Virus

Closed
Gervarod - Apr 21, 2010 at 12:48 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 22, 2010 at 04:21 AM
hello to whom it may be i need help to remove a virus which pops up the internet Explorer and its done it on me 10 times on me in half an hour and at the moment im doing a online internet scan with micro trend house call and im doing a full system scan with it. plases if any one would help me it's driving me nuts like hell.

Thanks, Gervarod

Related:

1 response

Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 21, 2010 at 03:54 PM
Hello Gervarod,

You could be facing a Jsredirect trojan or Virtumonde alias Norton's alias Vundo.

Try Spybot Search and Destroy who can handle this type of virus.

https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/

When you install, I recommend deselecting the tea-timer option.

Let me kow how you did.

Regards
0
Ambucias, i tried to install it but it wont let me it says it could not find the programs off the internet to help install it for me. is there any way i cloud remove it by manual instead of spybot search and destroy. but i used your online internet scan and it removed 9 spy-ware and 1 Trojan then i did it again and it remove 4 more Spy-ware. but im going to give micro trend house call a go on full system scan for the next few hours.
hope to hear from you sooon.

Regards, Gervarod
0
Ambucias i may think i have the Virtumonde Virus cos my laptop is a bit slow and spybot wont get rid of it. any other way i can do it wifout useing combofix at all. thanks,
gervarod
0
Avira AntiVir Personal
Report file date: Thursday, 22 April 2010 12:00

Scanning for 2026905 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOMECOMPUTER-PC

Version information:
BUILD.DAT : 10.0.0.565 32097 Bytes 12/04/2010 16:29:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 21/04/2010 17:44:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 21/04/2010 17:44:31
LUKE.DLL : 10.0.2.3 104296 Bytes 7/03/2010 08:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 13:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 23:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 09:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 07:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 06:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 01:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 03:57:55
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 03:57:56
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 03:57:56
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 03:57:57
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 03:57:57
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 03:57:57
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 03:57:58
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 03:57:58
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 03:57:59
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 17:44:31
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 17:44:31
VBASE016.VDF : 7.10.6.153 2048 Bytes 21/04/2010 17:44:31
VBASE017.VDF : 7.10.6.154 2048 Bytes 21/04/2010 17:44:31
VBASE018.VDF : 7.10.6.155 2048 Bytes 21/04/2010 17:44:31
VBASE019.VDF : 7.10.6.156 2048 Bytes 21/04/2010 17:44:31
VBASE020.VDF : 7.10.6.157 2048 Bytes 21/04/2010 17:44:31
VBASE021.VDF : 7.10.6.158 2048 Bytes 21/04/2010 17:44:31
VBASE022.VDF : 7.10.6.159 2048 Bytes 21/04/2010 17:44:31
VBASE023.VDF : 7.10.6.160 2048 Bytes 21/04/2010 17:44:31
VBASE024.VDF : 7.10.6.161 2048 Bytes 21/04/2010 17:44:31
VBASE025.VDF : 7.10.6.162 2048 Bytes 21/04/2010 17:44:31
VBASE026.VDF : 7.10.6.163 2048 Bytes 21/04/2010 17:44:31
VBASE027.VDF : 7.10.6.164 2048 Bytes 21/04/2010 17:44:31
VBASE028.VDF : 7.10.6.165 2048 Bytes 21/04/2010 17:44:31
VBASE029.VDF : 7.10.6.166 2048 Bytes 21/04/2010 17:44:31
VBASE030.VDF : 7.10.6.167 2048 Bytes 21/04/2010 17:44:31
VBASE031.VDF : 7.10.6.169 58368 Bytes 21/04/2010 17:44:31
Engineversion : 8.2.1.220
AEVDF.DLL : 8.1.1.3 106868 Bytes 13/02/2010 02:16:21
AESCRIPT.DLL : 8.1.3.26 1286521 Bytes 17/04/2010 03:58:46
AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 08:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 01:09:47
AERDL.DLL : 8.1.4.6 541043 Bytes 17/04/2010 03:58:41
AEPACK.DLL : 8.2.1.1 426358 Bytes 8/04/2010 04:57:49
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 01:09:46
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 17/04/2010 03:58:33
AEHELP.DLL : 8.1.11.3 242039 Bytes 8/04/2010 04:57:33
AEGEN.DLL : 8.1.3.7 373106 Bytes 17/04/2010 03:58:16
AEEMU.DLL : 8.1.1.0 393587 Bytes 9/11/2009 23:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 8/04/2010 04:57:30
AEBB.DLL : 8.1.0.3 53618 Bytes 10/09/2009 02:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 02:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 02:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 06:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 21/04/2010 17:44:31
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 21/04/2010 17:44:31
AVARKT.DLL : 10.0.0.14 227176 Bytes 21/04/2010 17:44:31
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 25/01/2010 23:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 02:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 05:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 04:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 03:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 21/04/2010 17:44:31

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, 22 April 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Apntex.exe' - '1' Module(s) have been scanned
Scan process 'HidFind.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'msgrdvmn.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'mum.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'AvastUI.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'Ydg.exe' - '1' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SteamWatch.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'aestsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AvastSvc.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'STacSV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1711' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Thursday, 22 April 2010 13:35
Used time: 1:35:41 Hour(s)

The scan has been done completely.

18387 Scanned directories
261448 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
261448 Files not concerned
1145 Archives were scanned
0 Warnings
0 Notes
0
heres the other scan from malwarebytes......




22/04/2010 2:29:49 PM
mbam-log-2010-04-22 (14-29-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 225495
Time elapsed: 2 hour(s), 27 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.140,93.188.166.127 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19da50f0-60fa-449d-ad38-b78f295d7b4a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.140,93.188.166.127 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19da50f0-60fa-449d-ad38-b78f295d7b4a}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.140,93.188.166.127 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff1686de-b41a-49f8-aa16-09cf52443b46}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.140,93.188.166.127 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\spool\prtprocs\w32x86\000032be.0mp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\HomeComputer\AppData\Local\Temp\Ydg.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,171
Apr 22, 2010 at 04:21 AM
Wow,
Well it was not Virtumonde but a Trojan Downloader, his cousin a DNS changer with his little brother giving fake alerts.

U wuz sick! But now you are okay.

Be careful now friend
0