Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojanvundo,Virtumonde,Unclassified.Unknown Origin?, Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojanvundo,Virtumonde,Unclassified.Unknown Origin?, Malware

Unread postby sunovAgeek » January 25th, 2009, 12:56 am

Peace N Paradise!, My pc is currently infected with TrojanVundo.h, Virtumonde, & another Ad-Aware 2007 keeps finding called Unclassified.Unknown origin. I have used the following so-called utilities 2 eliminate the problem - Glary reg repair, Malwarebytes Anti Malware, Registry Mechanic, Spybot Search & Destroy, SUPERAntiSpyware, Sysinpector, Trojan Killer, Windows Defender, & VundoFix in normal & safemode to no avail. When i reboot, Guess what? Yeah! its still active & present. I use ESET Nod32 Antivirus. The 1st, symtoms appeared a week be4 new years. Unexpected shutdowns, alot ov pop-ups followed by freeze-ups at start-up rite during the loading ov my antivirus, when that happen i jus hit the reset button. I ran the above scans, and although none ov the above threats were permanently removed. After about week, I seem to no longer suffer from any ov the symtoms. Oh yeah! My system restore points seem to have been altered. Does anyone have a solution to my infection? Here the log. Thanks 4 ur time N energy...





DDS (Ver_09-01-19.01) - NTFSx86
Run by User at 10:28:38.23 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1470 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapRec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Snaptune Inc\Snaptune One\SnapTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM4P7OL8\dds[1].scr

============== Pseudo HJT Report ===============

mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: {6fdf0673-47a4-4336-810e-3629ce5f3b57}: {75b3f5ec-9263-e018-6334-4a743760fdf6}
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A35DB5FD-82EF-460F-B0B0-BDB4722B6F7F} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [nwiz] nwiz.exe /install
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware 2007\Ad-Watch2007.exe
mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BarbieGirlsTray] c:\program files\mattel\barbie girls\Mattel.BarbieGirls.Tray.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\user\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\wireless mouse\MouseAp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snaptu~1.lnk - c:\program files\snaptune inc\snaptune one\SnapTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDow ... eqlab3.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: wbsys.dll zczbtl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\lwocxonx.default\
FF - prefs.js: browser.startup.homepage - hxxp://hamptonroads.cox.net/cci/home
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: {5987FF76-946F-41BF-ADE1-9D87A3B9B448} - c:\windows\system32\config\systemprofile\local settings\application data\{5987ff76-946f-41bf-ade1-9d87a3b9b448}\

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-7 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-7 52736]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-11 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-11 394952]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2008-2-19 472644]
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R4 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R4 Snaptune Recording Service;Snaptune Recording Service;c:\program files\snaptune inc\snaptune one\SnapRec.exe [2007-10-12 573440]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-01-19 11:37 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-01-19 11:25 <DIR> --d----- C:\VundoFix Backups
2009-01-13 17:55 <DIR> --d----- c:\program files\CyberPower PowerPanel Personal Edition
2009-01-13 17:54 <DIR> --d----- c:\program files\common files\Zero G Software
2009-01-13 17:52 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys
2009-01-13 17:52 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-13 17:52 20,352 ac------ c:\windows\system32\dllcache\hidbatt.sys
2009-01-13 17:52 20,352 a------- c:\windows\system32\drivers\hidbatt.sys
2009-01-13 17:52 14,208 ac------ c:\windows\system32\dllcache\battc.sys
2009-01-13 17:52 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-01-11 08:02 0 a------- c:\windows\system32\drivers\senekawbmqdngc.sys
2009-01-10 23:53 <DIR> --d----- c:\program files\Trojan Killer
2009-01-10 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-10 21:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-10 21:42 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-01-07 11:27 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-25 14:07 <DIR> --d----- c:\docume~1\user\applic~1\Mattel
2008-12-25 14:06 <DIR> --d----- c:\program files\Mattel

==================== Find3M ====================

2009-01-24 10:28 230,545,440 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-24 05:40 2,704,484 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-08-23 06:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 10:29:40.48 ===============
sunovAgeek
Active Member
 
Posts: 2
Joined: January 19th, 2009, 2:26 pm
Advertisement
Register to Remove

Re: Trojanvundo,Virtumonde,Unclassified.Unknown Origin?, Malware

Unread postby Elrond » February 3rd, 2009, 3:56 pm

Due to duplication of posting this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware