Software > Computer viruses and spyware
Spybot Detects Virtumonde - Both Spybot and Malware Can't Delete It
stumpitron:
I've posted the SAS, MBAM, HJT and VirtumondeBeGone logs. The first two and the last one all indicate that the virus doesn't exist, but Spybot still says it exists (SBI $75457FE7) Library. C:\Windows\System32\rpcnet.dll. Is Spybot infected/lying? (I don't know how to post Spybot logs).
- Stump
[attachment deleted by admin]
harry 48:
i have tried twice to open hjt and it will not download
go to below read and use
http://www.computerhope.com/forum/index.php/topic,81761.0.html
stumpitron:
Computer Hope HijackThis log overview (created Tuesday Jun 23, 12:51:26 PM MST):
Unique found: 84 - Unknown: 1 - Total: 85
Processes / services not required: 79 (that are not hardware / security: 33) - Potential threats: 5
OS: Windows Vista SP1 (winnt 6.00.1905) - Directory: \windows\ - Detected Antivirus: McAfee - Detected Firewall: McAfee
>> Skip to cleaning steps
Path Process Description Type Required? Threat?
[o23 - service: remote procedure call (rpc) net (rpcnet) - absolute software corp. - c:\windows\system32\rpcnet.exe] rpcnet.exe Although unknown rpcnet.exe is suspicious since many legitimate unknown files do not run from the Windows path. Click here to open Google search for this file. Unknown
Yes
Maybe
[o18 - filter: x-sdch - {b1759355-3eec-4c1e-b0f1-b719fe26e377} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll] HijackThis Detected potential protocol hijack (filter: x-sdch - {b1759355-3eec-4c1e-b0f1-b719fe26e377} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll). Unless you recognize or want this change we suggest it be fixed. Unknown
Yes
Maybe
[r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = ] HijackThis Blank Internet Explorer value for linksfoldername. Unknown
Yes
Maybe
[r0 - hklm\software\microsoft\internet explorer\search,customizesearch = ] HijackThis Blank Internet Explorer value for customizesearch. Unknown
Yes
Maybe
[r0 - hklm\software\microsoft\internet explorer\search,searchassistant = ] HijackThis Blank Internet Explorer value for searchassistant. Unknown
Yes
Maybe
[c:\windows\system32\taskeng.exe] taskeng.exe Microsoft Windows Task Scheduler file. Application
Safe
No
[c:\windows\system32\dwm.exe] dwm.exe Microsoft Windows Desktop Window Manager file. Application
Safe
No
[c:\windows\explorer.exe] explorer.exe Microsoft Windows Explorer file. Windows
Yes
No
[c:\program files\dell\delldock\delldock.exe] delldock.exe Dell DellDock docking station utility file. Application
Safe
No
[c:\program files\mcafee.com\agent\mcagent.exe] mcagent.exe McAfee Internet security file. Security
No
No
[c:\program files\windows defender\msascui.exe] msascui.exe Microsoft Windows Defender file. Security
No
No
[c:\program files\delltpad\apoint.exe] apoint.exe Alps Electric touchpad driver file. Hardware
No
No
[c:\windows\oem02mon.exe] oem02mon.exe Creative Live! cam console launcher file. Hardware
No
No
[c:\windows\system32\rundll32.exe] rundll32.exe Microsoft Windows process that handles handling.dll files that should be located in the C:\Windows\System32 directory. Windows
Yes
No
[c:\program files\intel\intel matrix storage manager\iaanotif.exe] iaanotif.exe Intel Application Accelerator service. Replaces the pre-installed ATA drivers with Windows with optimized drivers. Hardware
No
No
[c:\windows\system32\wltray.exe] wltray.exe Dell wireless lan card driver file. Hardware
No
No
[c:\program files\google\google desktop search\googledesktop.exe] googledesktop.exe Google Desktop file. ApplicationNetwork
Safe
No
[c:\program files\dell\mediadirect\pcmservice.exe] pcmservice.exe Dell Multimedia Experience applicatino file. Application
Safe
No
[c:\program files\dell datasafe online\datasafeonline.exe] datasafeonline.exe Dell online storage service file. ApplicationNetwork
Safe
No
