Win32/adware.virtumonde application

Computing.Net > Forums > Security and Virus > Win32/adware.virtumonde application

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Win32/adware.virtumonde application

Name: RBlackheart
Date: March 27, 2008 at 14:19:00 Pacific
OS: Windows Vista SP1
CPU/Ram: 3Ghz P4 / 1.5GB DDR

Comment:

I was online with MSN messenger when my cousin ( or who I thought was my cousin ) I.M'd me with a link. I clicked on it and then NOD32picked up this virus on my PC < win32/adware.virtumonde application >
I've searched the net and done nearly everything suggested ( Vundofix, hijackthis, safe mode, spybot S&D, Ad-Aware, NOD 32 and even tried manually deleting the DLL's. Nothing has worked. Please help me.

Sponsored Link

Ads by Google

Response Number 1

Name: Adii
Date: March 27, 2008 at 21:38:37 Pacific

Reply:

Hi,
If you are looking random DLL files then its VirtuMonde.
Post your Hijackthis Log for Analsys!

Response Number 2

Name: raindogs
Date: May 1, 2008 at 16:01:27 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 23:56:33, on 01-05-2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat
8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba
TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kanguru\Kanguru.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\System32\WScript.exe
C:\Users\Luis\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.google.pt
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.google.pt
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-
2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-
30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program
Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-
B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do
Windows Live - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-
9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program
Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program
Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program
Files\TOSHIBA\Toshiba Online Product
Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain]
%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.exe
O4 - HKLM\..\Run: [HSON]
%ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program
Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin
\VERSIO~2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET
Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program
Files\Toshiba
TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program
Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe
C:\Users\Luis\AppData\Local\Temp\mlJCRiGY.dll,#1
O4 - HKCU\..\Run: [5efd4ceb] rundll32.exe
"C:\Users\Luis\AppData\Local\Temp\evgltusg.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe
C:\Users\Luis\AppData\Local\Temp\ssqolJYO.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM5dce7f77] Rundll32.exe
"C:\Users\Luis\AppData\Local\Temp\qgaovdhc.dll",s
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht
ml
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.ht
ml
O8 - Extra context menu item: Convert selection to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-
91F7C3600AFA} - http://www.webtip.ch/cgi-
bin/toshiba/tracker_url2.pl?PT (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-
A83D-ACC663939424} - C:\Program
Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-
4E36-B562-5C1519E434CE} -
http://www.amazon.co.uk/exec/obidos...
tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-
A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration - {DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program
files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{10781778-
4BB1-4629-BEEA-FEE5A4085934}: NameServer =
62.169.67.172 62.169.67.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{10781778-
4BB1-4629-BEEA-FEE5A4085934}: NameServer =
62.169.67.172 62.169.67.171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-
4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-
8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-
BBCA-00C04F8EC294} - C:\Program Files\Common
Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-
8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-
A672-00B0D022E945} -
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXM
LMF.DLL
O23 - Service: Adobe Version Cue CS3 - Unknown owner
- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe" -win32service
(file missing)
O23 - Service: Agere Modem Call Progress Audio
(AgereModemAudio) - Agere Systems -
C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies
Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA
CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101
(ehstart) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET -
C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program
Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision
Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1
(QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service
(SBSDWSCService) - Safer Networking Ltd. - C:\Program
Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-
7001 (seclogon) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Notebook Performance Tuning Service
(TempoMonitoringService) - Toshiba Europe GmbH -
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) -
TOSHIBA Corporation - C:\Program
Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service
(TODDSrv) - TOSHIBA Corporation -
C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA
Corporation - C:\Program Files\TOSHIBA\Power
Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown
owner - c:\Program Files\Toshiba\Bluetooth Toshiba
Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper)
- Ulead Systems, Inc. - C:\Program Files\Common
Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle
Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: @%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)

Sponsored Link

Ads by Google

toshiba flashcards toshiba flashcards toshiba flashcards	virtumonde adware.virtumonde.neo venturi2 client
See More

Not Slow, Just Lazy!

No internet and constant ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Win32/adware.virtumonde application

help with win32/adware.virtumonde

Summary

www.computing.net/answers/security/help-with-win32adwarevirtumonde/17113.html

Genetik trojan & Adware.Virtumonde

Summary

www.computing.net/answers/security/genetik-trojan-amp-adwarevirtumonde/21433.html

totally clueless, help me out

Summary

www.computing.net/answers/security/totally-clueless-help-me-out/23561.html

From the Geek Dictionary
Root ID - Root in IT terms generally refers to the top level directory of a file hier...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
After an XP reinstall, backup drives go RAW

Computer will not boot

Using wireless card

Monitor turnoff

disappearing Spider rummy

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE