AdWare.Win32.Virtumonde

startseite Gastbuch Kontakt
AdWare.Win32.Virtumonde
AdWare.Win32.Virtumonde

AdWare.Win32.Virtumonde




HijackThis

O2 - BHO: CIEPl Object - {83B14523-CBC9-447B-8B1E-2482DB2ABE73} - F:\WINDOWS\system32\dssoundi.dll
O20 - Winlogon Notify: dssoundi - F:\WINDOWS\SYSTEM32\dssoundi.dll
O20 - Winlogon Notify: hgbqeabl - hgbqeabl.dll (file missing)
O20 - Winlogon Notify: qnsyjqtv - qnsyjqtv.dll (file missing)
O20 - Winlogon Notify: rtxpdasn - rtxpdasn.dll (file missing)

datfindbat

Verzeichnis von F:\WINDOWS\system32
11.05.2006 15:01 19'043 ospcont.dat
28.04.2006 23:34 122'900 tudoiweu.dll
28.04.2006 21:15 167'956 __delete_on_reboot__qnsyjqtv.dll
28.04.2006 21:09 122'900 mdxkddiv.dll
28.04.2006 18:45 122'900 cregcowq.dll
28.04.2006 18:45 167'956 __delete_on_reboot__rtxpdasn.dll
27.04.2006 16:06 143 flvmc.tmp
26.04.2006 23:21 100 LuResult.txt
26.04.2006 21:00 15'271 xcbfhlja.dll
26.04.2006 21:00 2'640 dcnxpfba.dll
26.04.2006 19:27 0 filter.drv
26.04.2006 18:21 122'900 wbegxwai.dll
26.04.2006 18:21 167'956 __delete_on_reboot__hgbqeabl.dll
26.04.2006 18:21 688'148 dssoundi.dll
26.04.2006 18:20 1'038 dmxaoaaa.exe
26.04.2006 18:20 10'240 gpakaaaa.exe


F:\WINDOWS\system32\ospcont.dat
F:\WINDOWS\system32\tudoiweu.dll
F:\WINDOWS\system32\__delete_on_reboot__qnsyjqtv.dll
F:\WINDOWS\system32\mdxkddiv.dll
F:\WINDOWS\system32\cregcowq.dll
F:\WINDOWS\system32\__delete_on_reboot__rtxpdasn.dll
F:\WINDOWS\system32\flvmc.tmp
F:\WINDOWS\system32\LuResult.txt
F:\WINDOWS\system32\xcbfhlja.dll
F:\WINDOWS\system32\dcnxpfba.dll
F:\WINDOWS\system32\filter.drv
F:\WINDOWS\system32\wbegxwai.dll
F:\WINDOWS\system32\__delete_on_reboot__hgbqeabl.dll
F:\WINDOWS\system32\dssoundi.dll
F:\WINDOWS\system32\dmxaoaaa.exe
F:\WINDOWS\system32\gpakaaaa.exe


HijackThis

O2 - BHO: CIEPl Object - {83B14523-CBC9-447B-8B1E-2482DB2ABE73} - F:\WINDOWS\system32\dssoundi.dll
O20 - Winlogon Notify: dssoundi - F:\WINDOWS\SYSTEM32\dssoundi.dll
O20 - Winlogon Notify: hgbqeabl - hgbqeabl.dll
O20 - Winlogon Notify: qnsyjqtv - qnsyjqtv.dll
O20 - Winlogon Notify: rtxpdasn - rtxpdasn.dll

---------

dssoundi.dll

BitDefender 7.2 05.11.2006 Backdoor.Agent.GR
DrWeb 4.33 05.11.2006 Trojan.Virtumod
eTrust-InoculateIT 23.72.5 05.11.2006 no virus found
eTrust-Vet 12.4.2205 05.11.2006 Win32/Vundo
Ewido 3.5 05.11.2006 Adware.Virtumonde
Fortinet 2.76.0.0 05.11.2006 suspicious
F-Prot 3.16c 05.11.2006 no virus found
Kaspersky 4.0.2.24 05.11.2006 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 4760 05.11.2006 Vundo
Microsoft 1.1372 05.11.2006 no virus found
NOD32v2 1.1531 05.11.2006 no virus found
Norman 5.90.17 05.11.2006 no virus found
Panda 9.0.0.4 05.11.2006 Suspicious file
Sophos 4.05.0 05.11.2006 no virus found
Symantec 8.0 05.11.2006 Trojan.Vundo

