Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: Win32/adware.virtumonde application

Original Message
Name: RBlackheart
Date: March 27, 2008 at 14:19:00 Pacific
Subject: Win32/adware.virtumonde application
OS: Windows Vista SP1
CPU/Ram: 3Ghz P4 / 1.5GB DDR
Comment:
I was online with MSN messenger when my cousin ( or who I thought was my cousin ) I.M'd me with a link. I clicked on it and then NOD32picked up this virus on my PC < win32/adware.virtumonde application >
I've searched the net and done nearly everything suggested ( Vundofix, hijackthis, safe mode, spybot S&D, Ad-Aware, NOD 32 and even tried manually deleting the DLL's. Nothing has worked. Please help me.

Report Offensive Message For Removal

Response Number 1
Name: Adii
Date: March 27, 2008 at 21:38:37 Pacific
Subject: Win32/adware.virtumonde application
Reply: (edit)
Hi,
If you are looking random DLL files then its VirtuMonde.
Post your Hijackthis Log for Analsys!

Report Offensive Follow Up For Removal

Response Number 2
Name: raindogs
Date: May 1, 2008 at 16:01:27 Pacific
Subject: Win32/adware.virtumonde application
Reply: (edit)
Logfile of HijackThis v1.99.1
Scan saved at 23:56:33, on 01-05-2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product
Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat
8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba
TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kanguru\Kanguru.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\System32\WScript.exe
C:\Users\Luis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.google.pt
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.google.pt
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-
2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-
30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program
Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-
B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do
Windows Live - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -
{AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-
9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program
Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program
Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program
Files\TOSHIBA\Toshiba Online Product
Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain]
%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON]
%ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program
Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin
\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET
Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program
Files\Toshiba
TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program
Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe
C:\Users\Luis\AppData\Local\Temp\mlJCRiGY.dll,#1
O4 - HKCU\..\Run: [5efd4ceb] rundll32.exe
"C:\Users\Luis\AppData\Local\Temp\evgltusg.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe
C:\Users\Luis\AppData\Local\Temp\ssqolJYO.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM5dce7f77] Rundll32.exe
"C:\Users\Luis\AppData\Local\Temp\qgaovdhc.dll",s
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to
Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht
ml
O8 - Extra context menu item: Convert selected links to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.ht
ml
O8 - Extra context menu item: Convert selection to Adobe
PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to
existing PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-
91F7C3600AFA} - http://www.webtip.ch/cgi-
bin/toshiba/tracker_url2.pl?PT (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-
A83D-ACC663939424} - C:\Program
Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-
4E36-B562-5C1519E434CE} -
http://www.amazon.co.uk/exec/obidos...
tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-
A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy
Configuration - {DFB852A3-47F8-48C4-A200-
58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program
files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{10781778-
4BB1-4629-BEEA-FEE5A4085934}: NameServer =
62.169.67.172 62.169.67.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{10781778-
4BB1-4629-BEEA-FEE5A4085934}: NameServer =
62.169.67.172 62.169.67.171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-
4636-A375-3CB6248B04CD} - C:\Program
Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-
8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-
BBCA-00C04F8EC294} - C:\Program Files\Common
Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-
8E305202313F} -
C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-
A672-00B0D022E945} -
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXM
LMF.DLL
O23 - Service: Adobe Version Cue CS3 - Unknown owner
- C:\Program Files\Common Files\Adobe\Adobe Version
Cue CS3\Server\bin\VersionCueCS3.exe" -win32service
(file missing)
O23 - Service: Agere Modem Call Progress Audio
(AgereModemAudio) - Agere Systems -
C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies
Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA
CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101
(ehstart) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET -
C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program
Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision
Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1
(QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service
(SBSDWSCService) - Safer Networking Ltd. - C:\Program
Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-
7001 (seclogon) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Notebook Performance Tuning Service
(TempoMonitoringService) - Toshiba Europe GmbH -
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) -
TOSHIBA Corporation - C:\Program
Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service
(TODDSrv) - TOSHIBA Corporation -
C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA
Corporation - C:\Program Files\TOSHIBA\Power
Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown
owner - c:\Program Files\Toshiba\Bluetooth Toshiba
Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper)
- Ulead Systems, Inc. - C:\Program Files\Common
Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle
Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: @%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)



Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Win32/adware.virtumonde application

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC