Home > Please Help > PLEASE Help! HJT Log (win32/virtumonde.gen)

PLEASE Help! HJT Log (win32/virtumonde.gen)

WIndows Sharing Problem, Please help Translate © 2017 Advanced PC Media LLC, all rights reserved. Please re-enable javascript to access full functionality. scanning hidden autostart entries ... Please open Notepad Click Start , then RunType notepad.exe in the Run Box.2. navigate here

Yes, my password is: Forgot your password? Not had any pop ups since and speed has improved Thanks GnasherLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:35:29, on 28/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 Join the ClassRoom and learn how.MS - MVP Consumer Security 2009 - 2016 Back to top #3 jas824 jas824 New Member Members 7 posts Posted 12 March 2008 - 09:35 AM but who knows if thats all of it! http://www.bleepingcomputer.com/forums/t/113768/please-help-removing-win32virtumondegen-etc/

The list is not all inclusive. Here are the logs you requested:KASPERSKY Log:------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 21, 2006 16:06:15 Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky On-line Scanner version: queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Place a check next to the following items (if present):O2 - BHO: (no name) - {197764E9-AC8E-4665-BAFC-A88F993D7831} - C:\WINDOWS\system32\pmnnn.dll (file missing)O2 - BHO: (no name) - {22C9777C-A7F5-4380-8020-F570BC4F0AFC} - C:\WINDOWS\system32\mljjj.dll (file missing)O2 -

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Please re-enable javascript to access full functionality. The PC seems to be running abit quicker on startup.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:52:40, on 30/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Save the above as CFScript.txt4.

Join over 733,556 other people just like you! If you are on Cable or DSL unplug your computer from the modem.Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner Register now! Click "Yes" at the Delete on Reboot prompt.

Several functions may not work. Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 6 Update 5 Scroll to Java Runtime Environment (JRE) 6 Update Advertisement k_har Thread Starter Joined: Oct 13, 2007 Messages: 19 My computer is practically unuseable.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click File, Save as..., and enter as the filename: RedIcon.REG Save this to your desktop. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Jump to content Resolved Malware Removal Logs Existing user?

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Several together can give you problems and decrease the reliability of it seriously!Ewido is now AVG AntiSpyware, and has been for quite a while now. I had to do re-enable System Restore twice as I got an error message, but when I re-started, SR was on. Please save that log to post in your next reply along with a fresh HJT logNote:Do not mouseclick combofix's window whilst it's running.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well. Kit ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, March 08, 2008 9:48:30 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: Kaspersky Anti-Virus database Reboot your computer once all Java components are removed. 13. Unfortunately, my access to the machine is limited time-wise.

scanning hidden files ... Did as you instructed, here are the two files:VundoFix.txt:VundoFix V4.0Listing files found while scanning....C:\WINNT\System32\gebxx.dllC:\WINNT\System32\xxbeg.iniC:\WINNT\System32\xxbeg.bak1C:\WINNT\System32\xxbeg.bak2C:\WINNT\System32\nnnkl.dllC:\WINNT\System32\yayax.dll Attempting to delete C:\WINNT\System32\gebxx.dllC:\WINNT\System32\gebxx.dll Has been deleted! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics) Social:

Thank you!

You can even use your credit card! Thread Status: Not open for further replies. Line 023 - it's probably about Prevx - I'm not using it - can I fix it?Click to expand... Line 023 - it's probably about Prevx - I'm not using it - can I fix it?

Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. Security Help Tools cybertech, Mar 10, 2008 #11 k_har Thread Starter Joined: Oct 13, 2007 Messages: 19 Thank you. I was downloading some stuff and AVSystem Care automatically started installing on my computer and I couldn't get it to quit. Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 19:57:16 2913584][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceStartMenuLogOff"= 1 (0x1)"NoWelcomeScreen"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe""updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"igfxtray"=C:\WINDOWS\system32\igfxtray.exe"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe""Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsR2

AdWare.Win32.Virtumonde.gen... (that KASPERSKY ONLINE SCANNER finds) in seven files. I know that the hijackthis log helps... below is that report.... A text file will open in your default text editor.