Virtumonde & Win32 TDSS

May 20, 2009 at 06:26:19
Specs: Windows XP
Hey all,

Please help me, this virtumonde and Win32 TDSS is killing me. I've used Spybot and MBAB to find it and destroy it but upon reboot it comes back again. :(


my MBAB log
Malwarebytes' Anti-Malware 1.36
Database version: 2155
Windows 5.1.2600 Service Pack 3

5/20/2009 1:55:25 PM
mbam-log-2009-05-20 (13-55-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 171268
Time elapsed: 1 hour(s), 33 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Sui Ling Phang\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sui Ling Phang\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sui Ling Phang\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sui Ling Phang\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.

Please please help me
Let me know if you need my Hijack this log....

Thanks so much!

Suiet


See More: Virtumonde & Win32 TDSS

Report •


#1
May 20, 2009 at 06:33:27
Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screenshot/log of detected files that is fixed and which it could not fix.

--------------------------------------------
To Private Message me Click Here


Report •
Related Solutions


Ask Question