROGRAM ADGJDet exe quot O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run dscactivate quot C Program Files Dell Support Center gs agent custom dsca exe quot O - HKLM Run DellSupportCenter quot C Program Files Dell Support Center bin sprtcmd exe quot P DellSupportCenter O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run lphcj cj el c C WINDOWS system lphcj cj el c exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run DellSupport quot C Program Files DellSupport DSAgnt exe quot startup O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run ATI DeviceDetect C Program Files ATI Multimedia main ATIDtct EXE O - HKCU Run ATI Remote Control C Program Files ATI Multimedia RemCtrl ATIRW exe O - HKCU Run DellSupportCenter quot C Program Files Dell Support Center bin sprtcmd exe quot P DellSupportCenter O - HKCU Run SVCHOST EXE C WINDOWS system drivers svchost exe O - HKUS S- - - Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe User SYSTEM O - HKUS DEFAULT Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exe User Default user O - Global Startup Adobe Gamma Loader lnk O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Global Startup WatchHDTVSched exe lnk C Program Files WatchHDTV WatchHDTVSched exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button ATI TV - DFF- E- edc-B C- E CD C - C Program Files ATI Multimedia dtv EXPLBAR DLL O - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS system Shdocvw dll O - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - C WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF E E - AF- - C -A ADCBF BD HouseCall Control - http housecall trendmicro com housecall xscan cab O - DPF E DE - - B - F -C E A F E Microsoft PID Sniffer - https support microsoft com OAS ActiveX odc cab O - DPF DF F -FF B- DF - D - DB A A PopCapLoader Object - http www popcap com games popcaploader v cab O - Service Acronis Scheduler Service AcrSch Svc - Acronis - C Program Files Common Files Maxtor Schedule schedul exe O - Service Apple Mobile Device - Apple Inc - C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe O - Service avast iAVS Control Service aswUpdSv - ALWIL Software - C Program Files Alwil Software Avast aswUpdSv exe O - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS system Ati evxx exe O - Service ATI Smart - Unknown owner - C WINDOWS SYSTEM ati sgag exe O - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast ashServ exe O - Service avast Mail Scanner - ALWIL Software - C Program Files Alwil Software Avast ashMaiSv exe O - Service avast Web Scanner - ALWIL Software - C Program Files Alwil Software Avast ashWebSv exe O - Service Bonjour Service - Apple Inc - C Program Files Bonjour mDNSResponder exe O - Service Creative Service for CDROM Access - Creative Technology Ltd - C WINDOWS system CTsvcCDA exe O - Service DSBrokerService - Unknown owner - C Program Files DellSupport brkrsvc exe O - Service Google Updater Service gusvc - Google - C Program Files Google Common Google Updater GoogleUpdaterService exe O - Service IAA Event Monitor IAANTMon - Intel Corporation - C Program Files Intel Intel Application Accelerator iaantmon exe O - Service iPod Service - Apple Inc - C Program Files iPod bin iPodService exe O - Service SupportSoft Sprocket Service dellsupportcenter sprtsvc dellsupportcenter - SupportSoft Inc - C Program Files Dell Support Center bin sprtsvc exe O - Service Viewpoint Manager Service - Viewpoint Corporation - C Program Files Viewpoint Common ViewpointService exe -- End of file - bytes Thank you for your time and help Steve nbsp

Relevancy 100%
Preferred Solution: Please help with Adware.Virtumonde PrivacyRemover.M64 message

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevancy 104.92%

Windows Warning Message! Win32/Adware.Virtumonde + Win32/PrivacyRemover.M64. Help!
I booted my computer up today, and saw my background wasn't available anymore. Then I see the message, "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer". It says that Win32/Adware.Virtumonde and Win32/PrivacyRemover.M64 are on my computer,
i have already run superantispyware free software and already scan but this message still appeare
 

https://forums.techguy.org/threads/windows-warning-message-win32-adware-virtumonde-win32-privacyremover-m64-help.762497/
Relevancy 104.92%

I booted my computer up today and saw my background wasn t available anymore Then I see the message quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot It says that Win Adware Virtumonde and Win PrivacyRemover M are on my computer but I ve scanned it using my COMODO Firewall AVG Anti-Virus Message! + Help! Win32/Adware.Virtumonde Win32/PrivacyRemover.M64. Warning Windows AND Spy-Bot SD and nothing shows up I downloaded HJT Windows Warning Message! Win32/Adware.Virtumonde + Win32/PrivacyRemover.M64. Help! and will upload it with this post I m going to college in two days-please help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files x HP Digital Imaging bin hpqtra exe C Program Files x QUICKENW QWDLLS EXE C Program Files x HP QuickPlay QPService exe C Program Files x Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files x HP HP Software Update hpwuSchd exe C Program Files x Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files x Hewlett-Packard HP Wireless Assistant WiFiMsg exe C Program Files x Java jre bin jusched exe C AVG Anti-Virus avgtray exe C Program Files x QUICKENW qagent exe C Program Files x Common Files Real Update OB realsched exe C Windows SysWOW mrtMngr EXE C Windows SysWOW lphccnrj evrv exe C Program Files x Hewlett-Packard Shared HpqToaster exe C Program Files x HP Digital Imaging bin hpqSTE exe C Program Files x Mozilla Firefox firefox exe C Program Files x HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE amp tp iehome amp locale en us amp c amp bd Pavilion amp pf laptop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files x Yahoo Companion Installs cpn yt dll file missing F - REG system ini UserInit userinit exe O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dll file missing O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C AVG Anti-Virus avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C AVGANT AVGTOO DLL O - BHO HP Print Clips - FFFFFFFF-FF - C - EC- E AA B D - c Program Files x HP Smart Web Printing hpswp framework dll O - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program File... Read more

https://forums.techguy.org/threads/windows-warning-message-win32-adware-virtumonde-win32-privacyremover-m64-help.741250/
Relevancy 99.76%

Hello I d appreciate your help please My laptop caught something which changed the desktop wallpaper to a message saying I had adware virtumonde and privacyremover m This is my work laptop so would like to remove it immediately Thank you in advance for you assistance It is greatly appreciated I ve downloaded hijack this and here is the log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS system spoolsv exe C Program Files Cisco Systems and privacyremover. adware.virtumonde VPN Client cvpnd exe C Program Files iPass iPassConnect iPassPeriodicUpdateService exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files adware.virtumonde and privacyremover. Trend Micro OfficeScan Client ntrtscan exe C WINDOWS System svchost adware.virtumonde and privacyremover. exe C Program Files E SMSNomad SMSNomadP P exe C WINDOWS system svchost exe C Program Files Trend Micro OfficeScan adware.virtumonde and privacyremover. Client tmlisten exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system SearchIndexer exe C WINDOWS system CCM CcmExec exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files Trend Micro OfficeScan Client OfcPfwSvc exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C WINDOWS system AccelerometerSt exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Trend Micro OfficeScan Client pccntmon exe C Program Files Rightfax Client FaxCtrl exe C WINDOWS system lphcgm j e exe C WINDOWS system ctfmon exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files iPass iPassConnect iPassPeriodicUpdateApp exe C WINDOWS TEMP AM F EXE C PROGRA hpq Shared HPQTOA EXE C Program Files Trend Micro OfficeScan Client pccntupd exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Microsoft Office Office OUTLOOK EXE C Program Files Internet Explorer iexplore exe C WINDOWS system mstsc exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Microsoft Office Office EXCEL EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Citrix ICA Client wfica exe C WINDOWS system SearchProtocolHost exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system SearchProtocolHost exe R - HKCU Software Microsoft Internet Explorer Main Start Page http intranet R - HKCU Software Microsoft Internet Connection Wizard ShellNext wmplayer exe ICWLaunch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer webaccess R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride http klein lagassenet com lagasseinc com lagassesweet com ussco com localhost na ds ussco com lt local gt R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe ActiveX AcroIEHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO Ipswitch WsftpBrowserHelper - ED -FB C- D - D - DA B - C Program Files WS FTP Pro wsbho k dll O - BHO Browser Helper Object - AFD AD - C - DB-A -FBE A C - C Program Files Common helper dll O - Toolbar Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion I... Read more

https://forums.techguy.org/threads/adware-virtumonde-and-privacyremover.741600/
Relevancy 99.76%

Hello I d appreciate your help please My laptop caught something which changed the desktop wallpaper to a message saying I had adware virtumonde and privacyremover m I downloaded malwarebyte and this cleared some infections However my laptop privacyremover.m64 please help and adware.virtumonde still hangs when it is shutting down at the place where the screen says quot windows is shutting down quot I can help please adware.virtumonde and privacyremover.m64 only shut it down with the on off help please adware.virtumonde and privacyremover.m64 button Presumably the virus is not completely cleared I have used HJT and the log is below Are you able to help please adware.virtumonde and privacyremover.m64 help me please Many thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system ZoneLabs vsmon exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS System GEARSec exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C MATLAB webserver bin win matlabserver exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system ThpSrv exe C Program Files TOSHIBA TME Tmesbs exe C Program Files TOSHIBA TME Tmesrv exe C Program Files PowerQuest Drive Image Agent PQV iSvc exe C Program Files Viewpoint Common ViewpointService exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS Explorer EXE C WINDOWS system THotkey exe C WINDOWS system rundll exe C Program Files TOSHIBA DualPointUtility TEDTray exe C WINDOWS system TFNF exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C WINDOWS system TPSODDCtl exe C Program Files TOSHIBA TME TMERzCtl EXE C Program Files TOSHIBA TME TMESBS EXE C Program Files TOSHIBA Wireless Hotkey TosHKCW exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA TAudEffect TAudEff exe C WINDOWS System DLA DLACTRLW EXE C Program Files TOSHIBA TME TMEEJME EXE C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS system TPSBattM exe C WINDOWS System svchost exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video LogiTray exe C Program Files Google Google Desktop Search GoogleDesktop exe C PROGRA ALWILS Avast ashDisp exe C Program Files BillP Studios WinPatrol winpatrol exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files Adobe Acrobat Acrobat Acrotray exe C PROGRA Intel Wireless Bin Dot XCfg exe C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C WINDOWS system ctfmon exe C Program Files Common Files Ahead lib NMBgMonitor exe C Program Files Microsoft ActiveSync Wcescomm exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Google Google Updater GoogleUpdater exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Microsoft Office OFFICE ONENOTEM EXE C PROGRA MI AA rapimgr exe C Program Files Logitech Video FxSvr exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingServ... Read more

https://forums.techguy.org/threads/help-please-adware-virtumonde-and-privacyremover-m64.741564/
Relevancy 98.47%

I have a fake MS warning box with win Adware Virtumonde and PrivacyRemover m My screen has gone white I have PC-cillin Internet Security Did a spyware and virus scan and cleaned out all detected spyware It did not take care Infected: Privacyremover.m64 Adware.virtumonde, of this Infected: Adware.virtumonde, Privacyremover.m64 problem I did get a warning message that something is trying to connect to the internet which I denied I'm not savvy in this stuff at all so I hope Infected: Adware.virtumonde, Privacyremover.m64 that I'm doing this right Many thanks to you wonderful folks in advance for your help Here is a Hickjack this log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC Program Files Dell QuickSet NICCONFIGSVC exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC PROGRA TRENDM INTERN tmproxy exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC WINDOWS system igfxsrvc exeC WINDOWS eHome ehmsas exeC WINDOWS system wbem wmiapsrv exeC WINDOWS stsystra exeC PROGRA TRENDM INTERN PccGuide exeC Program Files Dell QuickSet quickset exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Dell Photo AIO Printer dlbxmon exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Java jre bin jusched exeC WINDOWS system lphcagtj e a exeC Program Files NetWaiting netWaiting exeC WINDOWS system dlbxcoms exeC WINDOWS system ctfmon exeC Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exeC Program Files Digital Line Detect DLG exeC Program Files SanDisk SanDisk TransferMate SD Monitor exeC Program Files MozyHome mozystat exeC Program Files Microsoft SQL Server Tools Binn sqlmangr exeC Program Files Intel Wireless Bin Dot XCfg exeC PROGRA TRENDM INTERN PcScnSrv exeC Program Files Java jre bin jucheck exeC WINDOWS system rundll exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Browser Address Error Redirector - CA C - ... Read more

A:Infected: Adware.virtumonde, Privacyremover.m64

For folks looking at this post and emailing me... As you can see, its been over a week and NO help from BC. Don't waste your time posting here, unless you can live without your computer for this long... I did find some help elsewhere. See the following steps in post below which is in another forum that seems to get better response.Also, don't waste your time following the two recommended removal programs in the "Spyware Removal" tab up top. Those didn't do squat.Try this... BleepingComputer.com > Security > Am I infected? What do I do?http://www.bleepingcomputer.com/forums/ind...52&hl=85592The steps mostly worked for me, got rid of the virus message, but then my account started getting very problematic and eventually I couldn't do anything or connect to the internet. After monkeying around a couple days longer, I finally created a whole new account because the settings on my primary one were completely hosed. Luckly I had a second account on the system that was more cooperative. Still some performance issues probably because I have so much security crap running and checking at start-up now. I'll have to do some clean-up of those. I haven't created a new Restore Point yet, as I want to make sure I'm really in good shape with this new account. Good luck!!!

http://www.bleepingcomputer.com/forums/t/164080/infected-adwarevirtumonde-privacyremoverm64/
Relevancy 97.61%

Hello A few days ago my background image got changed to a fake one containing a warning about Adware Virtumonde and PrivacyRemover M Also I got a fake popup asking me to install something like quot Windows XP Solved: PrivacyRemover.M64 Help and malware Adware.Virtumonde please: Anti-Virus quot I did not of course I ran Norton Internet Security virus and security scans but they showed up nothing I ran Ad-Aware SE Personal and it detected spyware I clicked quot fix quot and after a reboot ran Ad-Aware again and it did not report any issues Also the background image Solved: Help please: Adware.Virtumonde and PrivacyRemover.M64 malware is gone and the fake popup is gone However if I try to access anti-malware sites such as Trend Micro etc I cannot - the browser returns an error page Also if I search for anything in Google when I click the links provided they redirect me to other commercial sites instead using the go google redirect This happens with both Explorer and Firefox I have a Dell Dimension running Windows XP Home SP also running Norton Internet Security I ran HijackThis and have attached the logfile Can you help Thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Common Files Symantec Shared ccProxy exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Norton SystemWorks Norton GoBack GBPoll exe C Program Files Maxtor Maxtor Backup MaxBackServiceInt exe C WINDOWS Explorer EXE C PROGRA NORTON NORTON NPROTECT EXE C Program Files Maxtor Utils SyncServices exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C PROGRA NORTON NORTON SPEEDD NOPDB EXE C WINDOWS System svchost exe C WINDOWS system hkcmd exe C WINDOWS System DSentry exe C Program Files Roxio Easy CD Creator DirectCD DirectCD exe C program files silver crest memory adapter tools scma exe C PROGRA TEXTBR Bin INSTAN EXE C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Pinnacle Shared Files Programs USBTip USBTip exe C WINDOWS vsnpstd exe C Program Files Java jre bin jusched exe C Program Files Maxtor ManagerApp Onetouch exe C Program Files Maxtor OneTouch Status maxmenumgr exe C Program Files iTunes iTunesHelper exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system drivers svchost exe C Program Files Internet Explorer Iexplore exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files camtool VideoMonitor CamTool exe C Program Files Digital Line Detect DLG exe C Program Files Norton SystemWorks Norton GoBack GBTray exe C Program Files Microsoft Office Office OSA EXE C Program Files Yahoo Messenger ymsgr tray exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ie R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Ma... Read more

A:Solved: Help please: Adware.Virtumonde and PrivacyRemover.M64 malware

https://forums.techguy.org/threads/solved-help-please-adware-virtumonde-and-privacyremover-m64-malware.751042/
Relevancy 86.86%

I have adware or a virus on my computer that i cant seem to get off Did a online free scan ccleanup and lavasoft adaware scans Takeover Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 Removal help Wallpaper with no success The Wallpaper Takeover Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 Removal help virus adware makes my desktop be a message warning spyware detected on computer saying that it detected the viruses Win Adware Virtumonde Win PrivacyRemover M are on my computer and i have to buy some software to get it off here is my hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system Wallpaper Takeover Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 Removal help winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan Mcshield exe C Program Files Network Associates VirusScan VsTskMgr exe C PROGRA NETWOR COMMON naPrdMgr exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS Explorer EXE C WINDOWS system wbem wmiprvse exe C WINDOWS system rundll exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS system Rundll exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Common Files Network Associates TalkBack TBMon exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C Program Files Dell QuickSet Quickset exe C DOCUME Andrew LOCALS Temp clclean C Program Files iTunes iTunesHelper exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C WINDOWS system ctfmon exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files iPod bin iPodService exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system wbem wmiprvse exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Ask Toolbar BHO - F D F - - a- F-E F C F - C Program Files AskPBar bar bin ASKPBAR DLL file missing O - Toolbar Ask Toolbar - F D F - - a- F-E F C F ... Read more

A:Wallpaper Takeover Win32/Adware.Virtumonde Win32/PrivacyRemover.M64 Removal help

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

http://www.techsupportforum.com/forums/f284/wallpaper-takeover-win32-adware-virtumonde-win32-privacyremover-m64-removal-help-288793.html
Relevancy 86.43%

I AND win32/adware.virtumonde/ Virus: Vundo win32/privacyremover.m64 am getting the following message in a box that is fixed in the center of my screen Warning Spyware detected on your computer below that Vundo Virus: win32/privacyremover.m64 AND win32/adware.virtumonde/ is another message in a blue box with the message Install an antivirus or spyware remover to clean your computer It also says that I have been infected with win privacyremover m AND win adware virtumonde I have booted into safe mode and run Norton Antivirus which found nothing but also kept crashing the machine so that it re-booted I then tried running Norton Antivirus in normal mode and had the same result I then booted to safe mode and tried to use VundoFix However in safe mode the button to start the scan didn t show on my screen and I was not able to start it I then re-booted into normal mode and tried to run it but it found nothing and the machine just kept re-booting I then re-booted into safe mode and tried running PC Spyware you guessed it it found nothing and kept rebooting Bottom line please help My HJT log is set out below Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS system cisvc exe C Program Files Norton SystemWorks Norton GoBack GBPoll exe C Program Files Norton SystemWorks Norton AntiVirus navapsvc exe C PROGRA NORTON NORTON NPROTECT EXE C WINDOWS system oodag exe C Program Files Spyware Doctor svcntaux exe C PROGRA NORTON NORTON SPEEDD NOPDB EXE C WINDOWS System svchost exe C WINDOWS System alg exe C WINDOWS Explorer EXE C WINDOWS system wuauclt exe C WINDOWS System igfxtray exe C WINDOWS System hkcmd exe C Program Files Microsoft IntelliPoint point exe C PROGRA Yahoo YOP yop exe C Program Files MSI Live Update LMonitor exe C Program Files Common Files Symantec Shared ccApp exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system oodtray exe C WINDOWS SOUNDMAN EXE C Program Files Spyware Doctor SDTrayApp exe C WINDOWS system sysrest exe C WINDOWS system ctfmon exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Logitech SetPoint SetPoint exe C PROGRA Yahoo browser ycommon exe C Program Files Norton SystemWorks Norton GoBack GBTray exe C Program Files Microsoft Office Office FINDFAST EXE C Program Files Microsoft Office Office OSA EXE C Program Files HP Digital Imaging bin hpqnrs exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files HP Digital Imaging bin hpqimzone exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Spyware Doctor swdsvc exe C PROGRA NORTON NORTON navw exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Spyware Doctor update exe C WINDOWS System wbem wmiprvse exe C WINDOWS system dwwin exe C WINDOWS system HPZinw exe R - HKCU Software Microsoft Internet Explorer Main Start Page http dsl sbc yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft... Read more

https://forums.techguy.org/threads/vundo-virus-win32-privacyremover-m64-and-win32-adware-virtumonde.742026/
Relevancy 85.57%

I think i have a virus... after surfing the web my desktop picture was changed to Warning! WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64. Now everytime i turn on my computer within 10 seconds after i get inside windows my computer automatically restarts.
I went into safemode and installed malwarebytes anti-malware software and quarantined my computer. My computer still restarts automatically but the WIN32/Adware.Virtumonde and WIN32/PrivacyRemover.M64 on desktop pic is gone.
PLEASE HELP ME
 

https://forums.techguy.org/threads/win32-adware-virtumonde-and-win32-privacyremover-m64-on-desktop-help.743608/
Relevancy 85.57%

Hey Recently my computer has been infected with a virus The desktop background on my computer changed by itself to a white screen that warns me that I have been infected with Win Adware Virtumonde and Win Privacy Remover N and that I should download spyware removers to get rid of it I have no idea how I got this virus Now my computer won't load certain web sites Win32/adware.virtumonde Infected With + Win32/privacyremover.n64 my email won't send anything out and other various problems occur I have tried running virus scans and using ad aware but I still can't find the problem I do not know much about these things so any and all help would be greatly appreciated Thanks I will post my Hijack This log below Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Symantec Infected With Win32/adware.virtumonde + Win32/privacyremover.n64 AntiVirus DefWatch exeC WINDOWS system HPConfig exeC Program Files HPQ Notebook Utilities HPWirelessMgr exeC Program Files Sprint Sierra Wireless Sprint Infected With Win32/adware.virtumonde + Win32/privacyremover.n64 PCS Connection Manager SPCSUtilityService exeC WINDOWS System svchost exeC Program Files Symantec AntiVirus Rtvscan exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system carpserv exeC PROGRA HPQ ONE-TO OneTouch EXEC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC windows system hpsysdrv exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC WINDOWS PixArt PAC Monitor exeC WINDOWS vsnpstd exeC WINDOWS system lphc smj eljp exeC Program Files Messenger MSMSGS EXEC Program Files DAEMON Tools Lite daemon exeC WINDOWS system ctfmon exeC Program Files HP Digital Imaging bin hpqtra exeC windows system macromed shockwave postupdate exeC Program Files HP Digital Imaging bin hpqtra exeC windows system macromed shockwave postupdate exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files Sprint Sierra Wireless Sprint PCS Connection Manager SPCSCM exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files iPod bin iPodService exeC Program Files Mozilla Firefox firefox exeC Program Files Windows Media Player wmplayer exeC Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www hp com info e-center-pR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dllO - BHO iebho - F A D E- F- AF- BE- B - C WINDOWS iebho dll file missing O - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program Files Common Files Viewpoint Toolbar Runtime IEViewBar dllO - Toolba... Read more

A:Infected With Win32/adware.virtumonde + Win32/privacyremover.n64

Hello and welcome to BC,Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease visit below webpage for instructions for downloading and running ComboFix. Make sure you download and save ComboFix DIRECTLY to your Desktophttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Post me these logs in your next reply..1. SDFix2. ComboFix3. A fresh HijackThis log (After ComboFix step)

http://www.bleepingcomputer.com/forums/t/168193/infected-with-win32adwarevirtumonde-win32privacyremovern64/
Relevancy 83.85%

HiMy computer is also infected by this win adware virtumonde and And Win32.privacyremover.m64 Win32/adware.virtumonde win privacyremover m On my screen it says in big letters that your computer is effected I tried to do system restore to a previous Win32/adware.virtumonde And Win32.privacyremover.m64 point but the only point available now Win32/adware.virtumonde And Win32.privacyremover.m64 is the one whe re the virus was effected I did it and nothing happened and the virus is still thereMy McAfee Antivirus has expired but even then I did a Scan in safe mode and it didnt find anything I downloaded AVG Antivirus free from download com and tried to insgtall it but it wont run the installation process I am able to connect to internet with my effected computer But it won't OPEN any anti-virus site I am able to Win32/adware.virtumonde And Win32.privacyremover.m64 search on google but when I click on any link it goes to some adware website and doesn't go to the link I click on Now my computer wont also connect on this site And I cant download the ComboFix tool I can only go to some sites like msn com and google comMy effected computer is besides me now I am using my landlord's computer My computer is my best friend Please tell me how can i make it good I will not have access to my landlord's computer till long I can use Outlook on my computer and send mails through it So if you want to know some details from my computer i can copy them on outlook and send it by email to my landlord's computer and then post it here and u can read it Please help me ASAP Please SOS Thanks and God bless ok i have figured out that i can go to any site from the computer that is working download anything and with the help of a USB take it to the infected computer and run it on that so please tell me what needs to be doneHi I saved the Hijackthis notepad file in txt format and brought it to this computer I have made no changes to it Here are the contents Please help me now and if u need any other details please tell me I am waiting for the earliest help please ---------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWSSystem smss exeC WINDOWSsystem winlogon exeC WINDOWSsystem services exeC WINDOWSsystem lsass exeC WINDOWSsystem svchost exeC WINDOWSSystem svchost exeC WINDOWSsystem S EvMon exeC Program FilesLavasoftAd-Awareaawservice exeC WINDOWSsystem spoolsv exeC PROGRA McAfeeMSCmcmscsvc exec program filescommon filesmcafeemnamcnasvc exec PROGRA COMMON mcafeemcproxymcproxy exeC PROGRA McAfeeVIRUSS mcshield exeC Program FilesCommon FilesMicrosoft SharedVS DEBUGMDM EXEC Program FilesMcAfeeMPFMPFSrv exeC WINDOWSsystem RegSrvc exeC WINDOWSsystem svchost exeC Program FilesViewpointCommonViewpointService exeC WINDOWSsystem svchost exeC WINDOWSsystem ZCfgSvc exeC PROGRA McAfee comAgentmcagent exeC WINDOWSExplorer EXEC WINDOWSsystem XConfig exeC Program FilesSigmaTelSigmaTel AC Audio Driversstacmon exeC WINDOWSsystem hkcmd exeC program filesdellquicksetquickset exeC Program FilesApointApoint exeC Program FilesJavajre binjusched exeC WINDOWSvsnpstd exeC WINDOWSsystem lphcg tj ec exeC WINDOWSsystem ctfmon exeC Program FilesApointApntex exeC PROGRA McAfeeVIRUSS mcsysmon exec PROGRA mcafeemscmcuimgr exeC Program FilesJavajre binjucheck exeC Program FilesInternet ExplorerIexplore exeC Documents and SettingsOwnerDesktopHiJackThis exeR - HKCUSoftwareMicrosoftInternet ExplorerMain SearchAssistant http in rediff com index htmlR - HKCUSoftwareMicrosoftInternet ExplorerMain Search Bar http g msn fr SEFRFR SAOS R - HKCUSoftwareMicrosoftInternet ExplorerMain Start Page about blankR - HKLMSoftwareMicrosoftInternet ExplorerMain Default Page URL http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Search Page http go microsoft com fwlink LinkId R - HKLMSoftwareMicrosoftInternet ExplorerMain Start Page http go microsoft com fwlink LinkId R - UR... Read more

A:Win32/adware.virtumonde And Win32.privacyremover.m64

does anyone think they will have a solution anytime soon? it's nite over here
i tried to work with that combofix. i tried to install it on my machine...but it said, "combofix has detected the presence of rootkit activity and needs to reboot the machine".

now i am trying to reboot my machine but its hanging up all the time.

is there any solution????

http://www.bleepingcomputer.com/forums/t/165044/win32adwarevirtumonde-and-win32privacyremoverm64/
Relevancy 83.85%

In Win32/privacyremover.n64 + Win32/adware.virtumonde the past few days I have found that my computer is infected My desktop wallpaper would change and an ad appeared telling me my computer was infected with Win adware virtumonde Win privacyremover n However my computer was still usable Then last night I was unable to open links from Win32/adware.virtumonde + Win32/privacyremover.n64 search engines Instead a new window would pop up and I would be taken to an irrelevant webpage Anything from my favorites list still worked Today I was unable to open the internet at all When I double clicked the IE icon I received the following message Using a free version of the program SpyHunter which I had downloaded while the internet was still accessible I found where many of the files were located and manually deleted many of them However SpyHunter also told me that registry values needed fixing and I didn t want to mess with those I also use Avast but it didn t seem to be able to remove it The computer is a little temperamental now I am able to open one internet window but it seems that I m now getting the same error message when I attempt to open another I d appreciate any and all help ETA - thought I might mention that I've already tried VundoFix exe and it didn't detect anything on my computer Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS system drivers dcfssvc exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system HPZipm exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system fxssvc exeC WINDOWS Explorer EXEC Program Files Windows Media Player WMPNetwk exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS System alg exeC PROGRA ALWILS Avast ashDisp exeC Program Files QuickTime qttask exeC Program Files Enigma Software Group SpyHunter SpyHunter exeC WINDOWS System DSentry exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Roxio Easy CD Creator DirectCD DirectCD exeC Program Files Java jre bin jusched exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Windows Media Player WMPNSCFG exeC WINDOWS system igfxpers exeC WINDOWS system hkcmd exeC Program Files iPod bin iPodService exeC Program Files Belkin F D Belkinwcui exeC Program Files Internet Explorer iexplore exeC Program Files Java jre bin jucheck exeC Program Files Microsoft Office OFFICE WINWORD EXEC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page www google com au R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot... Read more

A:Win32/adware.virtumonde + Win32/privacyremover.n64

Hello Butterfly*, Are you running two antivirus programs on this computer (AVAST and Norton)? Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

http://www.bleepingcomputer.com/forums/t/170189/win32adwarevirtumonde-win32privacyremovern64/
Relevancy 83.85%

my wallpaper on my desktop says:

Warning! Spyware detected on your computer!

below that is another message in a blue box with the message:

Install an antivirus or spyware remover to clean your computer:

It also says that i have been infected with win32/privacyremover.m64 AND win32/adware.virtumonde/

Have run spyware and AVG antivirus but no joy
I have added HJT log
Any help would be greatly appreciated
 

A:win32/privacyremover.m64 AND win32/adware.virtumonde/

heres the HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:52, on 19/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmfg.exe] C:\WINDOWS\system32\kdmfg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program... Read more

https://forums.techguy.org/threads/win32-privacyremover-m64-and-win32-adware-virtumonde.741360/
Relevancy 83.42%

Hi I tried to find info on this and couldn t and I don t have much time since I m using someone else s computer and I am really scared I was on google today and this message and virtumonde sys32.privacyremover "Spyware Message detected" Window's about quot Antivirus SP Install quot came up and I tried to cancel it but Window's Message "Spyware detected" sys32.privacyremover and virtumonde I m not sure what happened and then everything froze When I rebooted my desktop was white with a message saying quot Window s warning Spyware Detected on your Computer and the names were something like sys privacyremoverms and another one I am scared to turn my computer on again so I cannot get the exact names I tried running Norton and it found something but then shut down and when I tried to reboot the next time I could not do anything there is just an hourglass so I turned it off again and left it off I had a virus a few years ago that someone on here helped me fix thank you but I don t remember anything including how to put my computer in safe mode I m in med school and in the middle of studying for boards so this is the worst possible timing and I don t know what to do If noone can help me on here maybe there is a suggestion of where I could take my computer nbsp

A:Window's Message "Spyware detected" sys32.privacyremover and virtumonde

Is this the same machine?
http://forums.techguy.org/windows-nt-2000-xp/743355-please-help-spyware-message-desktop.html
 

https://forums.techguy.org/threads/windows-message-spyware-detected-sys32-privacyremover-and-virtumonde.743363/
Relevancy 75.68%

Hi guys My computer was recently infected with Virtumonde and privacyremover I've ran multiple Virtumonde/privacyremover spyware trojan removal tools and I think my computer's clean now but not sure I've never used hijackthis before but I was wondering if anyone could check my log Oh and I'm running hard drives with a total of partitions will this be a Virtumonde/privacyremover problem Will hjt automatically scan the other partitions or will I have to manually do it Cheers Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes H WINDOWS System smss exe H WINDOWS system winlogon exe H WINDOWS system services exe H WINDOWS system lsass exe H WINDOWS Virtumonde/privacyremover system Ati Virtumonde/privacyremover evxx exe H WINDOWS system svchost exe H WINDOWS System svchost exe H WINDOWS system Ati evxx exe H WINDOWS system spoolsv exe J PROGRA AVG avgwdsvc exe H Program Files Bonjour mDNSResponder exe H WINDOWS system PnkBstrA exe H WINDOWS system svchost exe H Program Files Common Files Pure Networks Shared Platform nmsrvc exe J PROGRA AVG avgrsx exe J PROGRA AVG avgemc exe H WINDOWS Explorer EXE J PROGRA AVG avgtray exe J Program Files RocketDock RocketDock exe H WINDOWS system ctfmon exe H WINDOWS System svchost exe J Program Files CCleaner CCleaner exe H Program Files Common Files Adobe Installers dcfd b e b f f Setup exe H WINDOWS system msiexec exe J Program Files Mozilla firefox exe H WINDOWS system MsiExec exe H Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - H Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - J Program Files AVG avgssie dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - J PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - H Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - J PROGRA AVG AVGTOO DLL O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - J Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - J Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - J PROGRA AVG AVGTOO DLL O - HKLM Run AVG TRAY J PROGRA AVG avgtray exe O - HKCU Run RocketDock quot J Program Files RocketDock RocketDock exe quot O - HKCU Run ctfmon exe H WINDOWS system ctfmon exe O - HKUS S- - - Run CTFMON EXE H WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE H WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE H WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE H WINDOWS system CTFMON EXE User 'Default user' O - Extra button no name - B E C - FCB- CF-AAA - C - H Program Files Java jre bin ssv dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - H Program Files Java jre bin ssv dll O - Extra button Research - B - CC- C -B BE- C C A - J PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - J PROGRA SPYBOT SDHelper dll O - Extra 'Tools' menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - J PROGRA SPYBOT SDHelper dll O - Extra button no name - e e dd -d - - b -f ba - H WINDOWS Network Diagnostic xpnetdiag exe O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - H WINDOWS Network Diagnostic xpnetdiag exe O - Extra button Messenger - FB F -F - d -BB E- C F - H Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - H Program Files Messenger msmsgs exe O - Protocol linkscanner - F C- F - D -A D -FBDDE F D... Read more

http://www.techsupportforum.com/forums/f284/virtumonde-privacyremover-302016.html
Relevancy 75.68%

About a week ago I ran into the virtumonde privacyremover messages on my desktop - along with problems with internet explorer not being able to install antivirus programs restore points deleted etc Long story short I managed to get symptom-free in about two days but I of course figured something had to be left behind and ran some scans to look for any lurking problems I ve been running various scanners avg adaware malwarebytes kapersky superantispyware amp hijackthis and each one detected removed a few more threats that the previous ones seemed to have missed By the time I got to Kaspersky read about it on this site thanks to sjpritch it seemed to detect the last of it I deleted what Kaspersky found and superantispyware hasn t come up with anything so I m hoping I ve finally got to the end of this The only problem I have right now is that winamp crashes whenever I try to open and virtumonde Privacyremover it never used to before I ran hijackthis but don t really know how to interpret Privacyremover and virtumonde it I ve attached a log file What this all boils down to is that I really just want to know how I can ensure this is completely gone - since a lot of the scanners I ve run before have missed things Thanks P S AVG keeps processes running even after I close it in the system tray In Task Manager the process is called quot avgrsx exe quot and when I try to end it or the tree by force nothing happens I ve had to uninstall it to run other scanners and that seems to be the only way to make the process go away I m hoping this is just an unfortunate quirk of AVG but I thought I d check with the experts just to be extra sure it s not indicative of a problem nbsp

https://forums.techguy.org/threads/privacyremover-and-virtumonde.746433/
Relevancy 72.24%

My background screen turned into this screen with a "windows error" saying that I had the following:

Win32/Adware.Virtumonde
Win32/Adware.PrivacyRemover.M64

and to run my security(?)something to that extent as soon as possible.

I have ZoneAlarm Security on my computer, so i tried opening that up but it wouldn't allow me to do so. I went ahead and shut my computer down (bad idea). When i restarted it it shows "windows" on startup then goes straight back to the error screen.

Only now I cant see icons, or my start bar.

I figured i would try running in ms dos. and figure it out from there but it wont allow me to do that either. My Monitor keeps staying on power saving mode till windows and this error show up. Help! IDK what to do.

Thanks

Kara
 

https://forums.techguy.org/threads/adware-virumonde-privacyremover-m64-virus-help.743149/
Relevancy 67.51%

I am new at most of this but have searched and Windows Warning Solved: detected win32/adware.virtumonde - Message Spyware tried to enter safe mode but It will not let me do any thing in any log on to windows I copied someones post from a few weeks ago here it is Solved: Windows Warning Message - Spyware detected win32/adware.virtumonde Booted it up this afternoon and after logging on all i got was a blue Solved: Windows Warning Message - Spyware detected win32/adware.virtumonde screen with a window quot Warning quot Spyware detected on your computer quot It says i should install an anti-virus or spyware remover to clean up my computer quot Then lists two warnings win adware virtumondo and win privacyremover m as being present on my computer It won t let me do anything I ve shut the laptop down and re-booted but same thing happens Doesn t even give the option of restarting in safe mode I cant see anything On the other log on names My family it just goes to a dell desk top but nothing else no start bar or anything When i hit Ctrl alt Del nothing shows up in the box nbsp

A:Solved: Windows Warning Message - Spyware detected win32/adware.virtumonde

thanks for the help. Or lack of it. I will just pay someone to do it.
 

https://forums.techguy.org/threads/solved-windows-warning-message-spyware-detected-win32-adware-virtumonde.750293/
Relevancy 59.77%

Hello So I ve had this problem shamefully for many weeks and I ve just gotten around to seeking help The problem began memory. Adware.Facati? Adware.Virtumonde; Operating Trojan.Vundo; when NOD popped up and said there was a threat on a website can t remember what and don t have Trojan.Vundo; Adware.Virtumonde; Adware.Facati? Operating memory. a log Afterwards my Trojan.Vundo; Adware.Virtumonde; Adware.Facati? Operating memory. Internet Explorer would open up every couple of minutes by itself and direct me to random websites for products Internet Explorer was not my primary browser I ran an in-depth scan with NOD and used SUPERAntiSpyware and the popups stopped The threats that were found and deleted only by SUPERAntiSpyware Trojan Vundo-Variant small-genTrojan Vundo-Variant NEXTGenAdware Vundo VariantRogue Component TraceAnd a lot of tracking cookiesCurrently my computer still randomly slows down my Desktop disappeared to a white screen with quot Active Desktop Recovery quot degraded-quality desktop icons and a button that says quot Restore Desktop quot which doesn t work Automatic Updates is always turned off and won t stay on Every time I use the Shift button below my Enter key my computer beeps Lastly my fingerprint scanner on startup recognizes and approves my scan but doesn t log me on quot Cannot log on user quot Scanning last night and today these threats were found by both NOD and SUPERAntiSpyware C Qoobox Quarantine C WINDOWS system byyoykty dll vir - a variant of Win Adware Virtumonde NEE applicationC Qoobox Quarantine C WINDOWS system gaqkhq dll vir - a variant of Win Adware Virtumonde NEE applicationC Qoobox Quarantine C WINDOWS system qoMfefEw dll vir - a variant of Win Adware Virtumonde NEE applicationC Qoobox Quarantine C WINDOWS system ujbbtvif dll vir - a variant of Win Adware Virtumonde NEE applicationC WINDOWS system niqybibb dll - a variant of Win Adware Virtumonde NEE applicationC WINDOWS system yviwvbqa dll - a variant of Win Adware Virtumonde NEE applicationOperating memory - a variant of Win Adware Virtumonde NEE applicationc windows system grytcwjl dll - a variant of Win Adware Virtumonde NEE applicationAdware Fecati ResidentTrojan Downloader-NewJuan VMTrojan Vundo-Variant small-genTrojan Vundo-Variant NextGenTrojan Vundo-Variant NextGen-sixAdware Vundo VariantAdware Vundo Variant RelRogue Component TraceIt said everything was automatically deleted but the problems still persist And every few days when I rescan many of them will reappear Any direction in these problems would be great I wasn t sure whether or not to break this thread up into several since technically there are a number of issues though most of them are related or identified If this doesn t comply with the forum rules please advise Jared

A:Trojan.Vundo; Adware.Virtumonde; Adware.Facati? Operating memory.

Let's start with Malwarebytes...Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/t/203939/trojanvundo;-adwarevirtumonde;-adwarefacati-operating-memory/
Relevancy 52.03%

Hello I believe I have Adware VirtuMonde on my PC I get random pop-ups in IE even though I use Firefox Norton detects it Adware.VirtuMonde, help! Log, HJT but does nothing I ran Spybot - Search and Destroy and it found it but couldn t delete it I ran HJT and made a log if someone could please look at it for me Here s my system specs really quick Its a Dell XPS DXP Pentium D CPU GHz GB of RAM Running on Microsoft Windows XP Media Center Edition Version w Service Pack I m running both Ad-Aware Pro and Norton both full updated Here s the HJT log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost Adware.VirtuMonde, HJT Log, help! exe C Adware.VirtuMonde, HJT Log, help! Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS ehome ehtray exe C Program Files Java jre bin jusched exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C WINDOWS system CTHELPER EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files Common Files Real Update OB realsched exe C Program Files Adobe Acrobat Acrobat Acrotray exe C WINDOWS system WLTRAY exe C WINDOWS system RUNDLL EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files Lavasoft Ad-Aware Ad-Watch exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C WINDOWS system CTsvcCDA EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system nvsvc exe C WINDOWS ehome RMSvc exe C WINDOWS system svchost exe C Program Files Wireless-N PCI Adapter WLService exe C Program Files Wireless-N PCI Adapter WMP N exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Weather Watcher ww exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe O - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exe O - HKLM Run CTSysVol C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe r O - HKLM Run CTDVDDET quot C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE quot O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run ISUSPM Startup... Read more

Relevancy 52.03%

Greetings I have been trying for nearly days to rid a Virtumonde Adware Dell Optiplex GX WinXP system of a Virtumonde infection to no avail Here is what I have done so far The system uses Norton Protection all current The application did not detect Virtumonde I ran the fixvmonde tool from Symantec and it also detected nothing I did run it in safe mode with System Restore disabled and it came out clean When I start in normal mode it is once Virtumonde Adware again detected by Spybot Spybot SD does pick it up but once fixed it returns I ran hijack this and here are the results Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Conversions Plus FORMATM EXEC WINDOWS system svchost exeC WINDOWS System alg exeC WINDOWS Explorer EXEC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC WINDOWS mrofinu exeC WINDOWS system ctfmon exeC Program Files Google Google Updater GoogleUpdater exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Conversions Plus MacName exeC Documents and Settings Danielle Diamond Desktop Plauto exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files iPod bin iPodService exeC Documents and Settings Linda Diamond Desktop FxVMonde exeC Program Files Spybot - Search amp Destroy SpybotSD exeC DOCUME LINDAD LOCALS Temp Rootkit Detective exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net home htmlR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exeO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run DXDllRegExe dxdllreg exeO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run IMEKRMIG C WINDOWS ime imkr IMEKRMIG EXEO - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run MacLicense quot C Program Files Conversions Plus MacLic... Read more

A:Virtumonde Adware

Hello Erick P. Harrison and welcome to the BC HijackThis forum. To start, if System Restore is still disabled I would highly recommend re-enabling it. Even if a restore point is infected, when removing malware or making any changes to the system without a fallback could easily mean a complete format/reinstall. Enough said.Now, let's see what we can find with a different scanner.Before running the scan let's clean out the temporoary folders. Download ATF CleanerDouble-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.Cheers.OT

http://www.bleepingcomputer.com/forums/t/129801/virtumonde-adware/
Relevancy 52.03%

I was just recently struck with Adware Virtumonde and I need help My HJT log is C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe Adware.Virtumonde C WINDOWS System svchost exe C WINDOWS system Adware.Virtumonde spoolsv exe C WINDOWS Explorer EXE C Program Files ESET ESET NOD Antivirus ekrn exe C WINDOWS winself exe C WINDOWS System nvsvc exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system wscntfy exe C Program Files TortoiseSVN bin TSVNCache exe C WINDOWS system ctfmon exe Adware.Virtumonde C WINDOWS RTHDCPL EXE C WINDOWS system RUNDLL EXE C Program Files LClock LClock exe C Program Files VisualTooltip VisualToolTip exe C Program Files Styler Styler exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Bat X Bat exe C PROGRA Mozilla Firefox firefox exe C Program Files Ventrilo Ventrilo exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL Adware.Virtumonde http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AIM Toolbar aoltb dll F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system wmsdkns exe O - BHO no name - - - dd -be f- d - no file O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files TechSmith SnagIt SnagItBHO dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - ace- - c -a ff-c d - no file O - BHO no name - c c-e - a -a ac-b a e d - no file O - BHO no name - e f -eec - a -add -cd f c - no file O - BHO no name - e bd f- b d- e- c -ce eb a d - no file O - BHO no name - dafd - b - c e-bd - ca b - no file O - BHO no name - fa a-c a - - c - ae ab - no file O - BHO no name - cc -b - fe - b- a e e a - no file O - BHO BatBHO - F B-C - -A AA- EC EC - C Program Files Bat Bat dll file missing O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AIM Toolbar aoltb dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - BD - AA- D - A -E C A C - C WINDOWS system efcYPjIc dll O - BHO no name - aea - d d- d - dc- f a f - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - a f- efa- - - f - no file O - BHO no name - c b f - f - -a b - d e - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO no name - cf f - e - a -cba - - no file O - BHO no name - fc a e -f - f -ae e- f c - no file O - BHO no name - ffff - - a-a c - b f fb - no file O - Toolbar StylerToolBar - D F F - B- EA - FA -A D E F - C Program Files Styler TB StylerTB dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dll O - Toolbar AIM Toolbar - DE C F- - A - B-AA ED D - C Program Files AOL AIM Toolbar aoltb dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run NvCplDaemon ... Read more

https://forums.techguy.org/threads/adware-virtumonde.707146/
Relevancy 52.03%

Hello all cant remove it Used already all antivirus softwares Nothing helped What to do Logfile of :virtumonde Adware Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files ESET ESET Smart Security ekrn exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS Adware :virtumonde system svchost exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files Analog Devices SoundMAX SMax PNP exeC WINDOWS AGRSMMSG exeC WINDOWS system hkcmd exeC Program Files Java jre bin jusched exeC Program Files ESET ESET Smart Security egui exeC WINDOWS system ctfmon exeC Program Files Common Adware :virtumonde Files Ahead lib NMBgMonitor exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKCU Software Microsoft Internet Connection Wizard ShellNext http samlab ws O - BHO no name - FCD- D- AD - FA-B D F - no file O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files TechSmith SnagIt SnagItBHO dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Reader ActiveX AcroIEHelper dllO - BHO IE to GetRight Helper - FF D- A - A-A EF- BA A E - C Program Files GetRight xx gr dllO - BHO no name - AB D-B C - F -A - BA D - no file O - BHO no name - E - - BCA-A BB- B FCC - no file O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO no name - B A C - E F- E C- C C- F C - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - A CA-CA F- B- -B A BB - C WINDOWS system awtspqq dllO - BHO no name - DE B - B- -A - AC DD - no file O - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dllO - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar no name - BF - F - - - FE E AA - no file O - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run SoundMAXPnP C Program Files Analog Devices SoundMAX SMax PNP exeO - HKLM Run SoundMAX C Program Files Analog Devices SoundMAX Smax exe trayO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run c f f a rundll exe quot C WINDOWS system dchviahg dll quot bO - HKLM Run egui quot C Program Files ESET ESET Smart Security egui exe quot hide waitserviceO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead lib NMBgMonitor exe quot O - HKCU Run ccleaner quot C Program Files CCleaner CCleaner exe quot AUTOO - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exeO - HKCU Policies Explorer Run Windows Security Tool WinSecure exeO - HKCU Policies Explorer Run NTSpool NTSpool exeO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Default user' O - Extra context menu item Download with GetRight Pro - C Program Files GetRight GRdownload htmO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra context menu item Open with GetRight Pro Browser - C Program Files GetRight GRbrowse htmO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll... Read more

A:Adware :virtumonde

I have attached the screenshot of my PC antiviruse's qarantine.

http://www.bleepingcomputer.com/forums/t/137686/adware-virtumonde/
Relevancy 52.03%

i have been infected by this virus. i have tried different anti virus software i.e. spy ware doc and spy hunter 3 all of which hav'nt removed it
 

https://forums.techguy.org/threads/win-32-adware-virtumonde.742858/
Relevancy 52.03%

first experience was a pop up that said I was infected with adware win amp virtumonde tried directing me to buy amp I closed everything out did everything on your preperation list running avg rather than adware seemed to get better after stinger then cam back after reboot I can do a google or dogpile etc search it will come back with relevent results you click on something amp you can see it re-directing to go google bla bla bla amp comes back with a buch of crap ads thank you very muchDaveLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC PROGRA AVG AVG avgwdsvc exeC WINDOWS system svchost exeC PROGRA AVG AVG avgrsx exeC Program Files Java jre bin jusched exeC Program Files eMachines Bay Reader shwiconem exeC Program Files Intel PROSetWired NCS Virtumonde Win Adware 32 PROSet PRONoMgr exeC WINDOWS SOUNDMAN EXEC WINDOWS ALCWZRD EXEC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files HP Digital Imaging bin hpqtra Adware Win 32 Virtumonde exeC Program Files Common Files Microsoft Shared Works Shared wkcalrem exeC WINDOWS system HPZipm exeC WINDOWS system wuauclt exeC Program Adware Win 32 Virtumonde Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS System svchost exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - ca f - f e- b -a e- e e c c - C Program Files AVG AVG avgssie dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Notifier BHO - af de - d - -b fa-ce b ad d - C Program Files Google GoogleToolbarNotifier swg dllO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exeO - HKLM Run SunKistEM C Program Files eMachines Bay Reader shwiconem exeO - HKLM Run PRONoMgrWired C Program Files Intel PROSetWired NCS PROSet PRONoMgr exeO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run AlcWzrd ALCWZRD EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exeO - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run sysrest exe C WINDOWS system sysrest exeO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl e... Read more

A:Adware Win 32 Virtumonde

HiPlease Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

http://www.bleepingcomputer.com/forums/t/171774/adware-win-32-virtumonde/
Relevancy 52.03%

Help guys I just got my boyfriend s laptop infected with this Adware Virtumonde He s so going to kill me From my own reading it s the latest version of Virtumonde adware I can t just seems to remove tuvvvww dll no matter how i did it with killbox or dr delete I hope someone can help me to remove it Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System S EvMon exe C - HJT Adware.Virtumonde.197 Need help with log WINDOWS system ZCfgSvc exe C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C WINDOWS System XConfig exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C WINDOWS System hkcmd exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files IVT Corporation BlueSoleil BTNtService exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS System bcmntray exe C Program Files Multimedia Card Reader shwicon k Need help - Adware.Virtumonde.197 with HJT log exe C Program Files Java jre bin jusched exe C WINDOWS System RegSrvc exe C Program Files TrojanHunter THGuard exe C Program Files Microsoft ActiveSync WCESCOMM EXE C WINDOWS System snmp exe C WINDOWS System svchost exe C Program Files SpywareGuard sgmain exe C WINDOWS system fxssvc exe C Program Files SpywareGuard sgbhp exe C WINDOWS system cmd exe C WINDOWS System taskmgr exe C Program Files Internet Explorer iexplore exe C Download program files HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL about blank R - HKCU Software Microsoft Internet Explorer Main Search Bar about blank R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cus http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su ymsgr http www yahoo com R - URLSearchHook ICQ Toolbar - F B - D - fe - A -BBB - C Program Files ICQToolbar toolbaru dll O - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO no name - D CB -C CD- c f-BFDC- B AFBDC C - C WINDOWS system tuvvvww dll O - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dll O - Toolbar ICQ Toolbar - F B - D - fe - A -BBB - C Program Files ICQToolbar toolbaru dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run Broadcom Wireless Manager UI C WINDOWS System bcmntray O - HKLM Run PRONoMgr exe C Program Files Intel PROSetWireless NCS PROSet PRONoMgr exe O - HKLM Run Sunkist k C Program Files Multimedia Card Reader shwicon k exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run THGuard quot C Program Files TrojanHunter THGuard exe quot O - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync WCESCOMM EXE quot O - Startup SpywareGuard lnk C Program Files SpywareGuard sgmain exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item amp ICQ Tool... Read more

A:Need help - Adware.Virtumonde.197 with HJT log

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

 

https://forums.techguy.org/threads/need-help-adware-virtumonde-197-with-hjt-log.481132/
Relevancy 52.03%

Okay so here it is I suck at computers right off the bat not gonna lie So please thoroughly explain any help okay First off The Me I Virtumonde.1 Have Help Adware! I know I have something wrong in my system because it has slowed a TON Help Me I Have The Virtumonde.1 Adware! Plus My Windows Defender Beta keeps telling me I have the Virtumonde Adware Help Me I Have The Virtumonde.1 Adware! and it s a high risk I run the deletion files and restart the computer but every time I do when the computer comes back on again lo and behold Windows Defender crops up again and says I need to delete it again It s like it either never really removes it or it keeps coming BACK and I have no idea what to do to fix it I ve tried to dowload a few fixing things but you have to pay for them and I don t kow what to trust online anymore Even if it says it ll delete it how do I know it really will or that it is in fact a virus in itself As a side note I keep getting warnings that pop up on my computer from quot sysprotect quot and it says to add remove programs I always x it out because when I was going to scan the computer as it says to I get a warning sign like it is unsafe to download More afraid of downloading something than simply ignoring it I ve chosen the latter But I can t get rid of it either and it s very annoying and it makes me wonder what ELSE is going wrong on my system that I don t know about Please help I can t afford for a professional to fix my computer again I need to do it myself now because it just costs WAY too much DESPERATE

A:Help Me I Have The Virtumonde.1 Adware!

Hello Ihatecomputersomg,I would recommend following the following tutorial, then posting a HijackThis log in our forum, and a specialist removal expert will help you to remove this spyware.Preparation Guide For Use Before Posting A HijackThis Log Hope you get cleaned up soon.. Charles

http://www.bleepingcomputer.com/forums/t/53728/help-me-i-have-the-virtumonde1-adware/
Relevancy 52.03%

hello,
im having trouble with adware.virtumonde and trojan downloaders/horses for a long time now, i was wondering if you could help me because they keep coming back...

-AMD Athlon 64 X2 Dual Core processor 4200+
-M2N8-vmx motherboard
-1BG RAM
-NVIDIA Geforce EN8600GTS SILENT
-MS Windows XP SP2
and i use AVG antivirus/antispyware
please use normal english, im dutch and just 15

goolger
P.S: paretologic anti-spyware found vundo-trojan in registry keys: software\microsoft\juan and software\microsoft\uniqdata

by the way Webroot spy sweeper found virtumonde in registry key: HKLM\software\microsoft\uniqdata\ and registry key: HKLM\software\microsoft\aoprndtws\
and found trojan-pushu in registry key: HKLM\system\controlset001\enum\root\legacy_secdrv\
and in registry key: HKLM\system\controlset002\enum\root\legacy_secdrv\

i hope you can help me remove this from my computer
 

https://forums.techguy.org/threads/adware-virtumonde-and-others.589020/
Relevancy 52.03%

Hello there, James here.

I have recently picked up the Virtumonde spyware, with the warning message planting itself on my desktop.

I am getting all sorts of funny pop-ups in IE and I am searching for a solution.

I don't know an awful lot about computers and technical terms, so I would be most grateful for some assistance in cleaning up my computer.

Regards
 

A:Virtumonde Adware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:46, on 14/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\JAMESW~1\LOCALS~1\Temp\bilmcmkj.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = inventorydatabase.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Fil... Read more

https://forums.techguy.org/threads/virtumonde-adware.749778/
Relevancy 52.03%

Hi everybodyI got a huge problem with Adware VirtuMonde Got it scanned by NAV it could not delete the tool I downloaded did not work either Performed all the steps in the safe mod but the file is still locked out there Adware.VirtuMonde Logfile of HijackThis Adware.VirtuMonde v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Symantec Client Security Symantec Client Firewall ISSVC exeC Program Files Common Files Symantec Shared SNDSrvc exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Symantec Client Security Symantec AntiVirus DefWatch exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC WINDOWS System svchost exeC Program Files Symantec Adware.VirtuMonde Client Security Symantec AntiVirus Rtvscan exeC Program Files Symantec Adware.VirtuMonde Client Security Symantec Client Firewall SymSPort exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC PROGRA SYMANT SYMANT VPTray exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Common Files Real Update OB realsched exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Java j re bin jusched exeC WINDOWS SM BG EXEC WINDOWS system spool drivers w x hpztsb exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS system hkcmd exeC Program Files Microsoft AntiSpyware gcasServ exeC WINDOWS system dla tfswctrl exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC Program Files Dell QuickSet quickset exeC Program Files Dell AccessDirect dadapp exeC Program Files Common Files Symantec Shared ccApp exeC WINDOWS BCMSMMSG exeC Program Files Adobe Acrobat Distillr acrotray exeC Program Files Dell AccessDirect DadTray exeC Program Files Microsoft AntiSpyware gcasDtServ exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC DOCUME Owner LOCALS Temp Temporary Directory for hijackthis zip HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride N - Netscape user pref quot browser startup homepage quot quot http www yahoo com quot C Documents and Settings Owner Application Data Mozilla Profiles default xcvbm z slt prefs js N - Netscape user pref quot browser search defaultengine quot quot engine C A CProgram Files CNetscape CNetscape Csearchplugins CSBWeb src quot C Documents and Settings Owner Application Data Mozilla Profiles default xcvbm z slt prefs js O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - B CA - A - D -A DF- BB - no file O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO MSEvents Object - DC -DD F- A -A - EB A - C WINDOWS msagent CHARS srvmfc dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO no name - FDD B - D - ffb- - B AD ACC - no file O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files... Read more

A:Adware.VirtuMonde

I found the solution. There is ample info on this web-site as well as Help2go and MajorGeeks. MY NAV shows no more VirtuMonde.

http://www.bleepingcomputer.com/forums/t/32353/adwarevirtumonde/
Relevancy 52.03%

My adware.Virtumonde system is infected with adware and it's become very slow I have NOD installed and it has detected opnonnKD dll and shows the threat as 'win adware.Virtumonde adware Virtumonde application' NOD is unable to delete it When i try deleting it manually it says some other program is using it Below I have pasted the hijack log Pls help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Analog Devices SoundMAX Smtray exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Intel Intel R Active Monitor imontray exe C WINDOWS CameraFixer exe C WINDOWS tsnpstd exe C WINDOWS vsnpstd exe C Program Files Java jre bin jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C WINDOWS system USBcillin exe C DOCUME ADMINI LOCALS Temp Rar EX cpe antiautorun exe C Program Files ESET ESET NOD Antivirus egui exe C WINDOWS system ctfmon exe C Program Files Internet Download Manager IDMan exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Messenger msmsgs exe C Program Files SEC MagicTune GammaTray exe C Program Files SEC Natural Color NaturalColorLoad exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files Intel Intel R Active Monitor imonnt exe C WINDOWS system wscntfy exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Internet Download Manager IEMonitor exe C WINDOWS system wuauclt exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer F - REG system ini UserInit C WINDOWS system userinit exe O - HKLM Run Smapp C Program Files Analog Devices SoundMAX Smtray exe O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run IMONTRAY C Program Files Intel Intel R Active Monitor imontray exe O - HKLM Run CameraFixer C WINDOWS CameraFixer exe O - HKLM Run tsnpstd C WINDOWS tsnpstd exe O - HKLM Run snpstd C WINDOWS vsnpstd exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run USBcillin C WINDOWS system USBcillin exe O - HKLM Run protect autorun C DOCUME ADMINI LOCALS Temp Rar EX cpe antiautorun exe start O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run IDMan C Program Files Internet Download Manager IDMan exe onboot O - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKUS S- - - RunOnce ShowDeskFix regsvr s n i u shell User 'LOCAL SERVICE' O - HKUS S- - - RunOnce ShowDeskFix regsvr s n i u shell User 'NETWORK SERVICE' O - HKUS S- - - RunOnce ShowDeskFix regsvr s n i u shell... Read more

http://www.techsupportforum.com/forums/f284/adware-virtumonde-252923.html
Relevancy 52.03%

My desktop has been infected with the error message about being infected with win adware virtumonde and the another I can t remember It s really slowing down my computer and I have used both spyware doctor and Spyware Search amp Destroy but after rebooting it still ends up there My HijackThis log Logfile of Trend with Help Adware.Virtumonde Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode with network support Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Spyware Doctor pctsTray Help with Adware.Virtumonde exe C Program Help with Adware.Virtumonde Files Internet Explorer Iexplore exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www pc-ap fujitsu com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS System DLA DLASHX W DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run IndicatorUtility C Program Files Fujitsu Fujitsu Hotkey Utility IndicatorUty exe O - HKLM Run LoadFUJ E C Program Files Fujitsu FUJ E FUJ E exe O - HKLM Run LoadBtnHnd C Program Files Fujitsu BtnHnd BtnHnd exe O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet Wireless O - HKLM Run EOUApp quot C Program Files Intel Wireless Bin EOUWiz exe quot O - HKLM Run DispSwitchLauncher C Program Files Fujitsu DispSwitch DispSwitchLauncher exe O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run LtMoh C Program Files ltmoh Ltmoh exe O - HKLM Run DLA C WINDOWS System DLA DLACTRLW EXE O - HKLM Run ATSwpNav quot C Program Files Fingerprint Sensor ATSwpNav quot -run O - HKLM Run LoadFujitsuQuickTouch C Program Files Fujitsu Application Panel QuickTouch exe O - HKLM Run FJUPDNV Chitose C Program Files Fujitsu updnavi updnavi exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exe O - HKLM Run Adobe Reader Speed Launcher quot C Program File... Read more

A:Help with Adware.Virtumonde

Sorry, I forgot to say that I was prompted to install a.exe but I exited it just in case that affects anything.
 

https://forums.techguy.org/threads/help-with-adware-virtumonde.742178/
Relevancy 52.03%

New forum member hope someone can help Processes javalib exe or dbimg exe running to cpu every seconds when I delete them they reappear have run ad aware spybot and norton AV which identify adware virtumonde but can't delete fix it below is a HiJackThis scan Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon adware.virtumonde rid can't get of exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system CTHELPER EXE C Program Files Logitech iTouch iTouch can't get rid of adware.virtumonde exe C PROGRA Logitech MOUSEW SYSTEM EM EXEC EXE C Program Files Common Files Symantec Shared ccApp exe C Program Files Common Files Real Update OB realsched exe C nathan qttask exe C WINDOWS system dbimg exe C WINDOWS system ctfmon exe C Program Files InterVideo can't get rid of adware.virtumonde Common Bin WinCinemaMgr exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS System CTsvcCDA exe C WINDOWS SYSTEM GEARSEC EXE C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus SAVScan exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS System MsPMSPSv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C WINDOWS system regsvr exe C DOCUME DAVIDC LOCALS Temp Temporary Directory for hjt zip HijackThis exe C Program Files Outlook Express msimn exe C Program Files Internet Explorer iexplore exe R - HKCU Software Microsoft Internet Explorer Main Search Bar about blank R - HKLM Software Microsoft Internet Explorer Main Search Bar about blank R - HKCU Software Microsoft Internet Explorer Search SearchAssistant about blank R - HKLM Software Microsoft Internet Explorer Search SearchAssistant about blank O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO CATLEvents Object - C FA - FDE- C -A BC-CB CF BE B - C DOCUME DAVIDC LOCALS Temp gmibd dat O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar PowerSearch - E BD F- B D- E-A E -EA FA AD D - C PROGRA POWERS Toolbar pwrscuz dll file missing O - HKLM Run WINDVDPatch CTHELPER EXE O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run Jet Detection quot C Program Files Creative SBLive PROGRAM ADGJDet exe quot O - HKLM Run CTStartup C Program Files Creative Splash Screen CTEaxSpl EXE run O - HKLM Run zBrowser Launcher C Program Files Logitech iTouch iTouch exe O - HKLM Run EM EXEC C PROGRA Logitech MOUSEW SYSTEM EM EXEC EXE O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run NAV CfgWiz C Program Files Common Files Symantec Shared CfgWiz exe GUID NAV CMDLINE quot REBOOT quot O - HKLM Run xaxsjiv C WINDOWS xaxsjiv exe O - HKLM Run rotmb C WINDOWS rotmb exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run NeroCheck C WINDOWS System NeroCheck exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run QuickTime Task quot C nathan qttask exe quot -atboottime O - HKLM Run cmdvga C WINDOWS msagent cmdvga exe O - HKLM Run sysav C WINDOWS Config sysav exe O - HKLM Run adrun C WINDOWS system adrun exe O - HKLM Run faxinfo C WINDOWS system faxinfo exe O - HKLM Run catvss C WINDOWS Web catvss exe O - HKLM Run crw C WINDOWS system crw exe O - HKLM Run infowin C WINDOWS inf infowin exe O - HKLM Run wmstcp C WINDOWS inf wmstcp exe O - HKLM Run playcat C WINDOWS ServicePackFiles playcat exe O - HKLM Run accdoc C WINDOWS Config accdoc exe O - HKLM Run cwin C WINDOWS Web cwin exe O - HKLM Run diskav C WINDOWS msagent chars diskav exe O - HKLM RunOnce dbimg C WINDOWS system dbimg exe rerun O - HKCU Run... Read more

A:can't get rid of adware.virtumonde

Hi Davco and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download Index.dat Suite to clean out all the temp folders. Do not run it yet.

Download CWShredder and click on Fix (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\system\dbimg.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MyWebSearch
GetRight

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: CATLEvents Object - {C69FA570-7FDE-4C49-A7BC-CB1CF24BE66B} - C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\gmibd.dat
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A0E4-EA6FA787AD2D} - C:\PROGRA~1\POWERS~2\Toolbar\pwrscuz2.dll (file missing)
O4 - HKLM\..\Run: [xaxsjiv] C:\WINDOWS\xaxsjiv.exe
O4 - HKLM\..\Run: [rotmb] C:\WINDOWS\rotmb.exe
O4 - HKLM\..\Run: [*cmdvga] C:\WINDOWS\msagent\cmdvga.exe
O4 - HKLM\..\Run: [*sysav] C:\WINDOWS\Config\sysav.exe
O4 - HKLM\..\Run: [*adrun] C:\WINDOWS\system\adrun.exe
O4 - HKLM\..\Run: [*faxinfo] C:\WINDOWS\system32\2052\faxinfo.exe
O4 - HKLM\..\Run: [*catvss] C:\WINDOWS\Web\catvss.exe
O4 - HKLM\..\Run: [*crw] C:\WINDOWS\system\crw.exe
O4 - HKLM\..\Run: [*infowin] C:\WINDOWS\inf\infowin.exe
O4 - HKLM\..\Run: [*wmstcp] C:\WINDOWS\inf\wmstcp.exe
O4 - HKLM\..\Run: [*playcat] C:\WINDOWS\ServicePackFiles\playcat.exe
O4 - HKLM\..\Run: [*accdoc] C:\WINDOWS\Config\accdoc.... Read more

http://www.techsupportforum.com/forums/f100/cant-get-rid-of-adware-virtumonde-24593.html
Relevancy 52.03%

My son was using my computer and got it infected with Outerinfo, purityscan, morpheus, and who knows what else.. I have ran virus scans Avast, AVG, ran antispyware Windows defender (detects noting), AVG Anti-spyware 7.5. I have followed instructions from web searches, and deleted keywords found in the registry. I keep getting adware, and c:\windows\system32\xxywttu.dll adware.virtumonde thrown in my quarentine on AVG Anti-spy program. I have the system restore off I must be missing something...
 