[c:\program files\fingerprint reader suite\psqltray.exe] psqltray.exe UPEK Protector Suite systray file. Application
Safe
No
[c:\program files\dell support center\bin\sprtcmd.exe] sprtcmd.exe Dell support agent process. Also an agent file used with many different ISP software packages. Application
Safe
No
[c:\program files\western digital\wd drive manager\wdbtnmgrui.exe] wdbtnmgrui.exe Western Digital driver manager file. Application
Safe
No
[c:\program files\java\jre6\bin\jusched.exe] jusched.exe Sun Microsystems Java Update scheduler file. ApplicationNetwork
Safe
No
[c:\program files\itunes\ituneshelper.exe] ituneshelper.exe Apple iTunes helper file. ApplicationNetwork
Safe
No
[c:\program files\daemon tools lite\daemon.exe] daemon.exe Daemon Tools CD/DVD and virtual disc drive file. Application
Safe
No
[c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe] googletoolbarnotifie... Google toolbar file. ApplicationNetwork
Safe
No
[c:\users\scott\appdata\local\google\update\googleupdate.exe] googleupdate.exe Google Toolbar update file. ApplicationNetwork
Safe
No
[c:\program files\widcomm\bluetooth software\bttray.exe] bttray.exe Widcomm Bluetooth systray file. Hardware
No
No
[c:\program files\dell\quickset\quickset.exe] quickset.exe Dell power management file. Hardware
No
No
[c:\program files\delltpad\apmsgfwd.exe] apmsgfwd.exe Alps touchpad driver file. Hardware
No
No
[c:\program files\delltpad\hidfind.exe] hidfind.exe Alps pointing device driver file. Hardware
No
No
[c:\program files\delltpad\apntex.exe] apntex.exe Alps Electric touchpad driver file. Hardware
No
No
[c:\program files\spybot - search & destroy\spybotsd.exe] spybotsd.exe Spybot Search and Destroy (S&D) spyware application file. Security
No
No
[c:\windows\system32\wbem\unsecapp.exe] unsecapp.exe Microsoft Windows Windows Management Instrumentation (WMI) asynchronous callback file. Application
Yes
No
[c:\program files\widcomm\bluetooth software\btstackserver.exe] btstackserver.exe Bluetooth server file. Hardware
No
No
[c:\windows\system32\wscript.exe] wscript.exe Microsoft Windows file that should be located in the C:\Windows\System32 directory. Windows
Yes
No
[c:\windows\system32\wuauclt.exe] wuauclt.exe Microsoft Windows update process that should be located in the C:\Windows\System32 directory. ApplicationNetworkWindows
Yes
No
[c:\program files\trend micro\hijackthis\sniper.exe.exe] sniper.exe.exe Unknown - However, it appears as if this could be the Hijackthis tool renamed. Application
Safe
No
[o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll] acroiehelpershim.dll Adobe Acrobat reader Internet Explorer helper DLL file. DLL
Safe
No
[o2 - bho: mcafee phishing filter - {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\mskapbho.dll] mskapbho.dll McAfee phishing filter Browser Helper Object (BHO) DLL file. DLLSecurity
No
No
[o2 - bho: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\viruss~1\scriptsn.dll] scriptsn.dll McAfee Browser Help Object (Browser Helper Object (BHO)) which provides additional security in your Internet browser DLL file. DLLSecurity
No
No
[o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll] googletoolbar.dll Google Toolbar Browser Helper Object (BHO) DLL file. DLL
Safe
No
[o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll] swg.dll Google Toolbar browser help module.dll. DLL
Safe
No
[o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll] fastsearch_A8904FB86... Google fast search DLL file. DLL
Safe
No
[o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\bae.dll] bae.dll Browser help module.dll that is used to redirect you to a different page if you encounter a 404 error in an Internet browser. DLL
Safe
No
[o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll] jp2ssv.dll Sun Java browser plugin DLL file. DLL
Safe
No
