Tech Support Forum - View Single Post

sUBs · 08-07-2007, 12:29 PM

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

ViewPoint

Please note any other programs that you dont recognize in that list in your next response

---------------

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {C876B39E-F984-425D-AD71-97478E601777} - C:\WINDOWS\system32\pmkji.dll (file missing)
O4 - HKLM\..\Run: [lprgmuwA] C:\WINDOWS\lprgmuwA.exe

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/172662-problems-trojan-win32-virtumonde-0-a.html#post1019259
Collect::
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{E16923C3-DBD2-4CC7-8E4D-355D5B3D3F22}.exe
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{D87073CC-BF85-4236-BA96-C2DF15A91CCD}.exe
C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{54A121BA-E7F5-48DD-822A-5C3A3669503C}.exe
File::
C:\WINDOWS\SYSTEM32\qvvkojjr.dll
C:\WINDOWS\lprgmuwA.exe
Folder::
C:\Program Files\Viewpoint
C:\Program Files\Common Files\Viewpoint
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C876B39E-F984-425D-AD71-97478E601777}]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Save this as "CFScript"

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.

---------------

Click here perform an online scan >> Online Scanner

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

08-07-2007, 12:29 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,334 OS: N/A	Re: Problems with Trojan: Win32/Virtumonde.0 Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs: ViewPoint Please note any other programs that you dont recognize in that list in your next response --------------- Do a HijackThis scan & place a check next to these items and select "Fix checked": O2 - BHO: (no name) - {C876B39E-F984-425D-AD71-97478E601777} - C:\WINDOWS\system32\pmkji.dll (file missing) O4 - HKLM\..\Run: [lprgmuwA] C:\WINDOWS\lprgmuwA.exe --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/172662-problems-trojan-win32-virtumonde-0-a.html#post1019259 Collect:: C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{E16923C3-DBD2-4CC7-8E4D-355D5B3D3F22}.exe C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{D87073CC-BF85-4236-BA96-C2DF15A91CCD}.exe C:\WINDOWS\system32\NSIS.Library.RegTool.v2.{54A121BA-E7F5-48DD-822A-5C3A3669503C}.exe File:: C:\WINDOWS\SYSTEM32\qvvkojjr.dll C:\WINDOWS\lprgmuwA.exe Folder:: C:\Program Files\Viewpoint C:\Program Files\Common Files\Viewpoint C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C876B39E-F984-425D-AD71-97478E601777}] [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Save this as "CFScript" Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip Please submit this file to: http://www.bleepingcomputer.com/subm....php?channel=4 The file must be uploaded before proceeding to the next step. --------------- Click here perform an online scan >> Online Scanner --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?