A:Help.. Help adware.virtumonde

Logfile of HijackThis v1.99.1
Scan saved at 8:06:09 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalot.com/
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\gatktune.dll",realset
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Cxnnj] "C:\Documents and Settings\Keith Pauley\Application Data\F?nts\chkntfs.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PR... Read more

https://forums.techguy.org/threads/help-help-adware-virtumonde.574624/
Relevancy 52.03%

hi guys i try to remove it with adware help`me with please virtumonde fix spybot-search and destroy a nod but nothing both programas detect it and delete it but nothing vrtumonde is still in my pc help me x i try with VundoFix and help`me with fix adware virtumonde please found nothing Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Program Files ESET ESET NOD Antivirus egui exe C Windows system wbem unsecapp exe C Windows system rundll exe C Program Files Internet Explorer iexplore exe C Users pmtranced AppData Local Yahoo Messenger for Vista Yahoo Messenger YmApp exe C Program Files Winamp winamp exe E Games GG Platform help`me with fix adware virtumonde please GGclient exe C Program Files Internet Explorer iexplore exe C Windows explorer exe C Program help`me with fix adware virtumonde please Files Trend Micro HijackThis HijackThis exe C Windows system SearchFilterHost exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL about R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ro R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www google co uk R - HKLM Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run e f rundll exe quot C Windows system ygccimkq dll quot b O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - Extra button eBay co uk - Buy It Sell It Love It - - EC- E-A B- F C AFA - http rover ebay com rover - - - file missing O - Extra button no name - d f - f - d - - c a - C Windows bdoscandel exe file missing O - Extra Tools menuitem Uninstall BitDefender Online Scanner v - d f - f - d - - c a - C Windows bdoscandel exe file missing O - Extra button Amazon co uk - A C D-E - E -B - C E CE - http www amazon co uk exec obidos redirect-home tag Toshibaukbholink- amp site home file missing O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - HKLM System CCS Services Tcpip C E- - D -AC C- DFFDAD FA NameServer O - HKLM System CS Services Tcpip C E- - D -AC C- DFFDAD FA NameServer O - HKLM System CS Services Tcpip C E- - D -AC C- DFFDAD FA NameServer O - Service Agere Modem Call Progress Audio AgereModemAudio - Agere Systems - C Windows system agrsmsvc exe O - Service Ati External Event Utility - ATI Technologies Inc - C Windows system Ati evxx exe O - Service ConfigFree Service CFSvcs - TOSHIBA CORPORATION - C Program Files TOSHIBA ConfigFree CFSvcs exe O - Service Eset HTTP Server EhttpSrv - Unknown owner - C Program Files ESET ESET NOD Antivirus EHttpSrv exe O - Service Eset Service ekrn - ESET - C Program Files ESET ESET NOD Antivirus ekrn exe O - Service Cyberlink RichVideo Service CRVS RichVideo - Unknown owner - C Program Files CyberLink Shared files RichVideo exe file missing O - Service TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c Program Files Toshiba Bluetooth Toshiba Stack TosBtSrv exe O - Service SystemRoot System TuneUpDefragService exe - TuneUp Defrag - TuneUp Software GmbH - C Windows System TuneUpDefragService exe -- End of file - bytes I RUNNING WINDOWS VISTA HOME PREMIUM SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan T... Read more

https://forums.techguy.org/threads/help-me-with-fix-adware-virtumonde-please.685565/
Relevancy 51.17%

I started my computer Dell Dimension Windows XP Home Edition SP Internet Explorer and got this F-virus msg Spyware Detected Type Adware Name Adware Win Virtumonde Object C Documents and Settings Terry Local Settings Temporary Internet Files Content IE WLYRIR ptch and I keep getting pop-ups every few seconds that say Spyware detected Type Adware Name Adware Win Virtumonde Object C WINDOWS SYSTEM vtutqro dll and ssqrs dll and pxijjws dll I can t do anything I am logged on in safe mode just to get this to you I also got a Content IE OLYB PQ ptch and hctp Can you please help me This has been going on for a few days and seems to be spreading It just started with the adware msg Virtumonde in WINDOWS SYSTEM vtutqro dll and the ssqrs dll and now the others I have added my HJT Log hope it helps someone help me please Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode with network support Running Removal Adware Virtumonde processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Adware Removal Virtumonde Explorer SearchURL http www hometab com ie search html R - HKCU Software Microsoft Adware Removal Virtumonde Internet Explorer Main Start Page http www myembarq com index php R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www hometab com ie search html R - HKCU Software Microsoft Internet Explorer Main Local Page R - Default URLSearchHook is missing O - Toolbar hometab com Bar - E D B- BE - FAE- EDB- F F F - no file O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dll O - Toolbar Embarq Toolbar - E Adware Removal Virtumonde BD F- B D- E- BE-BF DFE AAE C - C PROGRA EMBARQ EMBARQ DLL O - HKLM Run EM EXEC C PROGRA MOUSEW SYSTEM EM EXEC EXE O - HKLM Run diagent quot C Program Files Creative SBLive Diagnostics diagent exe quot startup O - HKLM Run DVDSentry C WINDOWS System DSentry exe O - HKLM Run SprintModemUpdate javaw exe -cp quot C Program Files Motive FirmwareUpdater lib SprintModemUpdate jar quot com motive firmwareUpdater client SprintModemUpdate O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKLM Run Motive SmartBridge C PROGRA VIRTUA SMARTB SprintDSLAlert exe O - HKLM Run a f rundll exe quot C WINDOWS system uingfpbc dll quot b O - HKCU Run updateMgr C Program Files Adobe Acrobat Reader AdobeUpdateManager exe AcRdB O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run DellSupport quot C Program Files DellSupport DSAgnt exe quot startup O - HKCU Run DellTransferAgent quot C Documents and Settings All Users Application Data Dell TransferAgent TransferAgent exe quot O - HKCU Run QdrPack quot C Program Files QdrPack QdrPack exe quot O - HKCU Run QdrModule quot C Program Files QdrModule QdrModule exe quot O - Global Startup Digital Line Detect lnk O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - Extra button Parental - DB - B - c - B -A ACCF C - C Program Files EMBARQ Online Security FSPC fspcmsie dll O - Extra button no name - DB - B - c - B -A ACCF F - C Program Files EMBARQ Online Security FSPC fspcmsie dll O - Extra Tools menuitem Parental - DB - B - c - B -A ACCF F - C Program Files EMBARQ Online Security FSPC fspcmsie dll O - Extra button PartyPoker com - B FE D - AA - F - C B- A F E - C WINDOWS system shdocvw dll O - Extra Tools m... Read more

A:Adware Removal Virtumonde

Hi, Welcome to TSG!!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

https://forums.techguy.org/threads/adware-removal-virtumonde.682189/
Relevancy 51.17%

Ok here goes ... I have Winxp home .... I run Nod32, have no firewall and downloaded and paid for a spybot programme called Xoftspy419 ...... I have run the scan and clean ..... and the win32/adware.virtumonde.O keeps coming up ... can anyone tell me how to get rid of it please?

A:Win32?adware.virtumonde.o

I suggest you post a HijackThis log for examination.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

http://www.bleepingcomputer.com/forums/t/36842/win32adwarevirtumondeo/
Relevancy 51.17%

What happened This morning I was simultaneously finding articles for a paper I m writing and trying to find a video of a weird goal that some German guy scored this weekend I landed on a website accidently klicked the wrong thing and some photosite opened showing something that looked like a holiday picture of someone From that moment on my computer was slow for a couple of minutes I was after a while able to still infected? I Adware.Virtumonde.NEO Am > close it though Then NOD started alarming and putting all kinds of files in quarantaine TrojanClicker Punad AA twice minute Adware.Virtumonde.NEO > Am I still infected? interval TrojanDownloader Agent OSQOlmarik HJAdware Virtumonde NEO times As for the last the first happened within seconds Then the next happened with an interval of about minutes I then disconnected the internet cable closed everything and started a full NOD Scan It did not find any infected files When I reconnected to the internet two more attacks by Adware Virtumonde NEO happened It infects or creates an infected file C Windows system ejigopiv tmp There are of those in quarantaine now Other files quarantained are prun tmp x wavsnet tmp rxtqpqjwmxtpexns sysI also got some random pop-ups that I never requested and could not have provoked since I had only a blank google field on IE Additionally earlier a pop-up to remove spyware something obviously a way to get spyware on the computer appeared which I tried to close but it engaged in some activity anyway Finally a number of cookies kept beeing offered from different websites and IP addresses I refused them all and always clicked refuse all from this source hoping it would stop the flow What I have done so farFirst I deleted Temporary Internet Files Cookies and History It might not help at all but that was my first reaction I went to various websites and got the most useful information here Still the proposed solutions were very different so I guess there is never really an identical problem As a first step I downloaded Malwarebytes I followed the instructions of I guess the standard template install without changing preferences search for updates do quick scan The software found infected files of which could only be removed after restart I agreed to restart and then did a scan again This time no infected files were found Here are the logs FIRST SCANMalwarebytes Anti-Malware Database versie Windows Service Pack - - mbam-log- - - - - txtScan type Snelle ScanObjecten gescand Verstreken tijd minute s second s Geheugenprocessen ge nfecteerd Geheugenmodulen ge nfecteerd Registersleutels ge nfecteerd Registerwaarden ge nfecteerd Registerdata bestanden ge nfecteerd Mappen ge nfecteerd Bestanden ge nfecteerd Geheugenprocessen ge nfecteerd Geen kwaadaardige items gevonden Geheugenmodulen ge nfecteerd C WINDOWS system vipogije dll Trojan Vundo H - gt Delete on reboot C WINDOWS system kafawagi dll Trojan Vundo H - gt Delete on reboot C WINDOWS system sotuwino dll Trojan Vundo H - gt Delete on reboot C WINDOWS system fefohafa dll Trojan Vundo H - gt Delete on reboot Registersleutels ge nfecteerd HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects e d f - b - f- -b b bb f fb Trojan Vundo H - gt Delete on reboot HKEY CLASSES ROOT CLSID e d f - b - f- -b b bb f fb Trojan Vundo H - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats e d f - b - f- -b b bb f fb Trojan Vundo H - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID ec e fd- c - a - d -e b dbdd c Trojan Vundo H - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE xpreapp Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft contim Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft dslcnnct Trojan Vundo - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft rdfa Trojan Vundo - gt Quarantined and del... Read more

A:Adware.Virtumonde.NEO > Am I still infected?

Two small remarks:

1.) I just saw that the logs are partly in Dutch. If needed, I can rerun them in English?
2.) Checking the 'Quarantaine' Tab in Malwarebytes, I discovered 24 files are listed there. Does this mean those files still exist, or is it some kind of log?

http://www.bleepingcomputer.com/forums/t/222879/adwarevirtumondeneo-am-i-still-infected/
Relevancy 51.17%
Relevancy 51.17%

We recently + Virtumonde regsync Spy/Adware started getting popups at random times even with a popup blocker on Mcaffee was unable to detect anything The free webroot spy sweeper will scan and report but not remove It reports that I have the virtumonde and regsync spys There is a dll in C WINDOWS system hnvzqu dll which I can't delete I am copying the HJT log here Thanks for your help P S Sorry I could not attach so I had to paste instead The browse button did not work Logfile of random's system information tool written by random random Run by Leigh at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP Spy/Adware Virtumonde + regsync WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files Webroot WebrootSecurity WRConsumerService exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Common Files LightScribe LSSrvc exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files Nikon Wireless Camera Setup Utility NkPtpEnum exe C WINDOWS System spool DRIVERS W X HPZIPM EXE C WINDOWS system svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Webroot WebrootSecurity SpySweeper exe C WINDOWS system MsPMSPSv exe C WINDOWS System svchost exe C PROGRA McAfee VIRUSS mcsysmon exe c PROGRA mcafee com agent mcagent exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files Microsoft IntelliType Pro type exe C Program Files Microsoft IntelliPoint point exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS system LVCOMSX EXE C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C PROGRA Yahoo MESSEN ymsgr tray exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Leigh Desktop RSIT exe C Program Files trend micro Leigh exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - CE B BF- - -A B - FFC F - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO no name - D -FD F- D -B - BA - C WINDOWS system jkkKBqOH dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - C CAD -FFA - A - C - FE - no file O - BHO no name - D D D F- F - C A- -C DBEF D - no file O - HKLM Run type quot C Program Files Microsoft IntelliType Pro type exe ... Read more

A:Spy/Adware Virtumonde + regsync

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please attach or copy/paste the gmer.txt here for review.

http://www.techsupportforum.com/forums/f284/spy-adware-virtumonde-regsync-306239.html
Relevancy 51.17%

I got a few zip files that happen to have Adware.Virtumonde as a part of them. Is there anyway I can get rid of that particular aspect of the files?

Thanks for any help.
 

A:Adware.Virtumonde in Zips

What type of file are you talking about??? If i were to guess, i would say some kind of cracked software???
 

https://forums.techguy.org/threads/adware-virtumonde-in-zips.650781/
Relevancy 51.17%

eset keeps having to quaratine and delete that file application or win32/adware.virtumonde.neo whatever and just cant seem to ever get rid of it entirely DDS Ver - - - NTFSx Run by Owner at on Wed Internet Explorer Microsoft Windows XP Professional GMT - AV ESET Smart Security On-access scanning enabled Updated FW ESET Personal firewall disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE svchost exe C Program Files Common Files AOL TopSpeed aoltsmon exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files ESET ESET Smart Security ekrn exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Nero Nero Nero BackItUp NBService exe C WINDOWS system nvsvc exe C WINDOWS system IoctlSvc exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS ehome RMSvc exe svchost exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS ehome ehtray exe C Program Files Digital Media Reader shwiconem exe C WINDOWS zHotkey exe C WINDOWS SOUNDMAN EXE C Program Files SiteAdvisor SiteAdv exe C WINDOWS system RUNDLL EXE C Program Files ESET ESET Smart Security egui exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system ctfmon exe C Program Files Windows Media Player WMPNSCFG exe C Program Files AIM aolsoftware exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Program Files Adobe Acrobat Reader AcroRd exe C WINDOWS system rundll exe C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Connection Wizard ShellNext iexplore BHO df a- - ef -a df-c f fe d win32/adware.virtumonde.neo - c windows system tifozoho dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll TB BF - F - - - FE E AA - No File TB B EAC - D - B E- B -A C A A - No File TB C B - - D - B - A CD F - No File TB CDD BF- FFB- - AD - DF B D - No File TB D A-C B- -B B-B B E D C - No File uRun ctfmon exe c windows system ctfmon exe uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp uRun Steam quot c program files steam steam exe quot -silent uRun WMPNSCFG c program files windows media player WMPNSCFG exe mRun ehTray c windows ehome ehtray exe mRun SunKistEM c program files digital media reader shwiconem exe mRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun CHotkey zHotkey exe mRun SoundMan SOUNDMAN EXE mRun Recguard WINDIR SMINST RECGUARD EXE mRun Reminder WINDIR Creator Remind XP exe mRun MMTray MMTray exe mRun MMTray K MMTray k exe mRun MMTrayLSI MMTrayLSI exe mRun SiteAdvisor c program files siteadvisor SiteAdv exe mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun egui quot c program files eset eset smart security egui exe quot hide waitservice mRun NeroFilterCheck c program files common files nero lib NeroCheck exe mRun GrooveMonitor quot c program files microsoft office office GrooveMonitor exe quot mRun LogMeIn GUI quot c program files logmein x LogMeInSystray exe quot mRun cec c rundll exe quot c windows system gifeleho dll quot b mRun CPM fdf f a Rundll exe quot c windows system wavowibi dll quot a mRun motewiwane Rundll exe quot c windows system mofomugo dll quot s StartupFolder c documents and settings owner start menu programs startup OneNote Table Of Contents onetoc IE amp AOL Toolbar search - c program files aol toolbar toolbar dll SEARCH HTML IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE CD F -D E - d - FE- C F AFE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c pr... Read more

A:win32/adware.virtumonde.neo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/221460/win32adwarevirtumondeneo/
Relevancy 51.17%

Hi there. I am a new member. I am infected with Virtumonde.fp
Have run Spybot and it says that it is clean, but NOD32 says that it is present in a dll file.

Any assistance to eradicate will be appreciated.

A:Infected With Adware.virtumonde.fp

Use F8 to boot into safe mode and run a scan and clean with nod from there

http://www.bleepingcomputer.com/forums/t/144717/infected-with-adwarevirtumondefp/
Relevancy 51.17%

Please help:

win32/adware.virtumonde
win32/Privacyremover.m64

Have booted in safe mode, turned off system restorer, run a-squared 3.5 free, which returened 2 high risk files - hoax.win32.renos.vaos

Removed and re-booted only to find the same problem.

Any help would be most appreciated!!
 

A:win32/adware.virtumonde

Ok well downloaded Combifix after viewing a similar thread and the problems seems to have cleared...

Here is the log:

ComboFix 08-09-05.09 - mac 2008-09-08 12:57:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1484 [GMT 1:00]
Running from: C:\Documents and Settings\mac.LONDONTOOLS\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\blphcegaj0en35.scr
C:\WINDOWS\system32\lphcegaj0en35.exe
C:\WINDOWS\system32\phcegaj0en35.bmp
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
----- BITS: Possible infected sites -----
http://sbserver:8530
.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.
2008-09-08 11:00 . 2008-09-08 11:18 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-06 11:40 . 2008-09-08 13:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:39 . 2008-09-06 11:56 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-06 11:39 . 2008-09-06 11:39 <DIR> d-------- C:\Documents and Settings\MAC\Application Data\PC Tools
2008-09-06 11:39 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-06 11:39 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-06 11:39 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-06 11:39 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-06 11:20 . 2008-09-06 11:25 4,254 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-06 11:19 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-06 11:19 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-06 11:19 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-06 11:19 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-06 11:19 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-06 11:19 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-06 11:19 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-06 11:19 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 12:51 . 2008-09-03 12:51 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-01 16:23 . 2008-09-01 16:23 <DIR> d-------- C:\Documents and Settings\nilesh\Application Data\Apple Computer
2008-09-01 15:42 . 2008-09-01 15:42 <DIR> d-------- C:\Documents and Settings\nilesh\Application Data\AdobeUM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-12 15:50 0 ----a-w C:\Documents and Settings\MAC\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.ex... Read more

https://forums.techguy.org/threads/win32-adware-virtumonde.747997/
Relevancy 51.17%

Hi there well I'm a new member and to be perfectly honest not all that knowledgeable I was using Limewire oops and seem to have infected my computer I have now removed Limewire as a result Symptoms - Popups that try to open various websites Also a download program Please Help! Win32/adware.virtumonde.fp downloads the following icons to my desktop Free online Dating Free Spyware Removal and Go to Casino Very slow also I have found that the shared file Limewire was downloading to appears empty but upon looking Win32/adware.virtumonde.fp Please Help! in properties actually has files all of which Win32/adware.virtumonde.fp Please Help! are infected according to Nod I cannot see nor delete these files from my knowledge base that is or lack of more to the point Upon looking at these forums I noticed the Hijackthis analysis So I downloaded it and this is the scan log Hope this means something to someone cos I'm so confused Can't think of anything else apart from when scanning with Nod it said that Win Adware Virtumonde FP application was found in the operating memory It specified a file and I tried to delete it prob not the right thing to do oops again but it would not delete Really hoping someone can help me It would be greatly appreciated Many Thanks Kerry Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Eset nod krn exeC WINDOWS System nvsvc exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files parentalcontrol parentalcontrol exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Sony Ericsson Mobile Application Launcher Application Launcher exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Teleca Shared CapabilityManager exeC Program Files Common Files Logitech khalshared KHALMNPR EXEC Program Files Common Files Teleca Shared Generic exeC Program Files Sony Ericsson Mobile Mobile Phone Monitor epmworker exeC Program Files MSN Messenger usnsvc exeC WINDOWS system wuauclt exeC Program Files ESET nod kui exeC PROGRA Yahoo MESSEN YAHOOM EXEC Program Files Eset nod exeC WINDOWS TEMP winEB tmp exeC Program Files MSN Messenger msnmsgr exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com O - Toolbar Parental Control Toolbar - E BD F- B D- E- FA -A DE DBE - C PROGRA PARENT PARENT DLLO - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInitO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run parentalcontrol quot C Program Files parentalcontrol parentalcontrol exe quot quot C Program Files parentalcontrol parentalcontrol dll quot quot parentalcontrol quot O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXEO - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run SystemOptimizer rundll ex... Read more

A:Win32/adware.virtumonde.fp Please Help!

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

http://www.bleepingcomputer.com/forums/t/103080/win32adwarevirtumondefp-please-help/
Relevancy 51.17%

Hi my computer is infected by Win Adware Vitumonde NDI Don't know how to remove it because the SpyBot search amp destroy doesn't help NOD informs that it has detected and quarantined the virus but after - minutes NOD pops up the same DDS Version - NTFSx Run by Mindaugas at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C Program Files Lavasoft Ad-Aware trojan adware/virtumonde aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Creative ShareDLL CtNotify exe C Program Files Microsoft Office Office GrooveMonitor exe C WINDOWS adware/virtumonde trojan system RUNDLL EXE C Program Files ESET ESET Smart Security egui exe C Program Files Adobe Acrobat Acrobat Acrotray adware/virtumonde trojan exe C Program Files Hewlett-Packard OrderReminder OrderReminder exe C Program Files Winamp winampa exe C Program Files Adobe Adobe Photoshop Lightroom apdproxy exe C Program Files Common Files ACD Systems EN DevDetect exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Creative ShareDLL MediaDet Exe C Program Files Creative SBAudigy Taskbar CTLTray exe C Program Files Creative SBAudigy Taskbar CTLTask exe C Program Files Skype Phone Skype exe C Program Files DAEMON Tools Pro DTProAgent exe C Program Files Logitech MouseWare system em exec exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files uTorrent uTorrent exe C Program Files VIA RAID raid tool exe C Program Files Microsoft Office Office ONENOTEM EXE C PROGRA Webshots webshots scr C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA EXE C Program Files ESET ESET Smart Security ekrn exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C WINDOWS system PnkBstrB exe C WINDOWS system MsPMSPSv exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system wscntfy exe C WINDOWS System alg exe C Program Files Skype Plugin Manager skypePM exe C Program Files Mozilla Firefox firefox exe C Program Files Java jre bin jucheck exe C Documents and Settings Mindaugas Desktop dds com Pseudo HJT Report uInternet Settings ProxyOverride local uURLSearchHooks BC E FA- EF- - C- A C A - c program files agi common agcutils dll BHO BC E FA- EF- - C- A C A - c program files agi common agcutils dll BHO DF C-E AD- -A -FA C EBDC - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO - F - D - - D F - c progra spybot SDHelper dll BHO D CB -C CD- c f-BFDC- B AFBDC C - c windows system awtUopOf dll BHO - C - D -B F - BBC D A E - c program files microsoft office office GrooveShellExtensions dll BHO AE CD -E - f- - EE - c program files common files adobe acrobat activex AcroIEFavClient dll BHO E CA C- D - - EC - DEDF A CD - c windows system yayxyxWn dll BHO E E F - CE- C -BC -EABFE F C - c program files java jre lib deploy jqs ie jqs plugin dll BHO F EE -DAA - - - D EE A - c program files common files adobe acrobat activex AcroIEFavClient dll TB -D C - - FA - E EAAC - c program files common files adobe acrobat activex AcroIEFavClient dll TB -D C - - FA - E EAAC - c program files common files adobe acrobat activex AcroIEFavClient dll uRun CTFMON EXE c windows system ctfmon exe uRun TaskTray c program files creative sbaudigy taskbar CTLTray exe uRun Taskbar c program files creative sbaudigy taskbar CTLTask exe uRun Skype quot c program files skype phone Skype exe quot nosplash minimized uRun DAEMON Tools Pro Agent quot c program files daemon tools pro DTProAgent exe quot uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun uTorrent quot c program files utorrent uTorrent exe quot uRun RGSC f program files games gta social club rockstar games social club RGSCLauncher exe silent uRun avp c recycler s- - - - - ... Read more

A:adware/virtumonde trojan

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

http://www.techsupportforum.com/forums/f284/adware-virtumonde-trojan-322339.html
Relevancy 51.17%

Hey i seem to have been infected with a whole bunch of stuff this morning my brother is banned Adware.VirtuMonde Headache from using my PC now However i ve run a bunch of software i think ive managed to clean most of it except this one which i cannot clean no matter what i try i ve done some looking into this and it looks like norton updated thier definitions for for virtumonde days ago no matter how many times i delete the file it comes back your help would be much appreciated here is my Hijack this log Logfile of Trend Micro HijackThis v BETA Scan saved Adware.VirtuMonde Headache at on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe Adware.VirtuMonde Headache C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Common Files EPSON EBAPI SAgent exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C PROGRA Grisoft AVG avgcc exe C Program Files Grisoft AVG Anti-Spyware avgas exe C WINDOWS System svchost exe C WINDOWS system notepad exe C Program Files Mozilla Firefox firefox exe C Program Files Outlook Express msimn exe C Documents and Settings Daniel Desktop HiJackThis v exe R - HKCU Adware.VirtuMonde Headache Software Microsoft Internet Explorer Main Start Page http www computeach-web co uk student website home do R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Internet Explorer Main Local Page O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKCU Run STYLEXP C Program Files TGTSoft StyleXP StyleXP exe -Hide O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User LOCAL SERVICE O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User LOCAL SERVICE O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User NETWORK SERVICE O - HKUS S- - - Run Nokia PCSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog User SYSTEM O - HKUS DEFAULT Run Nokia PCSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog User Default user O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button no name - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Winlogon Notify H - H file missing O - Winlogon Notify - file missing O - SharedTaskScheduler Browseui preloader - C -A BA- D -B B- A C E - C WINDOWS System browseui dll O - SharedTaskScheduler Component Categories cache daemon - C EF- B - d -BE - C - C WINDOWS System browseui dll O - Service AVG Anti-Spyware Guard - GRISOFT s r o - C Program Files Grisoft AVG Anti-Spyware guard exe O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exe O - S... Read more

A:Adware.VirtuMonde Headache

and here is combofix log if you need

ComboFix 07-06-13.3 - C:\Documents and Settings\Daniel\Desktop\ComboFix.exe
"Daniel" - 2007-06-16 23:18:11 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\yoscdhec.dll
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\cehdcsoy.ini
C:\WINDOWS\system32\vtutq.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Daniel\APPLIC~1\Install.dat
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\system32\instcat.dll
((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))
2007-06-16 23:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 21:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-16 21:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-16 21:06 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-15 23:10 <DIR> d-------- C:\Program Files\Xilisoft
2007-06-15 17:31 24,643 --a------ C:\WINDOWS\system32\awtsqqn.dll
2007-06-15 15:31 <DIR> d-------- C:\Program Files\limewire
2007-06-15 14:52 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Virgin Broadband
2007-06-15 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
2007-06-15 14:35 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-06-15 14:35 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2007-06-15 14:35 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-15 14:35 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-06-15 14:35 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-06-15 14:35 1,216,512 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-15 14:35 <DIR> d-------- C:\Program Files\dvdSanta
2007-06-14 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-06-10 10:46 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-06-10 10:46 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-06-10 10:46 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-06-10 08:51 <DIR> d-------- C:\DOCUME~1\Daniel\Phone Browser
2007-06-08 21:12 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-08 21:03 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-08 21:03 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-05 22:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlcaTech
2007-06-05 22:55 81,920 --a------ C:\WINDOWS\system32\Tk421.dll
2007-06-02 14:49 <DIR> d-------- C:\DOCUME~1\Daniel\Contacts
2007-06-02 14:48 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-31 07:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 07:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 07:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 07:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-30 22:05 <DIR> d-------- C:\WINDOWS\setup.pss
2007-05-30 22:04 <DIR> d-------- C:\WINDOWS\setupupd
2007-05-30 22:03 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Help
2007-05-26 11:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-26 05:44 262,144 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-05-26 05:44 262,144 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-05-26 05:39 <DIR> d-------- C:\Program Files\Online Services
2007-05-25 18:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
2007-05-25 18:36 <DIR> d-------- C:\DOCUME~1\Daniel\APPLIC~1\Roxio
2007-05-24 21:11 92,920 --a------ C:\WINDOWS\DLA.EXE
2007-05-24 21:11 56,056 --a------ C:\WI... Read more

https://forums.techguy.org/threads/adware-virtumonde-headache.584912/
Relevancy 51.17%

Anything I can do to get rid of them Logfile of Trend Micro core and help! virtumonde adware HijackThis v BETA Scan saved at AM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System help! virtumonde and core adware smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C WINDOWS Explorer EXE C Program Files Intel Wireless Bin S EvMon exe C help! virtumonde and core adware Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C help! virtumonde and core adware PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C WINDOWS system CTsvcCDA exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Trend Micro AntiVirus tavsvc exe C Program Files Trend Micro AntiVirus Components tmproxy exe C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Trend Micro AntiVirus tavui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS stsystra exe C Program Files Dell QuickSet quickset exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS system Rundll exe C DOCUME JUSTIN LOCALS Temp clclean C Program Files Creative VoiceCenter AndreaVC exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Dell Media Experience DMXLauncher exe C WINDOWS system ctfmon exe C Program Files iTunes iTunesHelper exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C Program Files NetWaiting netWaiting exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files iPod bin iPodService exe C Program Files Digital Line Detect DLG exe C Program Files WinZip WZQKPICK EXE C Program Files Trend Micro AntiVirus TAVScan exe C Program Files Webroot Spy Sweeper SSU EXE C Program Files Mozilla Firefox firefox exe C Documents and Settings Justin Hallquist Desktop Justin s Folder New Folder hjt HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - E D C - F - c -B - B F BC A F - C Program Files Outerinfo Outerinfo dll file missing O - BHO no name - ADF - E E- ad - F - E CD - C WINDOWS system gbaappyo dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO no name - A D- B- EF - D- E - C WINDOWS system awtqnkh dll file missing O - BHO no name - EC C -EA - C -AE -BEA EC DC - C WINDOWS system vtsts dll file missing O - BHO no name - F BC -EC - AF-B E- C A - C Program Files Windows Media Player hokepoted dll O - HKLM Run NvCplDaemon quot RUNDLL EXE quot C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz quot nwiz exe quot installquiet O - HKLM Run SynTPEnh quot C Program Files Synaptics SynTP SynTPEnh exe quot O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet Wireless O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run Dell QuickSet quot C Program Files Dell QuickSet quickset exe quot O - HKL... Read more

A:help! virtumonde and core adware

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
===============

Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
 

https://forums.techguy.org/threads/help-virtumonde-and-core-adware.585419/
Relevancy 51.17%

Hi I have made many attempts to rid my NEW computer day old that I just built of this virus spyware malware whatever this is and nothing has worked yet I have NOD set up and With Infected Adware.virtumonde have scanned my computer a few times using the full scan That hasn't worked all it has really done is popped Infected With Adware.virtumonde this message up - seconds or so Object c windows system nnnomji dllThreat Win Adware Vurtumonde applicationInformation cleaned by deleting Infected With Adware.virtumonde after the next restart - quarantinedIn Nod I am currently at a rate of infected infected objects for scanned objects I also scanned and removed many things with SpyBot S amp D twice back to back and Ad Aware Neither has resolved the problems I am having I still have virtumonde on my computer after S amp D said it had removed it twice I have a blue background on my desktop that is always being refreshed in the event that I decided to remove the webpage from my background which reads Warning Spyware threat has been detected on your PC Your computer has several fatal errors due to spyware activity It is strongly recommended to install an antispyware software to close all security vulnerabilities Then there is a link that says CLICK HERE TO SCAN YOUR PC FOR SPYWARE embedded link lt hxxp winsecuritysolutions com aid gt Even without clicking anything it will open one of those winsecuritysolutions websites at a random time while typing this I also get the yellow caution triangle-symbol in my system tray It pops up messages Your computer is working slowly Due to spyware yadda yadda yadda download here etc etc All of the pop up urge me to do a FULL SYSTEM SCAN obviously trying get me to click something to download more viruses etc On top of that it seems my computer's keyboard has been hacked or something Even being very careful characters are being missed Pressing ctrl alt delete to see processes running Task manager has been disabled by your administrator Thanks for reading here is the main txt and extra txt Deckard's System Scanner v Run by Michael Giller on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed Ad-Aware - - UTC - RP - Installed ESET NOD Antivirus - - UTC - RP - Removed ESET Smart Security - - UTC - RP - Installed ESET Smart Security-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup System Drive C has GiB less than free -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Creative Shared Files CTAudSvc exeC WINDOWS system wmsdkns exeC WINDOWS explorer exeC WINDOWS system CTSVCCDA EXEC Program Files ESET ESET Smart Security ekrn exeC Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin Apache exeC WINDOWS winself exeC Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exeC WINDOWS system nvsvc exeC WINDOWS system ctfmon exeC Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin Apache exeC WINDOWS system rundll exeC WINDOWS RTHDCPL exeC Program Files TVersity Media Server MediaServer exeC Program Files Java jre bin jusched exeC Program Files Creative Sound Blaster X-Fi Volume Panel VolPanlu exeC Program ... Read more

A:Infected With Adware.virtumonde

Hello Buran and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/142993/infected-with-adwarevirtumonde/
Relevancy 51.17%

Yesterday I noticed my desktop background had I Win32/adware.virtumonde? Have Got a warning embedded in it about this Have I Got Win32/adware.virtumonde? virus I reviewed a lot of the posts here Have I Got Win32/adware.virtumonde? for those having similar problems I tried on my own to rid myself of what I believe to be this pesky virus but I think I still have some suspicious files If I run HiJackThis WITHOUT being connected to the internet I get a clean analysis from Hijackthis de but when I connect to the internet and re-run HiJackThis analysis from Hijackthis de I notice a peculiar file that re-appears after several attempt to rid it with HiJackThis I did follow instructions from this site running ComboFix but this file keeps appearing in my HiJackThis log file The file is O - HKLM System CCS Services Tcpip D C CEFF- - E B- B-D D FE DE NameServer Also included below is my entire HiJackThis log file I really would appreciate someone's experience to solve this for good And to note I'm on groan dial-up using PeoplePC as ISP so downloading programs is a horribly long task for me However in reading other posts and recommendations from you pros I went to a high-speed connection and downloaded the following to disk so I could apply them to my PC quickly if needed AdbeRdr en US ComboFix ie-spyad jre- u -windows-i -p-s OTMoveIt spywareblastersetup spywareguardsetup SUPERAntiSpyware and will download zaSetup en when I can get to a high-speed area again this week I hope my PC is still able to be saved and thank you pros in advance for your expert advice Thank you HiJackThis Log File Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Diskeeper Corporation Diskeeper DkService exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL INVENTORCONTENT Binn sqlservr exeC WINDOWS system nvsvc exeC Program Files CyberLink Shared Files RichVideo exeC Program Files Symantec AntiVirus SavRoam exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS System svchost exeC Program Files Analog Devices SoundMAX DrvLsnr exeC Program Files Common Files Symantec Shared ccApp exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files PeoplePC ISP Browser Bartshel exeC WINDOWS system ctfmon exeC PROGRA PeoplePC ISP Browser PPShared exeC Program Files Java jre bin jusched exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files SpywareGuard sgmain exeC Program Files SpywareGuard sgbhp exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files PeoplePC ISP Browser Bartshel exeC Program Files PeoplePC Accelerated PeoplePC exeC Program Files Mozilla Firefox firefox exeC WINDOWS system msiexec exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard... Read more

A:Have I Got Win32/adware.virtumonde?

I forgot to add that I may be away from the infected PC (home) during the day (work), but will be active in reviewing this forum after my work day. I'm desperate for help with this please! Thank you!

http://www.bleepingcomputer.com/forums/t/164268/have-i-got-win32adwarevirtumonde/
Relevancy 51.17%

Been searching Dll Adware Problems Virtumonde this forum for Virtumonde Adware Dll Problems some advice ran VundoFix and VundoBeGone but to no availI know some of the dll and registry entries which are causing the problems but everytime i delete them a new one is replicated so i need to locate the sourcethanks in advance to anyone who can help me outLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Virtumonde Adware Dll Problems Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC WINDOWS system WgaTray exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS system CTsvcCDA EXEC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system VTTimer exeE SBx-fi DVDAudio CTDVDDET EXEC Program Files Creative Shared Files Module Loader DLLML exeE SBx-fi Volume Panel VolPanel exeC WINDOWS system CTXFIHLP EXEC Program Files Microsoft IntelliType Pro type exeC Program Files Common Files Real Update OB realsched exeC WINDOWS SYSTEM CTXFISPI EXEE NERO ODD Toolkit DVDTray exeC Program Files ATI Technologies ATI HYDRAVISION HydraDM exeC Program Files SyncroSoft Pos H O cledx exeC Program Files ATI Technologies ATI ACE Core-Static MOM exeE ATIFILES main ATIDtct EXEC WINDOWS CTHELPER EXEC WINDOWS system rundll exeC WINDOWS system Rundll exeE MediaSource Detector CTDetect exeC WINDOWS System svchost exeC Program Files AIM aim exeC Program Files SlySoft AnyDVD AnyDVD exeC Program Files Linksys EasyLink Advisor LinksysAgent exeC WINDOWS system ctfmon exeC Program Files Common Files AOL Loader aolload exeC Program Files AIM aolsoftware exeC Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files Creative ShareDLL CADI NotiMan exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Internet Explorer iexplore exeC Documents and Settings Nathan Desktop HiJackThis v exeE winamp winamp exeC WINDOWS explorer exeC Documents and Settings Nathan Desktop HiJackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO e -b f -c fb-d d - c f d - d f -c - d d-bf c- f b e - C WINDOWS system jmifhqav dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - DBD C - C - C- -A C - C WINDOWS system ddayy dll file missing O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - EE - E- CD- AE -A A EC D - C WINDOWS system mljgf dll file missing O - HKLM Run VTTimer VTTimer exeO - HKLM Run VTTrayp VTtrayp exeO - HKLM Run CTDVDDET E SBx-fi DVDAudio CTDVDDET EXEO - HKLM Run RCSystem quot C Program Files Creative Shared Files Module Loader DLLML exe quot RCSystem -StartupO - HKLM Run VolPanel quot E SBx-fi Volume Panel VolPanel exe quot rO - HKLM Run CTxfiHlp CTXFIHLP EXEO - HKLM Run UpdReg C WINDOWS UpdReg EXEO - HKLM Run type quot C Program Files Microsoft IntelliType Pro type exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run DVDTray E NERO ODD Toolkit DVDTray exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run HydraVisionDesktopManager C Program Files ATI Technologies ATI HYDRAVISION HydraDM exeO - ... Read more

A:Virtumonde Adware Dll Problems

Hello and welcome to BleepingComputer. Please follow the instructions for running ComboFix here and post back with the log.

http://www.bleepingcomputer.com/forums/t/140421/virtumonde-adware-dll-problems/
Relevancy 51.17%

win32/adware.virtumonde
Please help:

win32/adware.virtumonde
win32/Privacyremover.m64

Have booted in safe mode, turned off system restorer, run a-squared 3.5 free, which returened 2 high risk files - hoax.win32.renos.vaos

Removed and re-booted only to find the same problem.

Any help would be most appreciated!!
 

https://forums.techguy.org/threads/win32-adware-virtumonde-help.748000/
Relevancy 51.17%

Got this message last night turned screen background Win32/adware.virtumonde white with desktop icons visable WARNING Spyware detected on your computer Install an antivirus or spyware remover to clean your computer Warning Win Adware VirtumondeWarning Win privacyremover M I am running XP with NIS AntiVir and Webroot Spysweeper AV all running all the time Got AV popup saying virus detected and clicked deny thats when it hit the fan Warning popups have no apparent hyperlinks on them and cannot be closed I immediatley ran Win32/adware.virtumonde AV and spysweeper scans that produced nothing Reboot was no help I was not able to use IE for web access but could use firefox IE gave problem as add-on desrcas dll with company name of My Way com Could not use search function in normal mode Explorer produces error message After checking on internet I opened windows in safe mode and ran scanners again Nothing special appeared Ran search as well for virtumonde etc and it found nothing Below is Hijack this scan Hope someone can help Some web sites suggested Smitfraud and here I believe another type of cleaner Not sure what to do Appreciate any help Thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Mod Edit Removed HJT Log Boopme HJT Logs are not allowed in this forum PM me if you have a question on it thanks

A:Win32/adware.virtumonde

After some investigation, I went and removed the My way search assistant using the control panel function. I can now access Explorer, but when I do, Yahoo home page or My Yahoo page does not appear. Other websites seem relatively normal. Certain other websites are accessed OK but come up with a blank page....like Yahoo.Windows warning window for virtumonde still appears with desktop background completely white. No hyperlinks or requests to download any programs is present. Speed seems normal. Search result shows desrcas.dll is now gone. Repeated AV and spyware scans show nothing!

http://www.bleepingcomputer.com/forums/t/166802/win32adwarevirtumonde/
Relevancy 51.17%

Hi I m sure this is old hat but here goes My son s laptop has a fake alert viris which I think is an adware virtumonde It keeps flashing messages requiring Virisacan Enterprise Virtumonde Adware Solved: and Antispyware Enterprise to be run We can t use system restore - seems to be disabled Adaware and Spybot haven t managed to get to it I am hoping someone can help us out I attach HijackThis log here Many thanks Solved: Adware Virtumonde Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext https register hp com servlet Web YEAR amp gwCountry GB amp language amp prodOS R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan Enterprise scriptcl dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run hpWirelessAssistant C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exe O - HKLM Run QlbCtrl ProgramFiles Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe Start O - HKLM Run Cpqset C Program Files Hewlett-Packard Default Settings cpqset exe O - HKLM Run Reminder C Windows CREATOR Remind XP exe O - HKLM Run ShStatEXE quot C Program Files McAfee VirusScan Enterprise SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Program Files McAfee Common Framework UdaterUI exe quot StartedFromRunKey O - HKLM Run oD quot C Program Files Kontiki KHost exe quot -all O - HKLM Run AppleSyncNotifier C Program Files Common Files Apple Mobile Device Support bin AppleSyncNotifier exe O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run High Definition Audio Property Page Shortcut CHDAudPropShortcut exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKCU Run swg C Progra... Read more

Relevancy 51.17%

also have win32/privacyremover.M64
these are on my desktop can't change screens it came on all on all the other log in to
Tried to remove with Norton, adaware also Malware Removal Bot
 

https://forums.techguy.org/threads/win32-adware-virtumonde.741398/
Relevancy 51.17%

Hi,

My virus scan detected an Adware-Virtumundo on my computer. I couln't remove it copletely. I ran my Ad-aware and it did nothing to help the problem. My OS is windows XP Professional. I am new at this and have no idea how to get out of this. Any help would be much appreciated.

Thanks,

Kathirkanna
 

https://forums.techguy.org/threads/removal-of-adware-virtumonde.777176/
Relevancy 51.17%

just picked it up today already notice the slowing down of my computer any Problem Adware.Virtumonde help to fix it would be appriciated Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS Adware.Virtumonde Problem system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C PROGRA SBCSEL SMARTB MotiveSB exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files SRS Labs Audio Sandbox SRSSSC exe C Program Files Plaxo PlaxoHelper en exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe C Program Files CursorXP CursorXP exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system PnkBstrA exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Viewpoint Common ViewpointService exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files Logitech SetPoint SetPoint exe C Program Files Google Web Accelerator GoogleWebAccWarden exe C Program Files Google Web Accelerator googlewebaccclient exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files HPQ SHARED HPQWMI exe C WINDOWS system rundll exe C WINDOWS explorer exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings AutoConfigURL http localhost proxy pac O - Toolbar Google Web Accelerator - DB BFA -A E - E- E A-C D CBF - C Program Files Google Web Accelerator GoogleWebAccToolbar dll O - Toolbar no name - D F F - B- EA - FA -A D E F - no file O - HKLM Run UserFaultCheck systemroot system dumprep -u O - HKLM Run SynTPStart C Program Files Synaptics SynTP SynTPStart exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Motive SmartBridge C PROGRA SBCSEL SMARTB MotiveSB exe O - HKLM Run LSBWatcher c hp drivers hplsbwatcher lsburnwatcher exe O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKLM Run HP Software Update C Program Files Hp HP Software Update HPWuSchd exe O - HKLM Run eabconfg cpl C Program Files HPQ Quick Launch Buttons EabServr exe Start O - HKLM Run Cpqset C Program Files HPQ Default ... Read more

A:Adware.Virtumonde Problem

still need help.
 

https://forums.techguy.org/threads/adware-virtumonde-problem.702639/
Relevancy 51.17%

to get rid of it I have please! "Virtumonde/Adware.Megasearch" Help, used SuperAntiSpyware Verizon Security Suite Avast and Spyware Doctor At first I just kept getting pop-ups but was able to use the internet Then after a few days I couldn't click on any icons on my home screen much less connect to the internet I have been running in safe mode with networking to access the internet If I start the computer normally everything freezes and the only way to restart is to unplug the whole computer Any help is MUCH appreciated Thank you in advance for your time Here is my DDS log DDS Version - NTFSx NETWORK Run by Owner at on Sun Internet Explorer Microsoft Windows XP Home Edition GMT - AV Spyware Doctor with AntiVirus On-access scanning enabled Updated AV Verizon Internet Security Suite Anti-Virus On-access scanning enabled Updated AV avast antivirus VPS - On-access scanning enabled Updated FW Verizon Internet Security Suite Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS "Virtumonde/Adware.Megasearch" Help, please! System svchost exe -k NetworkService C WINDOWS System svchost exe -k LocalService C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C WINDOWS Explorer EXE C Program Files Spyware Doctor pctsTray exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system ctfmon exe C Program Files Mozilla "Virtumonde/Adware.Megasearch" Help, please! Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system NOTEPAD EXE C Documents and Settings Owner Desktop dds scr C WINDOWS System wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www yahoo com uDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop uDefault Search URL hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd pavilion amp pf desktop uSearch Bar hxxp www google com ie uSearch Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localhost local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO a d - d - ec - e a-d d ae b - c windows system kewuvihe dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO MSNToolBandBHO bdbd dad-c - a -adc - b b ff d - c program files msn apps msn toolbar en-us msntb dll TB HP view b e - d d- deb- b - d bcf f - c program files hp digital imaging bin hpdtlk dll TB MSN bdad dad-c - a -adc - b b ff d - c program files msn apps msn toolbar en-us msntb dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - EB F B - C - ade- -AA A BD - No File EB - a - b-a - c a a - No File uRun BackupNotify c program files hp digital imaging bin backupnotify exe uRun Creative Detector c program files creative mediasource detector CTDetect exe R uRun ctfmon exe c windows system ctfmon exe uRun BitTorrent DNA quot c program files dna btdna exe quot uRun BgMonitor E - C C- d f- C - D A B AA quot c program files common files ahead lib NMBgMonitor exe quot uRunOnce IndexCleaner quot c program files verizon verizon internet security suite IdxClnR exe quot mRun hpsysdrv c windows system hpsysdrv exe mRun HPHmon c windows system hphmon exe mRun Recguard c windows sminst RECGUARD EXE mRun VTTimer VTTimer exe mRun AGRSMMSG AGRSMMSG exe mRun PS c windows system ps exe mRun wcmdmgr c windows wt updater wcmdmgrl exe -launch mRun SunJavaUpdateSched quot c program files j... Read more

A:"Virtumonde/Adware.Megasearch" Help, please!

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/192369/virtumondeadwaremegasearch-help-please/
Relevancy 51.17%

Windows Warning Message - Spyware detected win adware virtumonde I am new at most of this but have searched and tried to enter safe mode but It will not let me do any thing win32/adware.Virtumonde in any log on to windows I copied someones post from a few win32/adware.Virtumonde weeks ago here win32/adware.Virtumonde it is Booted it up this afternoon and after logging on all i got was a blue screen with a window quot Warning quot Spyware detected on your computer quot It says i should install an anti-virus or spyware remover to clean up my computer quot Then lists two warnings win adware virtumondo and win privacyremover m as being present on my computer It won t let me do anything I ve shut the laptop down and re-booted but same thing happens Doesn t even give the option of restarting in safe mode I cant see anything On the other log on names My family it just goes to a dell desk top but nothing else no start bar or anything When i hit Ctrl alt Del nothing shows up in the box nbsp

A:win32/adware.Virtumonde

You will need to remove the hard drive, put it in a external USB hard drive enclosure, connect the enclosure to another PC with good AV software, and clean the drive of viruses.

Put it back in the laptop and hopefully it will boot, but there may be damage to the OS that will have to be addressed. Re-run your AV software after it boots into windows.

I also recommend using these two scanners on that drive after you get it to boot.

http://www.malwarebytes.org/mbam.php green download button is free version, download, install update twice, scan entire system.

http://www.malwarebytes.org/rogueremover.php
 

https://forums.techguy.org/threads/win32-adware-virtumonde.757533/
Relevancy 51.17%

Hi and Adware.Virtumonde redirects, Pop-ups, guys I am using XP and I suddenly Pop-ups, redirects, and Adware.Virtumonde started getting pop-ups and redirects for URLs such as http ads banners u biz http url adtrgt com etc Oddly enough this started on the exact same day on my computer at work I didn t plug in my flash drive at work nor did I visit any of the same websites so I am pretty sure it is just a coincidence Just to be clear I am asking for help on my home computer not the work one I know your policies Here is my Highjack this log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C Program Files Common Files LogiShrd Bluetooth LBTServ exe C WINDOWS system spoolsv exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files FlashFolder FlashFolder exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Eset nod krn exe C WINDOWS system oodag exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files VMware VMware Virtual Image Editing vmount exe C WINDOWS system vmnat exe C WINDOWS system vmnetdhcp exe C Program Files VMware VMware Workstation vmware-authd exe C WINDOWS system dllhost exe C WINDOWS system wscntfy exe C WINDOWS system ctfmon exe C Program Files TortoiseSVN bin TSVNCache exe C WINDOWS ehome ehtray exe C Program Files Eset nod kui exe C Program Files Drive Space Indicator DrvSpace exe C WINDOWS system rundll exe C Program Files Adobe Acrobat Acrobat Acrotray exe C WINDOWS eHome ehmsas exe C Program Files Logitech SetPoint LBTWiz exe C Program Files QuickTime qttask exe C Program Files Messenger msmsgs exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS System svchost exe C Program Files Logitech SetPoint SetPoint exe C ppApps VisualTaskTips VisualTaskTips exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Common Files Logitech KhalShared KHALMNPR EXE C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Windows Sidebar sidebar exe C Program Files Windows Sidebar sidebar exe C Program Files Mozilla Firefox firefox exe C WINDOWS explorer exe C Program Files uTorrent uTorrent exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title IE R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICE O - HKLM Run DriveSpace C Program Files Drive Space Indicator DrvSpace exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Acrobat Acrotray exe quot O - HKLM Run Adobe... Read more

Relevancy 51.17%

Hello Bleeping computer I have been following along with some of the advice that you have been giving people with the same problems but it seems to be getting me no where It all started with virtumonde which I think I have gotten rid of ie I can run the virtumondefix scan and it comes up clean even after a reboot Adaware spybot and malwarebytes has just been a visious circle of scan-find threats-delete-use web browser or reboot-scan- find same threats I have just Red No Virtumonde, Trojans, End Adware, Them. Big X, To downloaded Kaspersky and ran a scan only to have the crap scared out of me by that scream Before I forget I also noticed that the icon for my C drive has Trojans, Adware, Big Red X, Virtumonde, No End To Them. changed to a big red X Hope you can help Thanks Here's the Deckard scan logDeckard's System Scanner v Run by shawn on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Trojans, Adware, Big Red X, Virtumonde, No End To Them. Deckard's System Scanner Restore Point - - UTC - RP - Installed Kaspersky Anti-Virus - - UTC - Trojans, Adware, Big Red X, Virtumonde, No End To Them. RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup Total Physical Memory MiB MiB recommended -- HijackThis run as shawn exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Java jre bin jusched exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system ctfmon exeC Program Files Nero Nero InCD InCDsrv exeC Program Files Logitech SetPoint SetPoint exeC WINDOWS system nvsvc exeC Program Files Common Files Logitech KhalShared KHALMNPR EXEC WINDOWS System svchost exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Documents and Settings shawn Local Settings Temporary Internet Files Content IE M Q QEA dss exeC PROGRA TRENDM HIJACK shawn exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - C A - - -A B - CC AC - no file O - BHO no name - E AC -BC C- AD- -A FB F E - no file O - BHO no name - BD AF - F- -A E - D EFD - no file O - BHO no name - E B D A-E F - -A E-D E B F - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - D E-C F - F D- - C FE F B - no file O - BHO no name - BFC - C - -B E -E A AD F - no file O - BHO SSVHelper Class - BB-D F... Read more

A:Trojans, Adware, Big Red X, Virtumonde, No End To Them.

Hello and welcome to BleepingComputer Please go to Start ? Run ? type in: regedit ? OK. On the leftside, click to highlight My Computer at the top.Go up to File ? Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.Choose to save it to C:\Click Save and then go to File ? Exit.This is so the registry can be restored to this point if we need it. It may take a minute. Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg on your desktop.REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BM0cb34a73"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=""[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.Then.. Please rerun a scan with HijackThis and check the following objects for removal if present:O2 - BHO: (no name) - {20C5A031-8212-4694-A9B6-0CC736AC9179} - (no file)O2 - BHO: (no name) - {387E4AC5-BC2C-42AD-8728-A9FB236F0E72} - (no file)O2 - BHO: (no name) - {3BD1AF69-082F-4277-A1E4-6D5518EFD508} - (no file)O2 - BHO: (no name) - {3E4B9D4A-E9F3-4988-A50E-D2154E7B75F1} - (no file)O2 - BHO: (no name) - {5D99504E-C6F3-4F6D-8167-0C929FE09F4B} - (no file)O2 - BHO: (no name) - {6BFC6879-94C3-4695-B6E0-E6A54AD890F9} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {7f2e51c3-2614-420b-9994-3258b1051739} - (no file)O2 - BHO: (no name) - {80300862-5E29-4C55-AA00-4188C931EAFB} - (no file)O2 - BHO: (no name) - {91343FF9-7674-4B19-B0EB-73F7356AA8EB} - (no file)O2 - BHO: (no name) - {C32B2C9B-50D8-4AE7-AD10-980B93D9DFEF} - (no file)O2 - BHO: (no name) - {C5AF6D75-ACF7-4EB9-9E97-484346F0843A} - (no file)O2 - BHO: (no name) - {E272C686-B335-43C1-BF93-7B493F5952B5} - (no file)O2 - BHO: (no name) - {E4AF1512-38BA-4720-BF62-C231184036F6} - (no file)O2 - BHO: (no name) - {FA369D58-2DCB-44AC-A13A-0991071BAFE8} - (no file)O4 - HKLM\..\Run: [BM0cb34a73] Rundll32.exe "C:\WINDOWS\system32\mfvjgntn.dll",sNow close ALL other open windows but HijackThis and hit FIX CHECKED. Exit HijackThis.-------Please download the Killbox by Option^Explicit.Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on RebootUnregister .dll Before Deletion then Click on the All Files button.Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\mfvjgntn.dll
C:\WINDOWS\system32\syst1.dll

Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).If your computer does not restart automatically, please restart it manually.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.-------Finally... Please follow the instructions for running ComboFix here and post b... Read more

http://www.bleepingcomputer.com/forums/t/140098/trojans-adware-big-red-x-virtumonde-no-end-to-them/
Relevancy 51.17%

hi i have the win virtumonde virus have run spybot adaware etc i now have logs for hijack this and combofix thanks for your help the virus has Adware Virtumonde Win32 changed my desktop background to a warning message says i have the win Win32 Adware Virtumonde virtumonde and another message about win privacy i cant see the screen now but i am fairly certain you've seen these Win32 Adware Virtumonde all before this screen appears when i boot and than again after the mouse is inactive after about ten minutes i can escape the blue screen by hitting the esc button OS comes back on and i can do everything until the warning reappears i hope these are the details you need here is the hijack log -Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files QuickTime qttask exeC Program Files Java jre bin jusched exeC Program Files Logitech SetPoint KEM exeC Program Files Logitech SetPoint KHALMNPR EXEC WINDOWS system svchost exeC WINDOWS system notepad exeC WINDOWS explorer exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www dufpy comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - C Program Files Veoh Networks Veoh Plugins reg VeohToolbar dllO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - Startup Adobe Gamma lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Global Startup Logitech SetPoint lnk C Program Files Logitech SetPoint KEM exeO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - DPF E D - E- - FC- AB B C SpinTop DRM Control - file C Program Files Trivial Pursuit Images stg drm ocxO - DPF CC D -CC - C- - F DBAC A ArmHelper Control - file C Program Files Trivial Pursuit Images armhelper ocxO - Service Adobe LM Service - Adobe Systems - C Program Files Common Files Adobe Systems Shared Service Adobelmsvc exeO - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe--End of file - bytes

A:Win32 Adware Virtumonde

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

http://www.bleepingcomputer.com/forums/t/172023/win32-adware-virtumonde/
Relevancy 51.17%

Hello I m having trouble lately with my winlogon It s been spiking a lot taking ressources and slowing my computer It isn t unbearable this far but I m afraid it might get worse over time if I do nothing After scanning my computer with the ESET NOD antivirus it s been detecting and removing the Adware Virtumonde virus Each time Winlogon and Adware.Virtumonde after I reboot to complete the cleaning and start the scan again it keeps being back so I m guessing my antivirus Winlogon and Adware.Virtumonde isn t really succeding in removing the threat I m also running ZoneAlarm to try and prevent any other intrusion or action the virus might take So are the two problems related Here is my Hijackthis log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files ESET ESET NOD Antivirus ekrn exe C Program Files Common Files Nero Nero BackItUp NBService exe D Mabinogi npkcmsvc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system devldr exe C Program Files Java jre bin jusched exe C Program Files ESET ESET NOD Antivirus egui exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Winlogon and Adware.Virtumonde Exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Winlogon and Adware.Virtumonde Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Internet Explorer IEXPLORE EXE C Program Files HijackThis HijackThis exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - - ED -A F- F AFC - C WINDOWS system yaywwTnk dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO ZoneAlarm Spy Blocker BHO - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar ZoneAlarm Spy Blocker - F D B -DA B- daf- E -DFEE A AA - C Program Files ZoneAlarmSB bar bin SPYBLOCK DLL O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run DriverCD H Run exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run egui quot C Program Files ESET ESET NOD Antivirus egui exe quot hide waitservice O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run MsnMsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKCU Run IndxStoreSvr E - C C- d f- C - D A B AA quot C Program Files Common Files Nero Lib NMIndexStoreSvr exe quot ASO- B - DAE- -A F- A E O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Messenger - FB ... Read more

Relevancy 51.17%

Nod keeps coming popping up with Win Adware Virtumonde O application found in operating memory System memory infection originated from file C WINDOWS system Win32/adware.virtumonde hbgm dll Win32/adware.virtumonde Logfile of Trend Micro HijackThis v Scan Win32/adware.virtumonde saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Eset nod krn exe C WINDOWS system nvsvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C Program Files BIPAC- ADSL USB Modem CnxDslTb exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system RUNDLL EXE C Program Files Analog Devices SoundMAX SMTray exe C WINDOWS system ctfmon exe C Program Files Eset nod kui exe C Program Files Eset nod exe C Program Files MSN Messenger msnmsgr exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Windows Media Player wmplayer exe C Program Files MSN Messenger usnsvc exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer O - BHO no name - CEA -D B- -BC - E F - c windows system hjkahjk dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - A -F - E F- - C BFF A E - c windows system hjkahjk dll file missing O - BHO no name - A E -D B- A- C-D C D Ec - C WINDOWS system eonlwlku dll file missing O - BHO no name - C CB-B - ED-BA B-A A FD - c windows system hjkahjk dll file missing O - BHO no name - E C -AF - D -BAD -A DFB EC f - C WINDOWS system eonlwlku dll file missing O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - A - B - C -B E -A B CB - c windows system qsrtjtfn dll file missing O - BHO no name - A -D E- - B -C DD F FA - c windows system hjkahjk dll file missing O - BHO no name - AC F E F- - B -BF E- A FDBD - c windows system hjkahjk dll file missing O - BHO no name - B E -DFAF- FD - F - FAF - c windows system hjkahjk dll file missing O - BHO FLV Helper - B DBC BD-B DE-B FC-BE - B A B B - C WINDOWS system bimtcs dll O - BHO no name - BC EF B- CA - BA- -B D AF D - c windows system hjkahjk dll file missing O - BHO no name - D C F E-BBE - D-B -EC F - c windows system hjkahjk dll file missing O - BHO no name - D F - - FA - C -C B DB D - c windows system hjkahjk dll file missing O - BHO CIEPl Object - F - F- AB - - D EFB D - C WINDOWS system hbgpm dll O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run CnxDslTaskBar quot C Program Files BIPAC- ADSL USB Modem CnxDslTb exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run NvCplDaemon quot RUNDLL EXE quot C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter quot RUNDLL EXE quot C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Smapp C Program Files Analog Devices SoundMAX SMTray exe O - HKLM Run DllRunning quot rundll exe quot quot C WINDOWS system qkqnjkvl dll quot setvm O - HKLM Run Anti Trojan Elite C Program Files Anti Trojan Elite TJEnder exe NO O - HKLM Run SpyHunter C Program Files Enigma Software Group SpyHunter SpyHunter exe O - HKLM Run startdrv C WINDOWS Temp startdrv exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run music C music exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C... Read more

A:Win32/adware.virtumonde

Hi, Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

http://www.bleepingcomputer.com/forums/t/110502/win32adwarevirtumonde/
Relevancy 51.17%

First of win32/Virtumonde.Adware all to win32/Virtumonde.Adware say hi I ve accidentally came across your site in order to find out what is happening with my PC I ve seen you guys really helped some of the people I decided to register win32/Virtumonde.Adware and ask for your opinion Yesterday I reinstalled my Windows XP SP cause after downloading an update from Microsoft I got error user dll not found tried fixing it and stuff like that Didn t work Oh well I reinstalled XP and I swear to you guys it didn t pass like minutes I got those pop up to install AV - - Bummer And I only went to check mail on IE and download Firefox and Opera Bah what a bummer I m introduced with that rogue AV software so of course I didn t install it But the problem that occurred is that my nod founded D WINDOWS system geBstsSi dll is infected with win Virtumonde Adware application Ok I tried manually removing it no luck went in safe mode no luck too It has occupied winlogon exe S amp D Spybot found like registry entries and I selected fix and it required for me to restart my PC and run scan again which I did but same errors occur So basically it s in my operating memory I can t delete id manually tried with S amp D Nod which keeps sending me pop-ups that file is in infected my IE sometimes redirects me to that AV site What really make me angry is that I had my last system for like year and a half without any viruses and all of a sudden I have some adware making mess out of my computer So what can I do Thanks in advance Borko EDIT First steps I ve taken Combofix Hijackthis no success removing entries Malware byte Helped me with a problem But one more question can someone take a look at my HT log There is something in there that is bugging me

A:win32/Virtumonde.Adware

Please update Malwarebytes, run a Quick Scan and post the log.

http://www.bleepingcomputer.com/forums/t/195323/win32virtumondeadware/
Relevancy 51.17%

Hi My computer has become REALLY slow and my anti-virus program alerts me all the time about the same virus that I can't remove It says that it's Win adware virtumonde in C WINDOWS system awtqn dll Here is my Hijack log Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C With Win32/adware.virtumonde Help WINDOWS system winlogon exe C WINDOWS Help With Win32/adware.virtumonde system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS SOUNDMAN EXE C Program Eset nod kui exe C WINDOWS TBPanel exe C Program Winamp winampa exe C Program ewido anti-spyware guard exe C WINDOWS system RunDLL exe C Program CyberLink PowerDVD PDVDServ exe C Program ewido anti-spyware ewido exe C Program Eset nod krn exe Help With Win32/adware.virtumonde C WINDOWS system nvsvc exe C Program Valve Steam Steam exe C Program Messenger msmsgs exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C PROGRAM MOZILL FIREFOX EXE C Program Spybot - Search amp Destroy SpybotSD exe C Program Internet Explorer iexplore exe C Program HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName L nkar O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - - F - D - - D F - C Program Spybot - Search amp Destroy SDHelper dll O - BHO no name - ABE AF-E EB- AE-BCDA- BB B E - C WINDOWS system awtqn dll O - BHO no name - B - E - - ED - BC CE CCD - no file O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run NvCplDaemon quot RUNDLL EXE quot C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz quot nwiz exe quot install O - HKLM Run nod kui quot C Program Eset nod kui exe quot WAITSERVICE O - HKLM Run Gainward quot C WINDOWS TBPanel exe quot A O - HKLM Run WinampAgent C Program Winamp winampa exe O - HKLM Run NvMediaCenter quot RunDLL exe quot NvMCTray dll NvTaskbarInit O - HKLM Run RemoteControl C Program CyberLink PowerDVD PDVDServ exe O - HKLM Run SpywareTerminator quot C Program Spyware Terminator SpywareTerminatorShield exe quot O - HKLM Run ewido quot C Program ewido anti-spyware ewido exe quot minimized O - HKCU Run MsnMsgr quot C Program MSN Messenger MsnMsgr Exe quot background O - HKCU Run Steam quot C Program Valve Steam Steam exe quot -silent O - HKCU Run MSMSGS quot C Program Messenger msmsgs exe quot background O - Extra button no name - CCCFEC-D F- ffe- B- B C CCCA - C WINDOWS system shdocvw dll O - Extra 'Tools' menuitem Tri amp xie Options - CCCFEC-D F- ffe- B- B C CCCA - C WINDOWS system shdocvw dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Messenger msmsgs exe O - Plugin for spop C Program Internet Explorer Plugins NPDocBox dll O - Protocol livecall - A - C - - F- E F - C Program MSNMES MSGRAP DLL O - Protocol msnim - A - C - - F- E F - C Program MSNMES MSGRAP DLL O - Winlogon Notify awtqn - C WINDOWS system awtqn dll O - Winlogon Notify winzoa - winzoa dll file missing O - Winlogon Notify WRNotifier - WRLogonNTF dll file missing O - SSODL cinnamomum - ac c - - eaa- - df b - C WINDOWS system pmnqguh dll file missing O - Service ewido anti-spyware guard - Anti-Malware Development a s - C Program ewido anti-spyware guard exe O - Service NOD Kernel Service NOD krn - Eset - C Program Eset nod krn exe O - Service NVIDIA Display Driver Service NVSvc - NVIDIA Corporation - C WINDOWS system nvsvc exe

A:Help With Win32/adware.virtumonde

Welcome aboard.. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Check the Run VundoFix as a task box.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.

http://www.bleepingcomputer.com/forums/t/59646/help-with-win32adwarevirtumonde/
Relevancy 51.17%

Hi folks I m occurring a problem with Adware VirtuMonde My antivirus software NOD and monitoring tool WIN Patrol has detected that there is some unwanted add on in Browser helpers tuvsqqo dll Since I have detected this I m occurring problem my home page and starting search page is changing automatically without my order and also Work offline message appears I tried to remove it using NOD but it did not help even if I delete it it occurs again another antivirus and adware tools even not detected it AVG PANDA Lavasoft tool and couple more Adware.virtumonde Troubles tools tools I also used patch from Symantec directly for Adware VirtuMonde but it did not found it as well I tried to find out some more information about tuvsqqo dll but there was only one match form Google pointing to BleepingComputer com I read the topic but I m not sure if it would help Adware.virtumonde Troubles to solve my problem tuvsqqoAlso I found the place where is it located in registry a deleted it but after reboot it was there again Could anybody please help me Thank you very much

A:Adware.virtumonde Troubles

First of all Welcome to BC [b]torr[/]Here is the Virumonde Removal GuideFurthermore if you want to participate in a good cause join our [email protected] team.Here is post where it is all explained BC Team statistics

http://www.bleepingcomputer.com/forums/t/83895/adwarevirtumonde-troubles/
Relevancy 51.17%

I have no idea how to remove this adware. it says:
warning/win32/adware.vitumonde
warning/win32/privacyremover.m64
is there a free way to remove this thing?
looking foward to any help
 

https://forums.techguy.org/threads/please-help-attacked-by-adware-virtumonde.750335/
Relevancy 51.17%

Hi After a week of running win32/adware.virtumonde numerous scans from numerous AV programs I conceed defeat I need some expert advice on how to remove the the Virtumonde Virus I have scanned my XP SP machine with NOD - main AV software installed Adaware v Spybot Search and Destroy a Panda ActiveScan - could win32/adware.virtumonde not disenfect need to buy for that privalege HiJackthis and Combofix exe DSS exe the last two scans out of desperation after reading a thread from this site -hijackthis-log-virtumonde-virus html I attatch the Panda ActiveScan HiJackthis Combofix and Kaspersky Logs Please can someone help me here I've never been hit this bad with an adware virus and its driving me insaine thanks steve Scan Results Panda ActiveScan ANALYSIS - - PROTECTIONS MALWARE SUSPECTS PROTECTIONS Description Version Active Updated ESET NOD win32/adware.virtumonde antivirus win32/adware.virtumonde system Yes Yes MALWARE Id Description Type Active Severity Disinfectable Disinfected Location Cookie Doubleclick TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve doubleclick txt Cookie Atlas DMT TrackingCookie No Yes No C Documents and Settings Steve Cookies steve atdmt txt Cookie Atlas DMT TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve atdmt txt Cookie Tribalfusion TrackingCookie No Yes No C Documents and Settings Steve Cookies steve tribalfusion txt Cookie Tribalfusion TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve tribalfusion txt Cookie Mediaplex TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve mediaplex txt Cookie Com com TrackingCookie No Yes No C Documents and Settings Steve Cookies steve com txt Cookie Xiti TrackingCookie No Yes No C Documents and Settings Steve Application Data Mozilla Firefox Profiles a uq ls default cookies txt xiti com Cookie Statcounter TrackingCookie No Yes No C Documents and Settings Steve Cookies steve statcounter txt Cookie Hitslink TrackingCookie No Yes No C Documents and Settings Steve Cookies steve counter hitslink txt Cookie Apmebf TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve apmebf txt Cookie Advertising TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve advertising txt Cookie WebtrendsLive TrackingCookie No Yes No C Documents and Settings Steve Cookies steve statse webtrendslive txt Cookie Adrevolver TrackingCookie No Yes No C Documents and Settings steve JASPERSLTD Cookies steve adrevolver txt Spyware Virtumonde Spyware Yes Yes No C WINDOWS system ntpelbre dll SUSPECTS Sent Location p VULNERABILITIES Id Severity Description p HIGH MS - p DSS exe scan Deckard's System Scanner v Run by steve on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed LogMeIn - - UTC - RP - Removed EasyCleaner - - UTC - RP - ComboFix created restore point - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as steve exe ----------------------------------------------- Unable to find log file not found running clone -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Common F... Read more

http://www.techsupportforum.com/forums/f284/win32-adware-virtumonde-274310.html
Relevancy 51.17%

First of all thanks so much for the clear instructions on how to get to this point For someone who is not very technical minded I was able to follow the instructions and post this log I have run ad-aware spybot and my own antivirus NOD and also checked un updates for windows Ezula Virtumonde And Adware Others..... And Would someone be kind enough to peruse the log and see if I can improve on this I am still getting slow reaction on the PC and windows popping up Whenever I open IE my anti virus lets me know about adware ezula and I block the threat I really appreciate your assistance cheers airyfairy Here is the log Logfile of Trend Micro HijackThis v Adware Ezula And Virtumonde And Others..... Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost Adware Ezula And Virtumonde And Others..... exeC Program Files Sygate SPF smc exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC MSSQL binn sqlservr exeC Program Files Eset nod krn exeC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC WINDOWS system PSIService exeC WINDOWS System svchost exeC MSSQL binn sqlagent exeC Program Files Analog Devices SoundMAX Smtray exeC Program Files Java jre bin jusched exeC Program Files Eset nod kui exeC PROGRA Sony SONICS SsAAD exeC Program Adware Ezula And Virtumonde And Others..... Files HP HP Software Update HPWuSchd exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId F - REG system ini UserInit userinit exeO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run Smapp C Program Files Analog Devices SoundMAX Smtray exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run SpeedTouch USB Diagnostics quot C Program Files Alcatel SpeedTouch USB Dragdiag exe quot iconO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICEO - HKLM Run SsAAD exe C PROGRA Sony SONICS SsAAD exeO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run OWS Setup CmdLine quot C Program Files Common Files Microsoft Shared Web Server Extensions bin cfgwiz exe quot pkg quot Office Server Extensions quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Application Process rndsvc exeO - HKLM Run SmcService C PROGRA Sygate SPF smc exe -startguiO - HKLM Run f bd e rundll exe quot C WINDOWS system wclbhnya dll quot bO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKUS S- ... Read more

A:Adware Ezula And Virtumonde And Others.....

airyfairyPlease download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.

http://www.bleepingcomputer.com/forums/t/117034/adware-ezula-and-virtumonde-and-others/
Relevancy 50.74%

I'm running a full scan with NOD32 (by ESET) which will likely accomplish nothing. I've downloaded Hijack This, Combofix, VundoFix, and SuperAntiSpyware. I haven't done anything else.

Any help is appreciated!

As soon as the NOD32 scan is done, I will run Hijack This and post it here, unless someone responds with other instructions.

Thanks!
 

A:ESET detects Adware.Virtumonde.Neo

After scanning with NOD32, it deleted files, but after restarting, the virus returns and I get the same Adware.Virtumonde.Neo warning. I then ran Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:43 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26332d1a-a4d8-46d5-8607-4b2fbcfb4060} - C:\WINDOWS\system32\pidokobo.dll
O2 - BHO: (no name) - {9B4CD06A-2166-49BB-B023-A028E711C65C} - C:\WINDOWS\system32\qoMgGyyY.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {C3F24DEF-573C-4C01-80CD-0739159AD11A} - C:\WINDOWS\system32\efcYOebc.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gabazunefa] Rundll32.exe "C:\WINDOWS\system32\laraguji.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "... Read more

https://forums.techguy.org/threads/eset-detects-adware-virtumonde-neo.823319/
Relevancy 50.74%

Hi Guys Thanks for your time and I hope you can help A few weeks ago my anti virus Nod picked up on a few viruses infecting my computer they are called Win Adware Virtumonde I tried to delete them through nod but they seem to not go away and i get nod poping up saying that they are there agian My internet plays up alot ever since this has happend but online games seem fine From reading other posts i have gathered i need to run HJT so i have done so and here is the log I tried to use this and i checked a few items and fixed them but still Virus Win32/Adware.Virtumonde want be removed so i decided that i dont know what i am doing and to ask for help Thanks again Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Win32/Adware.Virtumonde Virus Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Eset nod kui exe C Program Files iTunes iTunesHelper exe C WINDOWS system rundll exe C WINDOWS system Rundll exe C WINDOWS system ctfmon exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Eset nod krn exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C Program Files Windows Live Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - FC F- - D -AE - BA E C - C WINDOWS system opnlJcDu dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - FEE CB - D- C -BA - B A AEA - C WINDOWS system xxyxXNhF dll O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NeroCheck C WINDOWS system NeroCheck exe O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run e cfc rundll exe quot C WINDOWS system ruchyklm dll quot b O - HKLM Run BMeb f Rundll exe quot C WINDOWS system hnexcrxg dll quot s O - HKCU Run Startup Manager C Program Files Advanced System Optimizer startUp manager exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger MsnMsgr Exe quot background O - HKUS S- - - RunOnce SetDefaultMIDI MIDIDEF EXE s Creative SoundFont Synthesizer w SB Audigy User SYSTEM O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User SYSTEM O - HKUS DEFAULT RunOnce SetDefaultMIDI MIDIDEF EXE s Creative SoundFont Synthesizer w SB Audigy User Default user O - Extra context menu item E amp xport to Microsof... Read more

A:Win32/Adware.Virtumonde Virus

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

https://forums.techguy.org/threads/win32-adware-virtumonde-virus.726078/
Relevancy 50.74%

My antivirus spyware keeps detecting adware vundo and virtumonde but won't get rid of Problem Adware.vundo/virtumonde it I have NOD Spybot Spywareblaster Adware and superantispyware Here is my Hijack log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Analog Devices SoundMAX Smtray exeC WINDOWS system Adware.vundo/virtumonde Problem spool drivers w x hpztsb exeC Program Files Visioneer OneTouch OneTouchMon exeC Program Files HighCriteria TotalRecorder TotRecSched exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC WINDOWS system hphmon exeC Program Files Compaq Easy Access Button Support cpqeadm exeC WINDOWS system atiptaxx exeC Program Files Mozilla Thunderbird thunderbird exeC PROGRA Compaq EASYAC BttnServ exeC Program Files Eset nod kui exeC Program Files Java jre bin jusched exeC Program Files Nero Nero InCD NBHGui exeC Program Files Adware.vundo/virtumonde Problem Scansoft PaperPort pptd nt exeC Program Files iTunes iTunesHelper exeC Program Files Adobe Acrobat Acrobat Acrotray exeC Program Files Google Gmail Notifier gnotify exeC WINDOWS system Rundll exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files XemiComputers Active Desktop Calendar ADC exeC Program Files TuneUp Utilities MemOptimizer exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Buyertools Reminder Reminder exeC Program Files Roxio GoBack GBPoll exeC Program Files Nero Nero InCD InCDsrv exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Roxio GoBack GBTray exeC Documents and Settings All Users Start Menu Programs Startup SaverStarter exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files Eset nod krn exeC WINDOWS system pctspk exeC WINDOWS System svchost exeC Program Files Common Files Ahead Lib NMIndexingService exeC WINDOWS system HPHipm exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http hotmods xm com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dllO - HKLM Run Smapp C Program Files Analog Devices SoundMAX Smtray exeO - HKLM Run HPDJ Taskbar Utility C WINDOWS system spool drivers w x hpztsb exeO - HKLM Run OneTouch Monitor C Program Files Visioneer OneTouch OneTouchMon exeO - HKLM Run TotalRecorderScheduler quot C Program Files HighCriteria TotalRecorder TotRecSched exe quot O - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exeO - HKLM Run HPHmon C WINDOWS system hphmon exeO - HKLM Run CPQEASYACC C Program Files Compaq Eas... Read more

A:Adware.vundo/virtumonde Problem

Hello Bside2234Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. Sometimes with the amount of people posting a log or two may fall through the cracks as yours may have done, if you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.Ken

http://www.bleepingcomputer.com/forums/t/137081/adwarevundovirtumonde-problem/
Relevancy 50.74%

i really someone can help how to remove the adware virtumonde.i have search a lot of site about and try download few remover but it still in my laptop. i used antivirus NOD32 and spybot.i have run spybot almost every time but it still there.i try to delete manually the infected file but cannot .so i hope anyone help me how to remove it.

i used laptop acer 4520,windows xp professional version 2002,
 

https://forums.techguy.org/threads/adware-virtumonde-attack-my-laptop.748906/
Relevancy 50.74%

hi there I got infected with this Virtumonde fella and I need some help in getting rid of it noticed first time my PC went damn slow and I started a NOD scan got this warning I also had some minor weird dll's but I've managed to get rid of them this guy however won't leave so easy anyway here's my HijackThis log Logfile of Win32/adware.virtumonde Infection Got Trend Micro HijackThis v Scan saved at Got Win32/adware.virtumonde Infection AM on Platform Windows XP SP WinNT MSIE Internet Got Win32/adware.virtumonde Infection Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Common Files Autodesk Shared Service AdskScSrv exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Eset nod krn exe C Program Files Google Google Talk googletalk exe C Program Got Win32/adware.virtumonde Infection Files DU Meter DUMeter exe C Program Files Customizer XP RAMIdle exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Winamp winamp exe C Program Files Mozilla Firefox firefox exe D Small GameZ BubbleS bs exe C UnDeAd mirc exe C WINDOWS System svchost exe C Program Files totalcmd TOTALCMD EXE C WINDOWS system NOTEPAD EXE c Program Files ESET nod kui exe C Documents and Settings ch zra Desktop HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www daemon-search com startpage R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO no name - D - DD - A - A - B CDF C - C WINDOWS system awvts dll file missing O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - F A - B - A C- B -A CF E - C WINDOWS system mlljj dll file missing O - BHO no name - A A-FBC - -BA - A D EF - C WINDOWS system vtutspo dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run googletalk C Program Files Google Google Talk googletalk exe autostart O - HKLM Run DU Meter c Program Files DU Meter DUMeter exe O - HKLM Run RAM Idle C Program Files Customizer XP RAMIdle exe O - HKLM Run MSConfig C WINDOWS pchealth helpctr Binaries MSCONFIG EXE auto O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run HijackThis startup scan C Documents and Settings ch zra Desktop HijackThis exe startupscan O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exe O - Extra context menu item Append to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert link target to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECapture html O - Extra context menu item Convert link target to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppend html O - Extra context menu item Convert selected links to Adobe PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIECaptureSelLinks html O - Extra context menu item Convert selected links to existing PDF - res C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll AcroIEAppendSelLinks html O - Extra context menu item Convert selection to Adobe PDF - res... Read more

A:Got Win32/adware.virtumonde Infection

Hello!Welcome to the forums!I will be helping you with this case!|Please download VundoFix to your desktop.Double-click VundoFix.exe to run it. Click the Scan for Vundo button.Once it's done scanning, click the 'Fix Vundo' button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot. Follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.||Open HijackThisClick Config Click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.More information with a screenshot, can be found Here.Let me know the results, thank you.

http://www.bleepingcomputer.com/forums/t/137047/got-win32adwarevirtumonde-infection/
Relevancy 50.74%

Hello first time poster here I would appreciate any response from the Admins or posters here about any of the problems I am having Pc is slow and very sluggish to respond to anything I attempt to have it do I have run Avg Ad Aware and Spybot and they have detected nothing I also ran Sdfix and it found no problems as well I ran combofix a couple weeks ago and it found and deleted others and Virtumonde.dll Sluggish Adware.Minibug Pc, among some problem files but I cannot find that report Below I have recent scan Sluggish Pc, Virtumonde.dll and Adware.Minibug among others reports from Combofix Malwarebyte s Anti Malware and Hijack this Mam Malwarebytes Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txt Scan type Full Scan C D Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT Interface a f b- f- -ba c- a d c Adware Minibug - gt Quarantined and deleted successfully HKEY CLASSES ROOT Typelib c d a e- f- - - c a e Adware Minibug - gt Quarantined and deleted successfully HKEY CLASSES ROOT minibugtransporter minibugtransporterx Adware Minibug - gt Quarantined and deleted successfully HKEY CLASSES ROOT minibugtransporter minibugtransporterx Adware Minibug - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID c -cd d- -b ad- daf f Adware Coupons - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected HJT Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS System nvsvc exe C Program Files Softex OmniPass Omniserv exe C Program Files twc medicsp bin sprtsvc exe C WINDOWS System svchost exe C PROGRA AVG AVG avgrsx exe C Program Files Softex OmniPass OPXPApp exe C WINDOWS Explorer EXE C WINDOWS system wuauclt exe C windows system hpsysdrv exe C Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe C Program Files Hewlett-Packard HP Share-to-Web hpgs wnd exe C WINDOWS system ps exe c Program Files Hewlett-Packard HP Share-to-Web hpgs wnf exe C WINDOWS System spool drivers w x hpztsb exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files twc medicsp bin sprtcmd exe C PROGRA AVG AVG avgtray exe C Program Files Zone Labs ZoneAlarm zlclient exe C WINDOWS system ctfmon exe C Program Files iPod bin iPodService exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C WINDOWS system NOTEPAD EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rr com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go m... Read more

https://forums.techguy.org/threads/sluggish-pc-virtumonde-dll-and-adware-minibug-among-others.731471/
Relevancy 50.74%

I downloaded a cracked NOD32 version and with is started this gift:
A pop-up(the system messagebox type) which says that your system is infected. Clicing OK will open another window which is life Explorer window, 'My Computer' type and it shows progress of antivirus scan.
I since then removed the NOD32, installed another ZoneAlarm but it would not update so I am using a trial version NOD32 with a lot of trial period

The pop-up has since stopped coming but NOD32 blocks approx. 2 attacks per minute with following information:

Object
C://Windows\System32\iiScMOWa.ini

Threat
Win32/Adware.Virtumonde.NEO application

And sometimes:
Object
C://Windows\System32\iiScMOWa.ini

Threat
Win32/Adware.Virtumonde.NEO application

I have not yet installed HijackThis as I thought it might be solved without doing that but will duly do so if needed. An early response will be greatly appreciated.
God bless you all for the good work!
 

A:Pop-up problem:(Adware.Virtumonde.NEO application)

Hi,
I read some of the posts on Virtumonde and realized an log will be needed one way or the other so used Hijack This to produce the following log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:12 AM, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=Userinit.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [372c1b75] rundll32.exe "C:\WINDOWS\system32\ccmxstdh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F1... Read more

https://forums.techguy.org/threads/pop-up-problem-adware-virtumonde-neo-application.823321/
Relevancy 50.74%

Hi First Post Need help removing Win Adware Virtumonde I did a Hijackthis scan Logfile of HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS Adware Win32 removal Virtumonde system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE C Program Files ATI Technologies ATI ACE cli exe C Program Files Eset nod kui exe C Program Files Adobe Acrobat Win32 Adware Virtumonde removal Acrobat Acrotray exe C Program Files Win32 Adware Virtumonde removal Java jre bin jusched exe C Program Files Fichiers communs Real Update OB realsched exe C PROGRA Grisoft AVG avgcc exe C Win32 Adware Virtumonde removal WINDOWS system ctfmon exe C Program Files Fichiers communs Nero Lib NMIndexStoreSvr exe C Program Files Uniblue SpyEraser SpyEraser exe C Program Files Windows Desktop Search WindowsSearch exe C WINDOWS ATKKBService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C Program Files Nero Nero Nero BackItUp NBService exe C Program Files Eset nod krn exe C WINDOWS system IoctlSvc exe C WINDOWS system SearchIndexer exe C Program Files Fichiers communs Nero Lib NMIndexingService exe C Program Files Fichiers communs Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files ATI Technologies ATI ACE cli exe C Program Files ATI Technologies ATI ACE cli exe C Program Files Internet Explorer iexplore exe C Program Files Malwarebytes Anti-Malware mbam exe C WINDOWS system SearchProtocolHost exe C Documents and Settings Dominic Bureau HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rds ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Liens O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Fichiers communs Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run SkyTel SkyTel EXE O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -Delay O - HKLM Run nod kui quot C Program Files Eset nod kui exe quot WAITSERVICE O - HKLM Run Acrobat Assistant quot C Program Files Adobe Acrobat Acrobat Acrotray exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run TkBellExe quot C Program Files Fichiers communs Real Update OB realsched exe quot -osboot O - HKLM Run NeroFilterCheck C Program Files Fichiers communs Nero Lib NeroCheck exe O - HKLM Run NBKeyScan quot C Program Files Nero Nero Nero BackItUp NBKeyScan exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run IndxStoreSvr E - C C- d f- C - D A B AA quot C Program Files Fichiers communs Nero Lib NMIndexStoreSvr exe quot ASO- B - DAE- -A F- A E O - HKCU Run Uniblue SpyEraser quot C Program Files U... Read more

A:Win32 Adware Virtumonde removal

Hi, Welcome to TSG!!
Please update your version of HJT.
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.

Post a new log with that versoin.
 

https://forums.techguy.org/threads/win32-adware-virtumonde-removal.736275/
Relevancy 50.74%

Dear all I clicked on a google link and ended up with Win Adware Virtumonde on my desktop screen I have run Shield Deluxe and it is unable to remove the malware I found the forums Adware Solved: HJT Virtumonde- Win32 lo online and ran a HiJackThis scan Here are the logs- Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Solved: Win32 Adware Virtumonde- HJT lo Normal Running processes C WINDOWS System Solved: Win32 Adware Virtumonde- HJT lo smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C WINDOWS Explorer EXE C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files PCSecurityShield The Shield Deluxe avp exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe Solved: Win32 Adware Virtumonde- HJT lo C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe c TOSHIBA IVP swupdate swupdtmr exe C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C WINDOWS system TODDSrv exe C WINDOWS system dllhost exe C WINDOWS system wscntfy exe C Program Files Toshiba Toshiba Applet thotkey exe C WINDOWS System svchost exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exe C WINDOWS RTHDCPL EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS eHome ehmsas exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C WINDOWS system TPSMain exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files Synaptics SynTP Toshiba exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C Program Files Toshiba Tvs TvsTray exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C toshiba ivp ism pinger exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS system TPSBattM exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files Dell Photo AIO Printer dlccmon exe C Program Files PCSecurityShield The Shield Deluxe avp exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files iPod bin iPodService exe C WINDOWS system dlcccoms exe C WINDOWS system RAMASST exe C PROGRA MI AA rapimgr exe C WINDOWS system NOTEPAD EXE C Program Files Trend Micro HijackThis HijackThis exe C Program Files Mozilla Firefox firefox exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www toshibadirect com dpdstart O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B A... Read more

Relevancy 50.74%

Hello I was recently Infected with Virtumonde I have done some research on this virus and i know it's adware and restarts itself Trojan Removal Virtumonde Adware every time I restart the computer My computer is running extremely slow and I can't seem to open emails anymore I actually had to use a different computer to activate my BleepingComputer com account I'd appreciate your assistance in removing this threat Thank you and here is the log you requested DDS Ver - - - NTFSx Run by Chris Clark at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Webroot AntiVirus with AntiSpyware On-access scanning disabled Updated FW Webroot Desktop Firewall disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe Virtumonde Trojan Adware Removal -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder Virtumonde Trojan Adware Removal exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe -k Virtumonde Trojan Adware Removal imgsvc C Program Files Webroot Webroot Desktop Firewall wdfsvc exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS Explorer EXE C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C Program Files DAEMON Tools Lite daemon exe C Program Files Curse CurseClient exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Mozilla Firefox firefox exe C Documents and Settings Chris Clark Desktop dds scr Pseudo HJT Report uInternet Settings ProxyOverride local uSearchURL Default hxxp red clientapps yahoo com customize ptec defaults su http www yahoo com BHO Yahoo Companion BHO d -c f - efb- b - eca - c program files yahoo companion installs cpn ycomp dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO a d- cb - -b b- e a - c windows system lenoruta dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll TB amp Yahoo Companion ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn ycomp dll TB DAEMON Tools Toolbar aac-c - - e a- e a e - c program files daemon tools toolbar DTToolbar dll uRun DAEMON Tools Lite quot c program files daemon tools lite daemon exe quot -autorun uRun CurseClient quot c program files curse CurseClient exe quot -silent uRun yahozewibi quot c windows system rundll exe quot quot c windows system roligudo dll quot s mRun NvCplDaemon quot c windows system rundll exe quot c windows system NvCpl dll NvStartup mRun WinSys quot c windows system winsys exe quot mRun lt NO NAME gt mRun Webroot Desktop Firewall quot c program files webroot webroot desktop firewall WDF exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun AppleSyncNotifier quot c program files common files apple mobile device support bin AppleSyncNotifier exe quot mRun nwiz quot c windows system nwiz exe quot install mRun NvMediaCenter quot c windows system rundll exe quot c windows system NvMcTray dll NvTaskbarInit mRun yahozewibi Rundll exe quot c windows system zokufevi dll quot s mRun CPM a Rundll exe quot c windows system mehumifo dll quot a mRun SpySweeper quot c program files webroot spy sweeper SpySweeperUI exe quot startintray IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE B E C - FCB- CF-AAA - C - CAFEEFAC- - - -ABCDEFFEDCBC - c program files java jre bin ssv dll DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF... Read more

A:Virtumonde Trojan Adware Removal

Hello Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is found; allow it to do so.Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Post Combofix log and a fresh HijackThis log

http://www.bleepingcomputer.com/forums/t/223868/virtumonde-trojan-adware-removal/
Relevancy 50.74%

Logfile of Trend Micro HijackThis Warning! Win32/adware.virtumonde v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS System aspimgr exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Logitech Video LogiTray exeC WINDOWS System ltcm c exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC WINDOWS System LVComS exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Warning! Win32/adware.virtumonde Program Files Java jre bin jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files iPod bin iPodService exeC WINDOWS System lphctrbj e cv exeC Program Files Messenger msmsgs exeC Warning! Win32/adware.virtumonde WINDOWS System wuauclt exeC WINDOWS System ctfmon Warning! Win32/adware.virtumonde exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Glance Glance exeC Program Files Hp Digital Imaging bin hpqtra exeC Program Files Microsoft Office OFFICE ONQNOTE EXEC WINDOWS System HPZipm exeC Program Files Java jre bin jucheck exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run Creative WebCam Tray C Program Files Creative PC-CAM Center CAMTRAY EXEO - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exeO - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exeO - HKLM Run XircWinModem ltcm c exe O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run HP Software Update quot c Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run lphctrbj e cv C WINDOWS System lphctrbj e cv exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS System ctfmon exeO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Global Startup Glance lnk C Program Files Glance Glance exeO - Global Startup HP Digital Imaging Monitor lnk C Program Files Hp Digital Imaging bin hpqtra exeO - Global Startup Logitech Desktop Messenger lnk C Program Files Logitech Desktop Messenger Program LDMConf exeO - Global Startup Microsoft Office OneNote Quick Launch lnk C Program Files Microsoft Office OFFICE ONQNOTE EXEO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Extra context menu item E amp xport to Microsoft Exc... Read more

A:Warning! Win32/adware.virtumonde

Hello, stan99. Welcome to BC.Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Please download Malwarebytes' Anti-Malware and save it to your Desktop. Alternate download location Alternate download locationDouble-click mbam-setup.exe to install the application.Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.I would like you to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your desktop.Double click on the OTViewIt icon on your desktop.Click the "Scan All Users" checkbox.Click the Run Scan button.Two reports will open, copy and paste them in a reply here:OTViewIt.txt <-- Will be openedExtra.txt <-- Will be minimizedIn your next reply, please include the following:Log from MBAMLogs from OTViewIt.

http://www.bleepingcomputer.com/forums/t/171097/warning-win32adwarevirtumonde/
Relevancy 50.74%

not-a-virus Adware Win Virtumonde jp - can t delete it with any programs i ve not-a-virus:Adware.Win32.Virtumonde.jp encountered so far this is the hijackthis log can someone help tell me what can i do to clean and protect my computer against that virus not-a-virus:Adware.Win32.Virtumonde.jp Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system ZoneLabs avsys ScanningProcess exe C WINDOWS system ZoneLabs avsys ScanningProcess exe C Program Files ScanSoft OmniPageSE OpwareSE exe C WINDOWS System ctfmon exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS System spool DRIVERS W X E FATI BE EXE C WINDOWS SOUNDMAN EXE C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Gigabyte ET GUI exe C Program Files WinPop winpop exe C PROGRA ZONELA ZONEAL MAILFR mantispm exe C Program Files Opera Opera exe C Program Files Winamp winamp exe C WINDOWS System wuauclt exe C WINDOWS System wuauclt exe C WINDOWS System wuauclt exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System msiexec exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS SoftwareDistribution Download e f b d e f fd beea update update exe O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - HKLM Run OpwareSE quot C Program Files ScanSoft OmniPageSE OpwareSE exe quot O - HKLM Run OPSE reminder quot C Program Files ScanSoft OmniPageSE EregEng Ereg exe quot -r quot C Program Files ScanSoft OmniPageSE EregEng ereg ini quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run EPSON Stylus CX Series C WINDOWS System spool DRIVERS W X E FATI BE EXE P quot EPSON Stylus CX Series quot O quot USB quot M quot Stylus CX quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run runner C WINDOWS retadpu exe A B BBF B FB F B E B F AA EBD D C B F O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run EasyTuneV C Program Files Gigabyte ET GUI exe O - HKCU Run ctfmon exe C WINDOWS System ctfmon exe O - HKCU Run WinPop C Program Files WinPop winpop exe O - HKCU Run MSMSGS quot C Program Files Messenger MSMSGS EXE quot background O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Yahoo Messenger - E D C E- B F- D -B C - C C - C PROGRA Yahoo MESSEN YPager exe file missing O - Extra Tools menuitem Yahoo Messenger - E D C E- B F- D -B C - C C - C PROGRA Yahoo MESSEN YPager exe file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - DPF - f - bb - d -fa d f a ab YInstStarter Class - C Program Files Yahoo Common yinsthelper dll O - Service Ati HotKey Poller - Unknown owner - C WINDOWS System Ati evxx exe O - Service ATI Smart - Unknown owner - C WINDOWS system ati sgag exe O - Service LightScribeService Direct Disc Labeling Service LightScribeService - Hewl... Read more

A:not-a-virus:Adware.Win32.Virtumonde.jp

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
=================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.

This will take some time!!!!!!!!
 

https://forums.techguy.org/threads/not-a-virus-adware-win32-virtumonde-jp.600965/
Relevancy 50.74%

Hello all I downloaded a bunch of stuff today so I m not sure what did it but usually I don t get hit with this kind of stuff Oh well Even trusted sources can fail Anyway this is the message that pops up when you have AV installed I didn t Solved: Win32/Adware.Virtumonde at the time DOH so this isn t my machine it was someone elses who tested the file for me I am operating Windows XP SP updated as far as Windows Updates will go It seems this Virtumonde is one of those viruses that generate random names for the DLLs so they are hard to spot Symptoms When I open folders it takes longer to load the contents of them than usual and dragging windows leaves trails behind that take a bit to clear The computer is now just running slow in general I use to be able to do things while my computer is running intensive processes since I m on quad core w gigs of ram but now I can t Here is my HiJack this log file I can obviously see its still there and I m not sure how to Solved: Win32/Adware.Virtumonde get rid of this Logfile of Trend Micro Solved: Win32/Adware.Virtumonde HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Creative Shared Files CTAudSvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system CTHELPER EXE C WINDOWS system CTXFIHLP EXE C WINDOWS SYSTEM CTXFISPI EXE C WINDOWS system ctfmon exe C Program Files NETGEAR WG v WG v exe C WINDOWS System Solved: Win32/Adware.Virtumonde svchost exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - D D -B - F- CF - BBF A - C WINDOWS system juwefisi dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dll O - HKLM Run CTHelper CTHELPER EXE O - HKLM Run CTxfiHlp CTXFIHLP EXE O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run tanufogezi Rundll exe quot C WINDOWS system pofolehe dll quot s O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKUS S- - - Run tanufogezi Rundll exe quot C WINDOWS system pofolehe dll quot s User LOCAL SERVICE O - HKUS S- - - Run tanufogezi Rundll exe quot C WINDOWS system pofolehe dll quot s User NETWORK SERVICE O - S- - - Startup Stardock ObjectDock lnk C Program Files Stardock ObjectDock ObjectDock exe User SYSTEM O - DEFAULT Startup Stardock ObjectDock lnk C Program Files Stardock ObjectDock ObjectDock exe User Default user O - Startup Stardock ObjectDock lnk C Program Files Stardock ObjectDock ObjectDock exe O - Global Startup NETGEAR WG v Smart Wizard lnk ... Read more

A:Solved: Win32/Adware.Virtumonde

Hey, good news! I found a tutorial that helped me get rid of it! It really is tricky though.

http://bbayles.googlepages.com/antivundo.html

NOTE: The symptoms listed on that page do NOT limit the fixing ability of this tutorial. That wasn't my problem at all.

Heres a full list of what I did to fix it:

Ran SuperAntiSpyware(works good)
Ran Malware Bytes (works good)
Ran VundoFix
and Followed this tutorial which was the main fix http://bbayles.googlepages.com/antivundo.html
 

https://forums.techguy.org/threads/solved-win32-adware-virtumonde.738374/
Relevancy 50.74%

Hello Our PC seems to be infested with spyware and adware We've used the quot Users Self Help Malware Removal Guide quot to try to rid SmitFraud and Virtumonde from our computer However I notice there are still plenty of Virtumondes on the Panda Scan We use McAfee and I really think something got through We have a red shield with an X on our tool bar that claims it is a virtumonde, Malware, adware conjesting PC Windows Security Alert I'm pretty sure that's the malware I've attached the Deckards System Scan and the Panda Scan Listed below is the main txt info from the Deckard Scan run Deckard's System Scanner v Run by Jerry H Crescenti on - - at Computer is in Normal Mode -------------------------------------------------------------------------------- -- HijackThis run as Jerry H Crescenti exe ---------------------------------- Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Malware, virtumonde, adware conjesting PC Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C WINDOWS System CTsvcCDA exe C Program Files Intel Intel Application Accelerator iaantmon exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA McAfee MSC mclogsrv exe C PROGRA McAfee MSC mcupdmgr exe c program files common files mcafee mna mcnasvc exe C PROGRA McAfee VIRUSS mcods exe C PROGRA McAfee MSC mcpromgr exe c PROGRA COMMON mcafee redirsvc redirsvc exe C PROGRA McAfee VIRUSS mcshield exe C PROGRA McAfee VIRUSS mcsysmon exe C PROGRA McAfee MSC mctskshd exe C PROGRA McAfee MSC mcusrmgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM Malware, virtumonde, adware conjesting PC EXE C Program Files McAfee MPF MPFSrv exe C WINDOWS Malware, virtumonde, adware conjesting PC System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system UAService exe C WINDOWS System MsPMSPSv exe C WINDOWS system fxssvc exe C WINDOWS system wuauclt exe C WINDOWS Explorer EXE c PROGRA mcafee com agent mcagent exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Common Files Sonic Update Manager sgtray exe C Program Files Java j re bin jusched exe C WINDOWS system wscntfy exe C WINDOWS SM BG EXE C Program Files Real RealPlayer RealPlay exe C Program Files Dell Media Experience PCMService exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Intel Intel Application Accelerator iaanotif exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS system CTHELPER EXE C Program Files Creative SBAudigy DVDAudio CTDVDDet EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files Support com bin tgcmd exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS system ElkCtrl exe C Program Files Napster napster exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Grisoft AVG Anti-Spyware avgas exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Creative MediaSource Detector CTDetect exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files DellSupport DSAgnt exe C Program Files iPod bin iPodService exe C WINDOWS system msiexec exe C Documents and Settings Jerry H Crescenti desktop dss exe C DOWNLO HIJACK JERRYH EXE R - HKCU Software Microsoft Internet Explorer Main Search Bar http www comcast net toolbar search R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www comcast net toolbar search R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer pr... Read more

A:Malware, virtumonde, adware conjesting PC

Really need help!!
bump

http://www.techsupportforum.com/forums/f100/malware-virtumonde-adware-conjesting-pc-159361.html
Relevancy 50.74%

I read a lot of the forums and tried a lot by myself I ran vundofix then combofix then cleanup After that i ran spybot and symantec and it came back clean I want to make sure its all fixed So I ran hijack this can someone check out my log and see if it looks good Thanks Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe and hit tojan.vundo, by adware.virtumonde C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Symantec Client hit by tojan.vundo, and adware.virtumonde Security Symantec Client Firewall ISSVC exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system nvsvc exe C WINDOWS system oodag exe C WINDOWS system svchost exe C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C Program Files Symantec Client Security Symantec Client Firewall SymSPort exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C WINDOWS Explorer EXE C Program Files Logitech iTouch iTouch exe C PROGRA SYMANT SYMANT VPTray exe C WINDOWS SOUNDMAN EXE C Program Files CyberLink PowerDVD PDVDServ exe C WINDOWS Logi MwX Exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system rundll exe C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C WINDOWS system rundll exe C WINDOWS system ctfmon exe C Program Files Microsoft ActiveSync wcescomm exe C Program Files Logitech SetPoint SetPoint exe C PROGRA MICROS rapimgr exe C Program Files Common Files Logitech khalshared KHALMNPR EXE C Program Files Mozilla Firefox firefox exe C Documents and Settings Administrator Desktop HijackThis exe O - HKLM Run zBrowser Launcher C Program Files Logitech iTouch iTouch exe O - HKLM Run vptray C PROGRA SYMANT SYMANT VPTray exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run nwiz nwiz exe install O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run Logitech Utility Logi MwX Exe O - HKLM Run InCD C Program Files Ahead InCD InCD exe O - HKLM Run EPSON Stylus CX Series C WINDOWS System spool DRIVERS W X E FATI AA EXE P quot EPSON Stylus CX Series quot O quot USB quot M quot Stylus CX quot O - HKLM Run DVDTray C Program Files Ahead ODD Toolkit DVDTray exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime Alternative qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NeroFilterCheck C Program Files Common Files Ahead Lib NeroCheck exe O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync wcescomm exe quot O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup Logitech SetPoint lnk C Program Files Logitech SetPoint SetPoint exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Ex... Read more

Relevancy 50.74%

Not my AVG and any other online Infected AdWare.Win32.Virtumonde.vbf with scanner detects any threat Just RemoveIt tool detected these two viruses First AdWare Win Virtumonde vbf nnnmmlji dll and second one identified as quot trojan win Monder acoq quot pmnmnKDU dll Now second day that monder acoq mysteriously dissapeared and nothing detects it Worst part is that my pc is Infected with AdWare.Win32.Virtumonde.vbf all wonky After Infected with AdWare.Win32.Virtumonde.vbf boot it shuts down explorer exe I am only able to access desktop and other programs through task manager Starting new task explorer exe will load desktop for about seconds till another shutting down Its only moments I can start anything useful Once is other program started it works just fine Only without explorer exe blank desktop and without taskbar Horrible Please what should I do Here is my DDS txt logDDS Version - NTFSx Run by Ev en Jindra at on t Internet Explorer BrowserJavaVersion Syst m Microsoft Windows XP Professional GMT AV AVG Anti-Virus On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC Infected with AdWare.Win32.Virtumonde.vbf WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC PROGRA AVG AVG avgwdsvc exeC Program Files Onlineeye gmxffcsrv exeC Program Files HNetInfo HServer startsrv exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEc mysql bin mysqld exeC WINDOWS system nvsvc exeC Program Files Raxco PerfectDisk PD Agent exeC PROGRA AVG AVG avgam exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC WINDOWS system SCardSvr exeC WINDOWS system svchost exe -k imgsvcC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgemc exeC WINDOWS SOUNDMAN EXEC Program Files ScreenPrint v ScreenPrint exeC Program Files Java jre bin jusched exeC Program Files A Tech Mouse Amoumain exeC WINDOWS mHotkey exeC program files onlineeye onlineeye exeC WINDOWS system RUNDLL EXEC PROGRA AVG AVG avgtray exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system rundll exeC Program Files Skype Phone Skype exeC Program Files MSN Messenger msnmsgr exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files AnyDVD AnyDVD exeC Program Files Mozilla Firefox firefox exeC WINDOWS system taskmgr exeC WINDOWS explorer exeC WINDOWS explorer exeC Documents and Settings Ev en Jindra Plocha dds scr Pseudo HJT Report uStart Page about blankuSearch Page hxxp www google comuSearch Bar hxxp www google com ieuDefault Search URL hxxp www google com ieuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com ieuURLSearchHooks N A b - d - f f-bcc - aa afd - c program files pandobar srchastt bin P SRCHAS DLLBHO Octh Class b - b - -b f -f b efc - c program files orbitdownloader orbitcth dllBHO Pando Search Assistant BHO b - d - f f-bcc - aa afd - c program files pandobar srchastt bin P SRCHAS DLLBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat acrobat activex AcroIEHelper dllBHO CInterceptor Object d fe - d - f -bb e-c a a a - c program files pando networks pando PandoIEPlugin dllBHO Game OS a ef - - d d-b da-defa cd dc - c windows system gopfa dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO d cb -c cd- c f-bfdc- b afbdc c - c windows system nnnmmljI dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO E D - A- EC-A -BA D E E - No FileBHO ADSTechnology module cbac - - - d -feb f f e c - ADSTechnology ClassBHO ActivationManager module a ef - fc- e -a -b f f f - ActivationManager ClassBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO AVG Security Toolbar a a -bacc... Read more

A:Infected with AdWare.Win32.Virtumonde.vbf

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThis may seem repetitive, but we need to see the current status of your system.Please Hold on it may take us a day or so to get back with you.R,K

http://www.bleepingcomputer.com/forums/t/190432/infected-with-adwarewin32virtumondevbf/
Relevancy 50.74%

Hi I keep getting various popups on my computer and it s driving me crazy Here is the hijackthis log me.... not-a-virus:AdWare.Win32.Virtumonde.jp help Please Thanks Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System not-a-virus:AdWare.Win32.Virtumonde.jp Please help me.... smss exe C WINDOWS system winlogon exe C WINDOWS system services exe not-a-virus:AdWare.Win32.Virtumonde.jp Please help me.... C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system ZoneLabs avsys ScanningProcess exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS system LEXPPS not-a-virus:AdWare.Win32.Virtumonde.jp Please help me.... EXE C WINDOWS system ZoneLabs avsys ScanningProcess exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Windows Defender MSASCui exe C Program Files Internet Explorer iexplore exe C WINDOWS system ctfmon exe C DOCUME ADMINI LOCALS Temp Temporary Directory for hijackthis zip HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run winlog winlog exe O - HKLM Run runner C WINDOWS retadpu exe A B BBF B F F B E B F AA EBD D C B F O - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM RunServices winlog winlog exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run WinPop C Program Files WinPop winpop exe O - Extra context menu item amp Windows Live Search - res C Program Files Windows Live Toolbar msntb dll search htm O - Extra context menu item Add to Windows amp Live Favorites - http favorites live com quickadd aspx O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button no name - B A E- FC - CE - B- DBBB C - C Program Files Common Files Microsoft Shared Encarta Search Bar ENCSBAR DLL O - Extra button no name - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Options group INTERNATIONAL International O - DPF BF D - C - B -BC -D ABDDC B QuickTime Object - http a g akamai net qtinstall info app... Read more

A:not-a-virus:AdWare.Win32.Virtumonde.jp Please help me....

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

==============
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
 

https://forums.techguy.org/threads/not-a-virus-adware-win32-virtumonde-jp-please-help-me.587958/
Relevancy 50.74%

Hello:I recently extracted a file that contained a virus. I ran several security applications to remove the threat but NOD32 keeps reporting the same threat. The threat is quarantined with the filename ........... 89.188.16.50/css4.dll?sid=B7545DI've read several topics in this forum to orientate myself and have downloaded common applications mentioned in this forum such as hijackthis, aft cleaner, and otscanit. What should I do next? Please help. Thanks.Please do not post a link to active malware,Others may click on it and be infected.{Mod Edit:Killed potentially dangerous active link~~boopme }

A:Win32/adware.virtumonde Application

Hello please use the instructions in this BC Tutorial. Let us know how things go. Also is this an XP machine?If Vista please run tools as Administrator.NOTE: all blue wording are links to instructionsFirst you will need to follow the instructions in our TutorialHow To Remove Vundo/Winfixer InfectionNow Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Version. Save both to desktop .. DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post the log and Let us know how your PC is running.

http://www.bleepingcomputer.com/forums/t/137897/win32adwarevirtumonde-application/
Relevancy 50.74%

hi remove how win32/adware.virtumonde.neo? do i i need help please i ve been reading up on how to remove this virus that has somehow gotten into my system i am currently using XP and have eset nod installed it keeps saying that the object has been quarantined but notifications keep popping up and once in a while a warning pops up on my screen about a how do i remove win32/adware.virtumonde.neo? hundred virus infections and asks me to download a program to clean it i have downloaded and run hijack this and have saved a logfile it also opened a window that has options to delete a number of files but i havent yet as warned here are the contents start Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe how do i remove win32/adware.virtumonde.neo? C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZONELABS vsmon exe C Program Files CheckPoint ZAForceField IswSvc exe C WINDOWS system spoolsv exe C Program Files ESET ESET Smart Security ekrn exe C Program Files Java jre bin jqs exe C WINDOWS System nvsvc exe C WINDOWS system HPZipm exe C Program Files CheckPoint ZAForceField ForceField exe C WINDOWS System svchost exe C WINDOWS System TUProgSt exe C WINDOWS Explorer EXE C Program Files CheckPoint ZAForceField ISWMGR exe C Program Files CheckPoint ZAForceField ISWMGR exe C WINDOWS system RUNDLL EXE C WINDOWS RTHDCPL EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files FlashGet FlashGet exe C Program Files Java jre bin jusched exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files ESET ESET Smart Security egui exe C WINDOWS system ctfmon exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files Magic Memory Optimizer MagicMemoryOptimizer exe C Documents and Settings Ruby Soho Local Settings Application Data Google Update GoogleUpdate exe C Program Files USB Video Camera Monitor exe C WINDOWS system rundll exe C Documents and Settings Ruby Soho Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Ruby Soho Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Ruby Soho Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Ruby Soho Local Settings Application Data Google Chrome Application chrome exe C Documents and Settings Ruby Soho Local Settings Application Data Google Chrome Application chrome exe C WINDOWS system rundll exe C Documents and Settings Ruby Soho My Documents Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http search imesh com intl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - Toolbar ForceField Toolbar - EE AC E -B B - EC - A -BCA A AB - C Progr... Read more

https://forums.techguy.org/threads/how-do-i-remove-win32-adware-virtumonde-neo.821988/