[o4 - hklm\..\run: [ecenter] c:\dell\e-center\eulalauncher.exe] eulalauncher.exe Dell e-center EULA launcher file. Application
Safe
No
[o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup] nvcpl.dll NVidia video card control panel DLL file. DLL
Safe
No
[o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit] nvmctray.dll Nvidia video card display driver DLL file. DLL
Safe
No
[o4 - hklm\..\run: [nvhotkey] rundll32.exe c:\windows\system32\nvhotkey.dll,start] nvhotkey.dll NVIDIA hotkey DLL file. DLL
Safe
No
[o4 - hklm\..\run: [updreg] c:\windows\updreg.exe] updreg.exe Creative register reminder file. Application
Safe
No
[o4 - hklm\..\run: [psqllauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup] launcher.exe Hewlett Packard, Toshiba and other OEM computers PCAngel system recovery process and Webshots. Application
Safe
No
[o4 - hklm\..\run: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"] dsca.exe Dell Support Center file. Application
Safe
No
[o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"] reader_sl.exe Adobe Acrobat Reader load time reduction file. Application
Safe
No
[o4 - hklm\..\run: [quicktime task] "c:\program files\quicktime\qttask.exe" -atboottime] qttask.exe Apple QuickTime systray file. Application
Safe
No
[o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')] sidebar.exe Microsoft Windows sidebar that should be located in the C:\Program Files\Windows Sidebar directory. If in another directory this process could be the Searchcentrix hijacker. Application
Safe
No
[o8 - extra context menu item: e&xport to microsoft excel - res://c:\program files\micros~3\office12\excel.exe/3000] excel.exe Microsoft Excel file. Application
Safe
No
[o9 - extra button: blog this - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll] writerbrowserextensi... Windows Live Browser Helper Object (BHO) DLL file. DLL
Safe
No
[o9 - extra button: send to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\micros~3\office12\onbttnie.dll] onbttnie.dll Microsoft Office Internet Explorer shortcut DLL file. DLL
Safe
No
[o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\program files\micros~3\office12\refiebar.dll] refiebar.dll Microsoft Office research assistant module DLL file. DLL
Safe
No
[o16 - dpf: {49312e18-aa92-4cc2-bb97-55dea7bcadd6} (wmi class) - http://support.dell.com/systemprofiler/sysproexe.cab] sysproexe.cab Dell online system scanner CAB file. Cab
Safe
No
[o20 - appinit_dlls: c:\program files\google\google~2\goec62~1.dll] goec62~1.dll Google desktop DLL file. DLL
Safe
No
[o20 - winlogon notify: !saswinlogon - c:\program files\superantispyware\saswinlo.dll] saswinlo.dll SUPERAntiSpyware DLL file. DLL
Safe
No
[o20 - winlogon notify: gotoassist - c:\program files\citrix\gotoassist\514\g2awinlogon.dll] g2awinlogon.dll Citrix GoToAssist Remote Assistance service DLL file. DLL
Safe
No
[o23 - service: andrea st filters service (aestfilters) - andrea electronics corporation - c:\windows\system32\aestsrv.exe] aestsrv.exe Andrea Electronics ST filters service file. Hardware
No
No
[o23 - service: apple mobile device - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe] applemobiledeviceser... Apple iTunes Mobile Device service file. Application
Safe
No
[o23 - service: bonjour service - apple inc. - c:\program files\bonjour\mdnsresponder.exe] mdnsresponder.exe Apple Bonjour for Windows file. ApplicationNetwork
Safe
No
[o23 - service: creative labs licensing service - creative labs - c:\program files\common files\creative labs shared\service\creativelicensing.exe] creativelicensing.ex... Creative Labs licencing service file. Application
Safe
No
[o23 - service: creative service for cdrom access - creative technology ltd - c:\windows\system32\ctsvccda.exe] ctsvccda.exe Creative disc drive process that should be located in the C:\Windows\System32 directory. Hardware
No
No
