Home > Hijack Log > Hijack Log Virtumonde Infection

Hijack Log Virtumonde Infection

I'll play you a game! Update your antivirus and make sure it's working properly. You may have to register before you can post: click the register link above to proceed. You don't get an error, but the segment of the program log that enumerates programs in Shared Task Scheduler is blank. Source

Save these instructions in word or notepad to the desktop where they can be easily found. Run FixVundo. Download and run malwarebytes http://www.malwarebytes.org/ Do a complete scan and remove all items it finds. do you want another hjt report?do you know of any reason that the rundll32 file would be deleted?

Reply With Quote September 10th, 2007,12:31 AM #2 slgrieb View Profile View Forum Posts Registered User Join Date Feb 2003 Posts 4,103 Apparently, I made a mistake with the link I Attach the report, and a new HJT log Jan 9, 2009 #17 randyhawk TS Enthusiast Topic Starter Posts: 60 sorry about posting results late, usually i work long hours and Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.3. Ask a question and give support.

about several systems... or read our Welcome Guide to learn how to use this site. Run HJT aftrwards. Back to top #12 rachieb rachieb Topic Starter Members 10 posts OFFLINE Local time:11:34 PM Posted 22 February 2007 - 03:16 PM Thank you so much, that has really made

Visa/MC/Paypal accepted. If this is your first visit, be sure to check out the FAQ by clicking the link above. PM if you still have it . Once it's done scanning, click the Remove Vundo button. Attempting to delete C:\WINDOWS\system32\ghkmp.ini2C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!

Custom Search Join the PC homebuilding revolution! Click Continue and wait for the report. 7. But, if you go to CNet's download.com site and search for it, there isn't a listing. or read our Welcome Guide to learn how to use this site.

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Death... Include the address of this thread in your request. I'll play you a game!

Several functions may not work. this contact form Download fresh copies of your spyware removal either onto a CD from another computer or with a thumb drive from another computer. My computer is slow!---My Blog---Follow me on Twitter.Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.DO NOT BLEEPINGCOMPUTER NEEDS YOUR HELP!

So, once again, Smitfraud variants that use the Shared Task Scheduler to either reinstall themselves from compressed files, run installation programs to reload themselves, etc. Reply With Quote 04-11-2009,08:50 AM #2 classicsoftware View Profile View Forum Posts View Blog Entries View Articles Exalted Grand Master GeekModerator Join Date Jul 2001 Location Wyncote, PA, USA Posts 10,559 Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. have a peek here If you want to use a for-pay tool instead of the manual removal and scans with freeware, SpySweeper 5.5 works very well, too.

Attempting to delete C:\WINDOWS\system32\usrl32.dllC:\WINDOWS\system32\usrl32.dll Has been deleted!Performing Repairs to the registry.Done!hijack logLogfile of HijackThis v1.99.1Scan saved at 22:46:11, on 21/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZONELABS\avsys\ScanningProcess.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\eManager\anbmServ.exeC:\WINDOWS\system32\ZONELABS\avsys\ScanningProcess.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXEC:\Program One Script to find them. Register now!

Then run an online scan from Eset.

For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: After the scan is complete click Remove Vundo, removal will begin. I think this should be correct.

I've tried to restore to an earlier time-point, but the system doesn't seem to recognise when I click on the "next" button to select a restore. Once you click yes, your desktop will go blank as it starts removing Vundo. Finally I read about hijackthis and decided to do a scan and get a log and post it here... http://softsystechnologies.com/hijack-log/hijack-log-please-help-please.html Back to top #3 rachieb rachieb Topic Starter Members 10 posts OFFLINE Local time:11:34 PM Posted 21 February 2007 - 03:23 PM Hi Richie, is this right?Logfile of HijackThis v1.99.1Scan

It also detects when HijackThis is run.