dmxaoaaa.exe

no virus found

gpakaaaa.exe

CAT-QuickHeal 8.00 05.11.2006 TrojanDownloader.Murlo.dm
ClamAV devel-20060426 05.11.2006 no virus found
DrWeb 4.33 05.11.2006 BackDoor.Tink
eTrust-InoculateIT 23.72.5 05.11.2006 Win32/Fifibe.Variant!Trojan
eTrust-Vet 12.4.2205 05.11.2006 Win32/Fifibe!generic
Ewido 3.5 05.11.2006 Backdoor.Tink
Fortinet 2.76.0.0 05.11.2006 W32/Murlo.DM!tr.dldr
F-Prot 3.16c 05.11.2006 could be infected with an unknown virus
Kaspersky 4.0.2.24 05.11.2006 Trojan-Downloader.Win32.Murlo.dm
McAfee 4760 05.11.2006 no virus found
Microsoft 1.1372 05.11.2006 no virus found
NOD32v2 1.1531 05.11.2006 a variant of Win32/Small.BB



Onlinescan Kaspersky

F:\!KillBox\cregcowq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
F:\!KillBox\dssoundi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
F:\!KillBox\gpakaaaa.exe Infected: Trojan-Downloader.Win32.Murlo.dm skipped
F:\!KillBox\mdxkddiv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
F:\!KillBox\tudoiweu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
F:\!KillBox\wbegxwai.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
F:\!KillBox\__delete_on_reboot__hgbqeabl.dll Infected: Trojan-Proxy.Win32.Agent.jz skipped
F:\!KillBox\__delete_on_reboot__qnsyjqtv.dll Infected: Trojan-Proxy.Win32.Agent.jz skipped
F:\!KillBox\__delete_on_reboot__rtxpdasn.dll Infected: Trojan-Proxy.Win32.Agent.jz skipped



anderer PC

HijackThis

O2 - BHO: (no name) - {3DC5F4AE-35CB-4AF1-A4D2-9B1712F66F31} - C:\WINDOWS\System32\dugxmwfd.dll
O2 - BHO: CIEPl Object - {83B14523-CBC9-447B-8B1E-2482DB2ABE73} - C:\WINDOWS\system32\fdconfig.dll
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - C:\WINDOWS\System32\mljgf.dll
O20 - Winlogon Notify: fdconfig - C:\WINDOWS\SYSTEM32\fdconfig.dll
O20 - Winlogon Notify: mljgf - C:\WINDOWS\SYSTEM32\mljgf.dll
O20 - Winlogon Notify: ovxejfcb - ovxejfcb.dll


Ewido

C:\WINDOWS\system32\ovxejfcb.dll
C:\WINDOWS\system32\fdconfig.dll -> Adware.Virtumonde
C:\WINDOWS\system32\mljgf.dll -> Adware.Virtumonde
C:\WINDOWS\system32\ovxejfcb.dll -> Proxy.Agent.jz
C:\WINDOWS\system32\Service.exe -> Proxy.800
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.abh
C:\WINDOWS\Temp\1.tmp -> Proxy.Agent.jz

Virtumonde : C:\WINDOWS\system32\fdconfig.dll
Virtumonde : HKCR\CLSID\{83B14523-CBC9-447B-8B1E-2482DB2ABE73}
Virtumonde : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B14523-CBC9-447B-8B1E-2482DB2ABE73}


HijackThis

O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\pmkji.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINNT\system32\nnnll.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINNT\system32\vtsqr.dll
O20 - Winlogon Notify: nnnll - C:\WINNT\SYSTEM32\nnnll.dll
O20 - Winlogon Notify: vtsqr - C:\WINNT\system32\vtsqr.dll

VundoFix.exe http://virus-protect.org/artikel/tools/vundofixx.html



Valid HTML 4.01 Ranking-Hits