[o23 - service: dock login service (dockloginservice) - stardock corporation - c:\program files\dell\delldock\docklogin.exe] docklogin.exe Dell DellDock docking station utility file. Application
Safe
No
[o23 - service: gotoassist - citrix online, a division of citrix systems, inc. - c:\program files\citrix\gotoassist\514\g2aservice.exe] g2aservice.exe Citrix GoToAssist Remote Assistance service file. ApplicationNetwork
Safe
No
[o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe] googleupdaterservice... Google Pack updater file. ApplicationNetwork
Safe
No
[o23 - service: intel(r) matrix storage event monitor (iaantmon) - intel corporation - c:\program files\intel\intel matrix storage manager\iaantmon.exe] iaantmon.exe Intel ATA application accelerator file. Hardware
No
No
[o23 - service: ipod service - apple inc. - c:\program files\ipod\bin\ipodservice.exe] iPodService.exe Apple iTunes iPod service monitor file. ApplicationNetwork
Safe
No
[o23 - service: mcafee services (mcmscsvc) - mcafee, inc. - c:\program files\mcafee\msc\mcmscsvc.exe] mcmscsvc.exe McAfee security center file. Security
No
No
[o23 - service: mcafee network agent (mcnasvc) - mcafee, inc. - c:\program files\common~1\mcafee\mna\mcnasvc.exe] mcnasvc.exe McAfee Security file. Security
No
No
[o23 - service: mcafee scanner (mcods) - mcafee, inc. - c:\program files\mcafee\viruss~1\mcods.exe] mcods.exe McAfee VirusScan file. Security
No
No
[o23 - service: mcafee proxy service (mcproxy) - mcafee, inc. - c:\program files\common~1\mcafee\mcproxy\mcproxy.exe] mcproxy.exe McAfee proxy file. NetworkSecurity
No
No
[o23 - service: mcafee real-time scanner (mcshield) - mcafee, inc. - c:\program files\mcafee\viruss~1\mcshield.exe] mcshield.exe McAfee Internet security file. Security
No
No
[o23 - service: mcafee systemguards (mcsysmon) - mcafee, inc. - c:\program files\mcafee\viruss~1\mcsysmon.exe] mcsysmon.exe McAfee VirusScan API file. Security
No
No
[o23 - service: mcafee personal firewall service (mpfservice) - mcafee, inc. - c:\program files\mcafee\mpf\mpfsrv.exe] mpfsrv.exe McAfee personal firewall service file. NetworkSecurity
No
No
[o23 - service: mcafee anti-spam service (msk80service) - mcafee, inc. - c:\program files\mcafee\msk\msksrver.exe] msksrver.exe McAfee SpamKiller file. Application
Safe
No
[o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvvsvc.exe] nvvsvc.exe NVIDIA video card service file. Hardware
No
No
[o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe] sprtsvc.exe Dell Support Center service file. Application
Safe
No
[o23 - service: sigmatel audio service (stacsv) - idt, inc. - c:\windows\system32\stacsv.exe] stacsv.exe StigmaTel sound card audio service file. Hardware
No
No
[o23 - service: steam client service - valve corporation - c:\program files\common files\steam\steamservice.exe] steamservice.exe Valve Steam service file. ApplicationNetwork
Safe
No
[o23 - service: stllssvr - microvision development, inc. - c:\program files\common files\surething shared\stllssvr.exe] stllssvr.exe MacroVision SureThing CD Labeler file. Application
Safe
No
[o23 - service: wd drive manager service (wdbtnmgrsvc.exe) - wdc - c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe] wdbtnmgrsvc.exe Western Digital external drive manager service file. Hardware
No
No
[o23 - service: dell wireless wlan tray service (wltrysvc) - unknown owner - c:\windows\system32\wltrysvc.exe] wltrysvc.exe Dell wirless LAN service file. HardwareNetwork
No
No
[o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')] oobefldr.dll Microsoft Windows Welcome Center DLL file. DLL
Safe
No
- Hope this helps. I just pasted my log into the website you gave me. Stump
harry 48:
ok stumpitron , thats as far as i can take you , the experts have not signed in yet , and they will take a look ,
i will keep a look here to see what they say , all the best , harry
Navigation
[0] Message Index
[*] Previous page
Go to full version