Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde.dll problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde.dll problem

Unread postby vin2 » November 28th, 2010, 5:06 am

Hi everyone.

I have been using Spybot Search & Destroy and have trouble permanently deleting virtumonde.dll. Search and Destroy has detected it numerous times and even after pushing "fix checked problem", it always comes back when I scan again.

My attempts to resolve this involve using vundofix.exe in safe mode, Malwarebytes' Anti-Malware, vundobegone, and avast. All programs state there are no problems and do not detect anything malicious.

After reading how bad this infection can be, the only strange thing that has happened are some of the bookmark icons swapping around. I am using firefox and have not encountered any popups. Listed below is my hijackthis log and uninstall list.

Thank you very much in advance. =)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:09 PM, on 11/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\TCAUDIAG.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Alwil Software\Avast5\avastUI.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\NETGEAR\WG111v2\WG111v2.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\WINDOWS\system32\SNDVOL32.EXE
E:\Program Files\Winamp\winamp.exe
E:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.optusnet.com.au/dsl/favorites/homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [aol] "E:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] E:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast5] "E:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = E:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} (Friendster Image Uploader Control) - http://images.friendster.com/201006A-01 ... loader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - E:\Program Files\AOL\Active Virus Shield\avp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7046 bytes


3Com NIC Diagnostics
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.21.07
ASUS Probe V2.25.02
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
BitTorrent
Bonjour
Canon Camera Access Library
Canon i850
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Combined Community Codec Pack 2010-10-10
DivX Setup
DVD Shrink 3.2
Font Xplorer 1.2.2
Free iPod Video Converter 1.34
HiJackThis
HijackThis 2.0.2
iriver plus 3 (remove only)
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LucasArts' Curse of Monkey Island
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
MSVCRT
Nero Suite
NETGEAR WG111v2 wireless USB 2.0 adapter
Next Video Converter 3.2
OptusNet DSL
Panda ActiveScan 2.0
PDF Settings
PowerDVD
QuickTime
Segoe UI
Siemens Subscriber Networks SpeedStream DSL
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.0
Starcraft
VC80CRTRedist - 8.0.50727.4053
VIA Integrated Setup Wizard
VideoLAN VLC media player 0.8.5
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm
vin2
Active Member
 
Posts: 2
Joined: November 28th, 2010, 4:01 am
Advertisement
Register to Remove

Re: Virtumonde.dll problem

Unread postby vin2 » November 28th, 2010, 10:00 pm

Hi,

I have decided to go to another forum to resolve this problem, please close this topic. Thanks. =)
vin2
Active Member
 
Posts: 2
Joined: November 28th, 2010, 4:01 am

Re: Virtumonde.dll problem

Unread postby NonSuch » November 28th, 2010, 11:50 pm

As assistance is no longer required, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware