Virtumonde!

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

As I said earlier J. don't worry, I always love to make double check . Now please follow next steps:

1. Uninstall AVG AntiVirus through Control Panel/Add or Remove Programs 

2. Download, Install & Update Kaspersky AntiVirus (Trial version): https://kaspersky-uk.esd.arvato-systems.de/arvato/downloadDemo.do?product=21640044

3. Start again your PC in Safe Mode

4. Run Full Scan with Kaspersky AV

5. After all please provide us new HJT & Kaspersky logs

I'll wait your next reply,

S.

[jdykstra]

I deleted AVG, but when I try to install Kapersky it keeps telling me AVG is still installed.

[Samker]

Please check again Control Panel / Add & Remove Programs to see is there some traces of some other AVG services (which also need to uninstall)??

If you don't find anything please provide me new HJT log. After that I'll give you instruction to manualy delete AVG traces (but that is in some time risky job).

[jdykstra]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:12 PM, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
~~
--
End of file - 9155 bytes

[Samker]

It's look like there isn't anything from AVG.

Before downloading Kaspersky AV let we try something else:

   1.   Please print these instructions as they will be needed later when Internet access is not available.

   2. Save these instructions in word or notepad to the desktop where they can be easily found.

   3. Download Vundo Fix and save it to your desktop: http://www.atribune.org/ccount/click.php?id=4

   4. When it has completed downloading, double-click VundoFix.exe to run it.

   5. Click the Scan for Vundo button.

   6. Once it's done scanning, click the Remove Vundo button.

   7. You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.

   8. When completed, it will prompt that it will shutdown your computer, click the OK button.

   9. When the computer has shutdown, turn your computer back on.

 
Now try to install Kaspersky AV and follow my earlier instruction, if you are still having a problem then please perform the following steps:

Note: This step should only be used if the instructions in the previous steps did not help.


   1. Download VirtumundoBegone and save it to your desktop: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

   2. Now reboot into Safe Mode.

         1. This can be done tapping the F8 key as soon as you start your computer

         2. You will be brought to a menu where you can choose to boot into safe mode.

         3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.

         4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,

   3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

   4. Exit when it has finished, and reboot back to normal mode.


Now try again to install and run scan with Kaspersky AV... finaly in any case please provide me new HJT and Kaspersky Online Scan logs.

Regards,

S.

[jdykstra]

I tried Vundo Fix, it found nothing. I tried installing Kapersky again, but it said AVG 8 was still present. So I downloaded VirtumondoBeGone and restarted in safemode. It said it would restart if Vundo was found, and it did. So I go back into safemode and try Virtumonde again, and it provided me with a log and did not restart. So I try to install Kapersky, but it says 'administrator has set policies to not allow this type of software to be installed' or something similar. So I restart and go into normal mode and install Kapersky, but it said, once again, that AVG 8 was present.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:37 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
~
--
End of file - 9161 bytes

[Samker]

Hi again J.

You see, this is very hard infection but We will kick ass to this craps.

Please follow next instruction:

1. Run HJT, check this items and "fix" them (before that close all other programs):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Atomic Email Hunter - {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} - C:\Program Files\AtomPark\Atomic Email Hunter\ie.htm (file missing) (HKCU)
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://kungfuchess.com/activex/web665.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

After that restart your PC in to Safe Mode, run HJT and fix only this:

O20 - AppInit_DLLs: gaynbi.dll rcywjf.dll zauhck.dll cqjmkp.dll mqkgxu.dll hwyvps.dll

2. Uninstall Java through Control Panel/Add-Remove Programs, after that download and install latest version: http://www.java.com/en/download/windows_xpi.jsp?locale=en&host=www.java.com:80

3. Download, install, update & run full scan with latest version of AVG Antivirus: http://www.avg.com/filedir/inst/avg_free_stf_en_8_176a1400.exe

4. Uninstall again AVG and try to install again Kaspersky. If you success this time update them and run full scan.

5. Update your Spybot Search and Destroy and run also full scan.

6. After you finish all this, in any case provide me new logs: HJT and don't forget Kaspersky Online Scan log


That's all for now my friend, I'll wait your reply.

Regards,

Samker

[jdykstra]

sorry, I've been out of town for a bit (snowboarding ) anyway, I wanted to provide a fresh HJT before I do this, and tell me if there's anything else I need to 'fix'.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:41 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

[Samker]

Snowboarding!

If you want, provide us some photos in Chit Chat Caffe.

Hope, soon we will also have some "bigger" snow in BiH.


Related to logs, this Weekend I was have more time to investigate "your case".

As I think, this is our main problem and this "hook" start all malware in your PC:

O20 - AppInit_DLLs: gaynbi.dll rcywjf.dll zauhck.dll cqjmkp.dll mqkgxu.dll ogoyxw.dll pgqlhq.dll ibywlh.dll poscyv.dll jhwtjb.dll lopunr.dll xefduu.dll bmvsjq.dll

Because of that We will make small changes in instruction:

This is very dangerous (re)move and you will need to follow my instruction exactly as I write.

1. Download, install, update & run full scan with Malwarebytes' Anti-Malware: http://scforum.info/index.php/topic,2201.0.html

2. Uninstall Java through Control Panel/Add-Remove Programs, after that download and install latest version: http://www.java.com/en/download/windows_xpi.jsp?locale=en&host=www.java.com:80

3. Restart your PC in to Safe Mode, run HJT and fix only this item:

O20 - AppInit_DLLs: gaynbi.dll rcywjf.dll zauhck.dll cqjmkp.dll mqkgxu.dll ogoyxw.dll pgqlhq.dll ibywlh.dll poscyv.dll jhwtjb.dll lopunr.dll xefduu.dll bmvsjq.dll

4. Download, install, update & run full scan with latest version of AVG Antivirus: http://www.avg.com/filedir/inst/avg_free_stf_en_8_176a1400.exe

4. Uninstall again AVG and try to install again Kaspersky. If you success this time update them and run full scan.

5. Update your Spybot Search and Destroy and run also full scan.

6. After you finish all this, in any case provide me new logs: HJT and don't forget Kaspersky Online Scan log


That's all for now. .

Regards,

Samker

[jdykstra]

Hey Samker. I was thinking of just reformatting my computer instead of trying to fix the virus. There's so much crap on my computer, it's overwhelming. I don't feel like organizing it, and I'm pretty OCD about my hard drive. You've been a great help, man. I'm definitely going to stay as a part of scforum. When I do reformat my computer, what security should I install? I want a really clean computer!